winkrnme.dll

Discussion in 'Prevx Releases' started by SOG, Aug 3, 2009.

Thread Status:
Not open for further replies.
  1. SOG

    SOG Registered Member

    Joined:
    Mar 9, 2009
    Posts:
    33
    The auto scan is bringing up this threat:
    Prevx Scan Log - Version v3.0.1.65
    Log Generated: 3/8/2009 11:34, Type: 1,8192
    Windows XP Professional Service Pack 3 (Build 2600) 32bit|1033
    Some non-malicious files are not included in this log.
    Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1)
    Last Scan: Mon 2009-08-03 11:29:52 GMT Daylight Time. Number of Scans: 275. Last Scan Duration: 4 minutes 13 seconds.
    [BN] (ACTIVE) c:\windows\system32\winkrnme.dll [PX5: 7EC37D8E0022E906400C002FC87D3100A71E437F] Malware Group: Medium Risk Malware

    I can see WINKRMME.DLL in w\s32 (in caps) with a created date of 16.07.2005 - so scanned many times? I right clicked w\s32 and scanned from the context menu and it comes up clean:

    Prevx Scan Log - Version v3.0.1.65
    Log Generated: 3/8/2009 11:42, Type: 1,8192
    Windows XP Professional Service Pack 3 (Build 2600) 32bit|1033
    Some non-malicious files are not included in this log.
    Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1)
    Last Scan: Mon 2009-08-03 11:40:56 GMT Daylight Time. Number of Scans: 277. Last Scan Duration: 2 minutes 9 seconds.
    (ACTIVE) c:\program files\common files\pure networks shared\platform\avmanagerunified.dll [PX5: F988645A001940F86CFB54E2B39DC700FB9391A8]
    [UN] (ACTIVE) c:\windows\system32\winkrnme.dll [PX5: 7EC37D8E0022E906400C002FC87D3100A71E437F]

    Can you advise me on this apparent contradiction?
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Hello,
    I think you may have caught a file in between when it was changing its status. We've corrected winkrnme.dll as it was a false positive so both scans should now come up clean.

    Let me know if you find anything else :)
     
  3. SOG

    SOG Registered Member

    Joined:
    Mar 9, 2009
    Posts:
    33
    Many thanks for your help. I have now run a scan from the Prevx dashboard and it finds no bad files. I'm guessing that this is the same procedure as the auto scan that the program runs.
    However, as to the reason, I don't think it was because of a status change: this also happened a few days ago. I did some searching but wound up unsure because it looked like an old file that I thought must have been scanned many times and I wondered if the file name in upper and lower case was significant - I was going to post then but I got sidetracked and was not convinced about deleting.
     
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The file looks like a new version of an old file which has only been seen on a couple computers worldwide, possibly from the installation of an old program which dragged that DLL along.

    Upper/lowercase isn't significant on Windows but feel free to ask any questions! :)
     
Thread Status:
Not open for further replies.