Dan 76049 Posted May 28, 2010 ID:258058 Share Posted May 28, 2010 After a recent Windows Update of XP Service Pack 3, Zerospyware identified the Windows System32 file of "comdlg32.dll" and "oledlg.dll" as having Trojan.FakeAV.KZB. The program on several attempts failed to remove it. After lots of hair pulling and googling, I fount MWB and used it.On the first MWB Quick Scan I found 4 Adware instances and removed them, log file shown below. Then after removal, did a full scan with MWB and it shows zero issues. Zerospyware still shows the Trojan.FakeAV.KZB and cites the two files named above. MWB does not. Norton AV 2010 is showing no problems. No problems with computer, although it boots quicker after the 4 adwares were removed by MWB.My question is this. Based on this whole story, does anyone thing the Zerospyware alert is real or is it most likely a false positive? Any help would be most appreciated.MWB Log file 1....Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4147Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187025/26/2010 10:27:43 PMmbam-log-2010-05-26 (22-27-43).txtScan type: Quick scanObjects scanned: 142320Time elapsed: 14 minute(s), 30 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 6Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227d9c-0efe-4f8a-aa55-30386a3f5686} (Adware.ISTBar) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6f7d-442c-93e3-4a4827c2e4c8} (Adware.NetOptimizer) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)MWB Log file 2 after Adware removal.... Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4147Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187025/27/2010 1:34:04 AMmbam-log-2010-05-27 (01-34-04).txtScan type: Full scan (C:\|)Objects scanned: 380500Time elapsed: 2 hour(s), 36 minute(s), 50 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)ZeroSpyware still shows the Trojan.FakeAV.KZB in the two system 32 dll files!!!Thanks in advance for any suggestions! Link to post Share on other sites More sharing options...
Maniac Posted May 29, 2010 ID:258328 Share Posted May 29, 2010 Hello Dan 76049! Welcome to MalwareBytes' Anti-Malware Forums!My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following: The process of cleaning your system may take some time, so please be patient.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!If you don't know or can't understand something please ask. Do not install or uninstall any software or hardware, while work on.Please go to www.virustotal.com and upload the following files:C:\WINDOWS\system32\comdlg32.dllC:\WINDOWS\system32\oledlg.dllPlease post the resaults in your next reply here. Link to post Share on other sites More sharing options...
