Twister AV.

Discussion in 'other anti-virus software' started by Badcompany, Jul 25, 2008.

Thread Status:
Not open for further replies.
  1. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    752
    Location:
    RUNCORN UK.
    Hello Forum,
    Today Twister classified this as a Trojan ( KB8908 Trojan.Patched.bi.nuel.dll.) I think it could be a FB,But can't find any info on it.Does anyone have any info on this.
    Badcompany.
     
  2. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Would be more helpfull if you could post what file it detected ^^
     
  3. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    752
    Location:
    RUNCORN UK.
    Here is a screenshot :is this helpful.
    Badcompany.
     

    Attached Files:

  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    Can't you submit that file to Twister for examination Badcompany?

    virus -a-t- filseclab.com
     
  5. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Having user32.dll in the "My Documents" folder needs to be treated as suspicious unless you placed a known good MS user32.dll file there. Normal location as you may know is the System32 folder.
     
  6. Johnny123

    Johnny123 Registered Member

    Joined:
    May 4, 2006
    Posts:
    548
    Location:
    Bremen, Germany
    Check if you also have user32.dll in Windows\System32, which is where it should be. If you have one in System32, then this one in your My Documents directory could be a malware.

    BTW, Avast and GData had this file as an FP back in January, as you can see in this article at heise online.
     
  7. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    752
    Location:
    RUNCORN UK.
    Have sent the file to filseclab.Going to check in system32.
    Badcompany.
     
  8. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    752
    Location:
    RUNCORN UK.
    I have user32.dll in windows/system32.The screenshot is from the original scan.So I think it must be a FP.
    Badcompany.
     

    Attached Files:

  9. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
    I'm with Bubba on this one.

    I say submit it to Virustotal and get a better idea. Also, comparing the sizes of the files(b not kb) or MD5's are also a good idea. Since I don't know your localization I cannot for sure say the file size is wrong but it is not the same as mine(Eng. XP SP3)

    HTH
     
Loading...
Thread Status:
Not open for further replies.