PYEXPAT.PYD Malware

Does anyone know more about PYEXPAT.PYD.

PrevX1 found this file in subdirectory lib of ZoneAlarm.
First seen: Jun 28 2006 (GMT)
Minimal Spread.

After PrevX removed the file vsmon never stopped to restart and terminate itself that was caused by zlclient.exe. I terminated zone alarm and uninstalled it because of this annoyance.

But what is PYEXPAT.PYD?

 

What did you learn from google etc about ?


StevieO

 

Google finds nothing special, except PrevX info, which is very small.

 

the file PYEXPAT.PYD. seems to be a python file. http://aspn.activestate.com/ASPN/Mail/Message/xml-sig/610581

 

fixed now

 

Yes this is the only info you can get from using google. I knew that it is a python file, but what is malware in this file?

Beside Wikipedia tells about Python: a programming language created in netherlands early 90s, the name was copied from the british comic crew Monty Python.

Normally if one didn´t know that one would bet that the name was taken from the python snake.

 

It was a false positive that, as Eraser mentioned, is fixed now. If it's still anywhere in the Jail tab, just double click it to release it.

Feel free to write in to support if you ever have a question about a file Prevx1 has detected and someone should be able to give you an official answer fairly quickly

 

I thought too that it was a false positive, because vsmon stopped working.

Ah okay I didn´t know that "fixed now" was related to Prevx.

Beside if you are from PrevX team, check spybro.exe, it seems to be a legit. product from spain.

ICBMFT.OCM is also a false positive it is a legit. app from AOL. Just for info.

Seems that PrevX is still a bit too overreactive. Is it still in Beta Phase?