Hyperscan identified a Spotify .dll file as trojan.malpack

[Mikeys]

So the hyperscan identified that .dll file as a trojan and quarantined it after a restart. Spotify stopped working saying that it couldnt find the file, so I thought it might be just a false positive, however when i try to restore the file MB says error: access denied, so i cannot restore it and upload it to virustotal. I think it might be a problem with spotify being installed through the god awful microsoft store and the folder being locked. Since i cannot confirm anything about the file i decided to do this post just to be certain about this. Has anyone else had problems with this.

Addition.txt

FRST.txt

scan.txt

[Scott2]

I just had two PCs come up with that same DLL libegl.dll except residing in the Google Chrome directory. I uploaded the file to VirusTotal which did not immediately detect it as a threat (latest scan was earlier today). I forced it to check again and the only one to say it is a virus is MalwareBytes. I believe this to be a false positive but I can't say for sure. TrendMicro also installed on the system does not detect it as one.

[weirdo]

I also got a notification from MB where it said that libegl.dll is a MalPack trojan. I wonder what's going on, because I didn't download anything from untrustworthy sources.

[Scott2]

2 minutes ago, weirdo said:

I also got a notification from MB where it said that libegl.dll is a MalPack trojan. I wonder what's going on, because I didn't download anything from untrustworthy sources.

Did it say where the file was located? I believe it shows in the quarantine tab.

[weirdo]

2 minutes ago, Scott2 said:

Did it say where the file was located? I believe it shows in the quarantine tab.

The file was located on the AppData/Roaming/Spotify folder.

[spaceman82]

I experienced the exact same issue just now when starting up my computer. MB detected libEGL.dll at AppData/Roaming/Spotify as a Trojan.Malpack and quarantined it. 

[Combray]

Me too

[pray4mojo]

We're also seeing this in our environment.  

[Narcostic]

Same here. libEGL.dll is automatically quarantined after opening spotify. Spotify works just fine without the file for me.

[Alexio]

Same here, is this some new virus?

[MoonJuice]

I too found this today. Hoping it's nothing and it's a false positive. 

Keeping it quarantined just in case.

[skoivan]

Experiencing the same thing. Posted it in the False Positives subforum to see if any useful information comes up. Hopefully someone from MB quickly confirms it as a FP.

 

 

[Scott2]

I opened a ticket with MB and sent them the file. Hopefully, they will reply soon. 

[stopthismadness]

I am experiencing the same thing too AppData/Roaming/Spotify/llibGEL.dll

[stopthismadness]

41 minutes ago, Narcostic said:

Same here. libEGL.dll is automatically quarantined after opening spotify. Spotify works just fine without the file for me.

Mine works fine too without that file.

[stopthismadness]

1 hour ago, weirdo said:

I also got a notification from MB where it said that libegl.dll is a MalPack trojan. I wonder what's going on, because I didn't download anything from untrustworthy sources.

My PC is newly set up. I haven't downloaded anything so far other than like Spotify and games I own. 

[thisisu]

It's a false positive that is being fixed now.

Sorry for the inconvenience

[Ape]

Got the same scan result. File was located in "\AppData\Roaming\Spotify".

Filename: libEGL.dll

Type of malware: Trojan.Malpack

Not sure if it's a FP (false positive), but let's hope so!

 

Oh and before i forget, is anyone elses MBAM opening up very slow? Before when opening from the taskbar, it was very quick, now it takes ages!

[Ape]

3 minutes ago, thisisu said:

It's a false positive that is being fixed now.

Sorry for the inconvenience

Thanks for the quick response! Do you happen to know why MBAM has been slow on opening lately? Is it something your team is aware of or working on fixing?

[spaceman82]

2 minutes ago, thisisu said:

It's a false positive that is being fixed now.

Sorry for the inconvenience

Great to hear it's just a False Positive. Thanks for letting us know, thisisu!

[Lollie]

5 minutes ago, thisisu said:

It's a false positive that is being fixed now.

Sorry for the inconvenience

Awesome thanks for update, my scan just horrified me with this also, figured that was off.

[TVD]

MeTwo yesterday !  But this time it was MB AdwCleaner 7.2.3 that said libegl.dll is a MalPack trojan ...
And in the Comodo Dragon Browser !  Didn't quarantine it as I suspected FP . ?

Trojan.MalPack, C:\PROGRAM FILES (X86)\COMODO\DRAGON\LIBEGL.DLL

[AdvancedSetup]

Since this issue is resolved the topic will now be closed to prevent others from posting here.

If you need assistance please start your own new topic and someone will be happy to assist you.

Thanks