Jump to content

CaptureWDM.dll; Maybe a False Positive


MAM

Recommended Posts

Hello, please check this.

Malwarebytes Anti-Malware 1.75.0.1100

www.malwarebytes.org

Database version: v2013.03.22.08

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Holger :: XXXXXXXXXXXXXXX [administrator]

22.03.2013 17:20:09

MBAM-log-2013-03-22 (18-31-44).txt

Scan type: Full scan (C:\|D:\|E:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 105218

Time elapsed: 57 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCR\CLSID\{6CA646FD-CE11-417D-9888-A56C6BAC342C} (Trojan.Passwords.LD) -> No action taken.

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|D:\PROGRAMME\GEMEINSAME DATEIEN\ARCSOFT\MPEG ENGINE\FILEDUMP.AX (Trojan.Passwords.LD) -> Data: 1 -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 9

D:\Programme\ArcSoft\MediaImpression\uCaptureWDM.dll (Trojan.Passwords.LD) -> No action taken.

D:\Programme\ArcSoft\MediaImpression\uDVRMSAttr.dll (Trojan.Passwords.LD) -> No action taken.

D:\Programme\ArcSoft\MediaImpression\uDVRMSSave.dll (Trojan.Passwords.LD) -> No action taken.

D:\Programme\Foxit Software\Foxit Reader\Foxit Updater.exe (Trojan.Passwords.LD) -> No action taken.

D:\Programme\Foxit Software\Foxit Reader\plugins\Speech.fpi (Trojan.Passwords.LD) -> No action taken.

D:\Programme\Foxit Software\Foxit Reader\plugins\Updater.fpi (Trojan.Passwords.LD) -> No action taken.

D:\Programme\Gemeinsame Dateien\ArcSoft\MPEG Engine\FileDump.ax (Trojan.Passwords.LD) -> No action taken.

D:\System Volume Information\_restore{E8F19AAE-DA58-486D-9326-54B4C9F88409}\RP538\A0451683.dll (Trojan.Passwords.LD) -> No action taken.

D:\System Volume Information\_restore{E8F19AAE-DA58-486D-9326-54B4C9F88409}\RP538\A0451690.exe (Trojan.Passwords.LD) -> No action taken.

(end)

MAM

Link to post
Share on other sites

I have very similar and the program says it is up to date. But I have Quarantined and deleted successfully.

C:\Program Files (x86)\ArcSoft\Print Creations\ArcSceneryDetect.dll (Trojan.Passwords.LD) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ArcSoft\Print Creations\uCaptureWDM.dll (Trojan.Passwords.LD) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ArcSoft\Print Creations\Controls\CalendarControl.dll (Trojan.Passwords.LD) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ArcSoft\Print Creations\modules\AlbumPage\Module_AlbumPage2.dll (Trojan.Passwords.LD) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ArcSoft\Print Creations\modules\Calendar\Calendar.dll (Trojan.Passwords.LD) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ArcSoft\Print Creations\modules\PhotoBook\Module_PhotoBook2.dll (Trojan.Passwords.LD) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ArcSoft\Print Creations\OPlugIn\Email\Email.dll (Trojan.Passwords.LD) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ArcSoft\WebCam Companion 2\uCaptureWDM.dll (Trojan.Passwords.LD) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Common Files\ArcSoft\MPEG Engine\FileDump.ax (Trojan.Passwords.LD) -> Quarantined and deleted successfully

Link to post
Share on other sites

Hello!

Found a quarantined file when starting my pc. :wacko:

( Resulting in this: 2013/03/25 14:17:54 +0100 ---> DETECTION C:\Program Files (x86)\Shield\schedule.dll Trojan.Passwords.LD QUARANTINE)

Found this page - read about false positive on this.

New search - databaseversjon: v2013.03.25.10 - after the quarantine - showed nothing.

How do I react?

Do I restore the file from quarantine? Or delete it? What would then happen to the program in the folder Shield?

Best regards K

Link to post
Share on other sites

Hello Rich!

I'm so happy! Tried yesterday to start the program - without restoring the quarantined file - did not work.

Now I have restored it - and the respons now from the program is it works normally!

:D Thank you ever so much for the reply/ advice!

Best regards K

- and happy Easter!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.