Dan 76049 Posted May 30, 2010 Author ID:258856 Share Posted May 30, 2010 Thanks for the assistance!www.virustotal.comcomdlg.dll result File comdlg32.dll received on 2010.05.26 07:09:12 (UTC)Current status: finishedResult: 0/41 (0.00%)Compact CompactPrint results Print resultsAntivirus Version Last Update Resulta-squared 4.5.0.50 2010.05.10 -AhnLab-V3 2010.05.26.00 2010.05.26 -AntiVir 8.2.1.242 2010.05.25 -Antiy-AVL 2.0.3.7 2010.05.25 -Authentium 5.2.0.5 2010.05.26 -Avast 4.8.1351.0 2010.05.25 -Avast5 5.0.332.0 2010.05.25 -AVG 9.0.0.787 2010.05.25 -BitDefender 7.2 2010.05.26 -CAT-QuickHeal 10.00 2010.05.26 -ClamAV 0.96.0.3-git 2010.05.26 -Comodo 4942 2010.05.25 -DrWeb 5.0.2.03300 2010.05.26 -eSafe 7.0.17.0 2010.05.25 -eTrust-Vet 35.2.7509 2010.05.25 -F-Prot 4.6.0.103 2010.05.25 -F-Secure 9.0.15370.0 2010.05.26 -Fortinet 4.1.133.0 2010.05.25 -GData 21 2010.05.26 -Ikarus T3.1.1.84.0 2010.05.26 -Jiangmin 13.0.900 2010.05.24 -Kaspersky 7.0.0.125 2010.05.26 -McAfee 5.400.0.1158 2010.05.26 -McAfee-GW-Edition 2010.1 2010.05.25 -Microsoft 1.5802 2010.05.26 -NOD32 5145 2010.05.25 -Norman 6.04.12 2010.05.25 -nProtect 2010-05-25.01 2010.05.25 -Panda 10.0.2.7 2010.05.26 -PCTools 7.0.3.5 2010.05.26 -Prevx 3.0 2010.05.26 -Rising 22.49.02.03 2010.05.26 -Sophos 4.53.0 2010.05.26 -Sunbelt 6356 2010.05.26 -Symantec 20101.1.0.89 2010.05.26 -TheHacker 6.5.2.0.287 2010.05.25 -TrendMicro 9.120.0.1004 2010.05.26 -TrendMicro-HouseCall 9.120.0.1004 2010.05.26 -VBA32 3.12.12.5 2010.05.25 -ViRobot 2010.5.20.2326 2010.05.26 -VirusBuster 5.0.27.0 2010.05.25 -Additional informationFile size: 276992 bytesMD5 : 86987a5000dfa3ebe2275c0456bcf2feSHA1 : 097776790214f0f3489f749be018c84f2dc929d2SHA256: 31b699e8fd11dd59adbae56650c1b7ae80484091b3b6d9015a95f590e2c3eb05PEInfo: PE Structure information( base data )entrypointaddress.: 0x1619timedatestamp.....: 0x4802A0C9 (Mon Apr 14 02:09:45 2008)machinetype.......: 0x14C (Intel I386)( 4 sections )name viradd virsiz rawdsiz ntrpy md5.text 0x1000 0x2FEFD 0x30000 6.48 964c21d6d46e206ba18e57fa4b224d5c.data 0x31000 0x3460 0xE00 2.61 7721d330f1b716cc36633b89d10655ec.rsrc 0x35000 0x101F8 0x10200 4.44 f087195cc90e1847662907319546bba4.reloc 0x46000 0x24DC 0x2600 6.73 4ab4bc65be8f93d3b72d97b366ef60b7( 8 imports )> advapi32.dll: RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegEnumValueW, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW, RegQueryValueW> comctl32.dll: -, -, -, -, PropertySheetW, CreatePropertySheetPageW, -, -, -, -, -, -, -, -, -, -, -, InitCommonControlsEx, ImageList_GetIconSize, -, ImageList_Destroy, -, -, -, ImageList_Draw, CreateToolbarEx> gdi32.dll: Rectangle, CreateSolidBrush, DeleteObject, GetStockObject, CreatePen, GetNearestColor, DeleteDC, CreateCompatibleDC, RealizePalette, SelectPalette, PatBlt, BitBlt, LineTo, MoveToEx, CreateCompatibleBitmap, CreateDIBitmap, CreateDiscardableBitmap, GetObjectW, GetTextMetricsW, ExtTextOutW, SetBkMode, SetTextColor, SetBkColor, GetTextExtentPointW, EnumFontFamiliesExW, GetDeviceCaps, GetTextCharset, TextOutW, GetTextCharsetInfo, SetViewportExtEx, SetWindowExtEx, SetMapMode, GetWindowExtEx, GetViewportExtEx, GetMapMode, TranslateCharsetInfo, CreateFontIndirectW, ExcludeClipRect, CreateDCW, CreateICW, CreateFontW, CreateRectRgnIndirect, GetCharWidth32W, SelectObject, SelectClipRgn> kernel32.dll: