jgaw400.dll False Positive

[cokendonuts]

Malwarebytes' Anti-Malware 1.43

Database version: 3474

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

1/1/2010 11:12:41 PM

mbam-log-2010-01-01 (23-12-35).txt

Scan type: Quick Scan

Objects scanned: 113954

Time elapsed: 3 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\jgaw400.dll (Trojan.Hiloti) -> No action taken. [1FE71329384812F9A8B9A556D1833B51]

jgaw400.zip

[nosirrah]

Let me know if this is fixed .

[choicefresh]

He beat me to it

I had just registered and went back to the forum to create a topic, when I saw this

mbam_log_2010_01_01__19_51_26_.txt

jgaw400.zip

[Beatrix]

I just deleted this from my system. If it is a false positive, have I deleted something I need in my system?

[Beatrix]

Never mind. I was able to restore it from my quarantine. I should have researched it before doing anything anyway.

(I apologize for the double post. I could not see any way to edit my first post.)

[JonPaulOnLine]

May I tell my friends that this was a FP

and was resolved thru a new update?

.............["Trojan.Hiloti"]

[cokendonuts]

Let me know if this is fixed .

Fixed in 3481. Thanks for quick reply.

mbam_log_2010_01_02__14_20_13_.txt

[Jormungandr]

I deleted it from my quarantine. What program, etc was it for? If it was important, how do I restore it?

[frontjack]

I deleted it from my quarantine. What program, etc was it for? If it was important, how do I restore it?

download it from dll - files site or link above and put it in your system folder,thats what i did,i think it was related to an audio programe

i think ive done the right thing,would be grateful if anyone on here could tell me if ive done it right,cheers!!

[nosirrah]

There is only one version of this file that could have been hit and it was uploaded in the first post of this thread . Since there was no registry entry pointing to this all that needs to be done is to place the file back into system32 .

[Jormungandr]

When I googled it, most of the references I found stated it either dealt with audio, which program was never specified, or AOL .art files. Apparently, AOL bought the company, Johnson-Grace, that designed the .dll. However, when I chatted with AOL support, they stated it wasn't part of my AOL 9.1 software.

Which link was I supposed to get it?

[nosirrah]

In all of the logs all that is detected is the file , no registry component and no memory component . This means that this file is used on demand only so fixing the issue only involves moving it back home by either restoring it from quarantine or downloading a copy from the first post in this thread .

[Jormungandr]

In all of the logs all that is detected is the file , no registry component and no memory component . This means that this file is used on demand only so fixing the issue only involves moving it back home by either restoring it from quarantine or downloading a copy from the first post in this thread .

I apologize for being paranoid, but has the zip file been checked to ensure it is the genuine file? I've noticed, no offense to Cokeanddonuts, is fairly new.

FYI, from what I can gather from messing with AOL, it seems to be related to AOL Radio. All other sounds seem to functions, but AOL Radio won't connect.

[exile360]

You can uninstall and reinstall the AOL software and that should put the file back for you and you'll know it's from the original source (AOL) .

[jdevola]

Fixed in 3481. Thanks for quick reply.

I just updated to 3808, and MBAM still found this *.dll file. (not fixed)

[nosirrah]

Unless you zip and attach the file or provide a developers log there is nothing I can do as the file attached to this post is no longer detected .

[SpeedDragon]

Unless you zip and attach the file or provide a developers log there is nothing I can do as the file attached to this post is no longer detected .

Here you go:

Malwarebytes' Anti-Malware 1.44

Database version: 3915

Files Infected:

C:\WINDOWS\SYSTEM\JGAW400.DLL (Trojan.Hiloti) -> Not selected for removal.

JGAW400.zip

[Jormungandr]

Here you go:

Malwarebytes' Anti-Malware 1.44

Database version: 3915

Files Infected:

C:\WINDOWS\SYSTEM\JGAW400.DLL (Trojan.Hiloti) -> Not selected for removal.

OK, I reformatted my computer earlier this month. I decided after seeing this new post to do a search for it. Except for references of it in a JS script file, Windows/inf , Windows/I386, in a service packfile/i386, a service pack cache file and a service pack uninstall file (lay out files) and Windows/repair (setup file), all of which are 2-4 years old, I find no trace of it on my drive or in its previous location. Previously, I had AOL 9.1 installed, but after I reformatted, I install AOL 9.5. If it was related to AOL, it's not currently in use.

[nosirrah]

This should have been fixed , let me know if it has not .