PYEXPAT.PYD Malware

Discussion in 'malware problems & news' started by SystemJunkie, Aug 28, 2006.

Thread Status:
Not open for further replies.
  1. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Does anyone know more about PYEXPAT.PYD.

    PrevX1 found this file in subdirectory lib of ZoneAlarm.
    First seen: Jun 28 2006 (GMT)
    Minimal Spread.

    After PrevX removed the file vsmon never stopped to restart and terminate itself that was caused by zlclient.exe. I terminated zone alarm and uninstalled it because of this annoyance.

    But what is PYEXPAT.PYD?
     
  2. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    What did you learn from google etc about ?


    StevieO
     
  3. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Google finds nothing special, except PrevX info, which is very small.
     
  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
  5. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    fixed now :)
     
  6. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Yes this is the only info you can get from using google. I knew that it is a python file, but what is malware in this file?

    Beside Wikipedia tells about Python: a programming language created in netherlands early 90s, the name was copied from the british comic crew Monty Python.

    Normally if one didn´t know that one would bet that the name was taken from the python snake.
     
  7. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    It was a false positive that, as Eraser mentioned, is fixed now. If it's still anywhere in the Jail tab, just double click it to release it.

    Feel free to write in to support if you ever have a question about a file Prevx1 has detected and someone should be able to give you an official answer fairly quickly :)
     
  8. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    I thought too that it was a false positive, because vsmon stopped working.

    Ah okay I didn´t know that "fixed now" was related to Prevx.

    Beside if you are from PrevX team, check spybro.exe, it seems to be a legit. product from spain.

    ICBMFT.OCM is also a false positive it is a legit. app from AOL. Just for info.

    Seems that PrevX is still a bit too overreactive. Is it still in Beta Phase?
     
Loading...
Thread Status:
Not open for further replies.