Jump to content

2 false positive


gerdrah
 Share

Recommended Posts

Are you guys absolutely sure encapi32.dll is safe? MBAM also picked it up for me on the ninth under suspicious circumstances. First off, there's a file called encapi32.dll and there's a file called encapi.dll; MBAM only picked up encapi32.dll . Second, most imitators have the number 32 at the end of their name. Finally, before MBAM caught encapi32.dll, I kept getting a suspicious dialogue on startup saying a program wanted to install something on my computer; the program claimed to be "Microsoft Windows installer" the fact that the letter "I" in "Installer" was lowercase was suspicious to me. Also, it claimed it wanted to install something involving something like HKEY_ROOT or HKEY_LOCAL and a bunch of random characters followed. Also, in the installer, I saw the words "REALLY SURPRESS" which was also suspicious. Also when I removed encapi32.dll, nothing bad seemed to happen as a result, meaning the file wasn't critical to my computer. I think encapi32.dll is malicious.

(P.S. What does a trojan.agent do?)

Link to post
Share on other sites

  • 1 year later...

Hello!

Updated as of June 19, 2010 Malwarebytes found a "trojan tracur" in "encapi32.dll.

What should I do ? Delete it or not?

Has there been anything new since Feb 12 2009?

Please answer soon. I haven't switched off my PC since yesterday morning, waiting in vain for a secure answer from various forums.

Many thanks in advance.

Zx81

Link to post
Share on other sites

  • 3 weeks later...
Check again now and let me know if this is fixed.

On June 22, I ran Malwarebytes and it flagged C:\WINDOWS\system32\ENCAPI32.DLL as being malicious. Here's the log:

Files Infected:

C:\sound32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ENCAPI32.DLL (Trojan.Tracur) -> Quarantined and deleted successfully.

I was then prompted to restart the computer, which I did. On re-boot, I got a message that catastrophic failure of my C: drive was imminent. Coincidence? Or could I have done something by deleting those files?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.