FindResourceA, GetACP, GetProcAddress, GetModuleHandleW, MulDiv, lstrcpynW, lstrcmpW, GlobalFree, GlobalAlloc, lstrcpyW, lstrcpyA, DeleteCriticalSection, TlsFree, TlsAlloc, InitializeCriticalSectionAndSpinCount, DisableThreadLibraryCalls, DeleteFileW, GetTempFileNameW, GetProfileStringW, GetLocaleInfoW, GlobalUnlock, GlobalLock, GlobalReAlloc, FreeLibrary, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, SetErrorMode, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InterlockedDecrement, InterlockedIncrement, GetSystemDefaultUILanguage, FindResourceExW, ExpandEnvironmentStringsW, FreeResource, LoadResource, LockResource, SetCurrentDirectoryW, CreateEventW, GetModuleFileNameW, LoadLibraryW, CreateThread, WaitForSingleObject, ResetEvent, FreeLibraryAndExitThread, LocalReAlloc, GetFullPathNameW, GetFileAttributesW, GetProcessVersion, GetVolumeInformationW, GetUserDefaultLCID, TlsSetValue, FormatMessageW, FindFirstFileW, FindNextFileW, FindClose, LocalSize, WideCharToMultiByte, CloseHandle, GetVersionExA, InterlockedExchange, GetModuleHandleA, DelayLoadFailureHook, FindResourceW, LocalFree, MultiByteToWideChar, lstrlenA, LocalAlloc, SetLastError, TlsGetValue, lstrlenW, SizeofResource, LeaveCriticalSection, EnterCriticalSection, GetLastError, GetShortPathNameW, GetCurrentDirectoryW, CreateFileW, lstrcmpiW, GetDriveTypeW, SetEvent, GetCurrentThreadId> ntdll.dll: RtlUnwind, _wcsicmp, wcslen, RtlUnicodeStringToAnsiString, RtlAnsiStringToUnicodeString, RtlUnicodeToMultiByteSize, RtlInitUnicodeStringEx, RtlIsNameLegalDOS8Dot3, _chkstk, _vsnwprintf, memmove, NtQueryVirtualMemory> shell32.dll: SHAddToRecentDocs, -, -, SHBindToParent, -, -, SHGetPathFromIDListW, -, -, -, -, -, -, -, -, -, -, SHGetDesktopFolder, SHGetMalloc, -, SheChangeDirExW, SHGetFileInfoW, SHGetSpecialFolderPathW, SHGetSpecialFolderLocation, SHCreateShellItem, -, -, -, -, -, -, -, SHGetFolderLocation, -, -, -, -, -, -, -, -, -> shlwapi.dll: PathAddBackslashW, -, -, -, StrCmpW, -, -, PathIsUNCW, UrlIsW, PathFindExtensionW, -, SHRegGetValueW, PathFileExistsW, -, StrDupW, -, -, StrStrW, PathCombineW, PathMatchSpecW, PathGetDriveNumberW, SHOpenRegStream2W, -, -, StrCmpIW, -, StrRetToBufW, -, PathFindFileNameW, -, SHRegGetBoolUSValueW, StrCmpNIW, wvnsprintfW, PathRemoveBlanksW, PathIsRootW, wnsprintfW, StrRChrW, -, -, PathSkipRootW, StrChrW> user32.dll: DialogBoxIndirectParamW, CharPrevW, KillTimer, GetWindowTextLengthW, CreateDialogIndirectParamA, SetTimer, IsWindowVisible, MsgWaitForMultipleObjects, TranslateMessage, DispatchMessageW, CreatePopupMenu, DestroyMenu, BeginDeferWindowPos, DeferWindowPos, EndDeferWindowPos, PeekMessageW, EnumChildWindows, GetDlgCtrlID, SetWindowsHookExW, LoadAcceleratorsW, UnhookWindowsHookEx, CreateDialogIndirectParamW, GetSystemMenu, DeleteMenu, SetParent, CallNextHookEx, LockWindowUpdate, GetWindow, GetLastActivePopup, FindWindowExW, RedrawWindow, DrawTextW, DrawIcon, GetWindowPlacement, SetWindowPlacement, GetKeyState, LoadIconW, LoadImageW, RegisterClipboardFormatW, GetKeyboardLayout, DestroyWindow, GetDlgItemTextA, SetDlgItemTextA, CheckRadioButton, IsWindow, RegisterWindowMessageA, RegisterWindowMessageW, MessageBeep, IsDlgButtonChecked, CheckDlgButton, SetWindowTextW, DlgDirListW, SetDlgItemTextW, GetWindowTextW, MessageBoxW, PostMessageW, CharNextW, DefWindowProcW, GrayStringW, CharLowerW, GetDialogBaseUnits, ScreenToClient, CreateWindowExW, GetWindowLongA, LoadStringW, GetSystemMetrics, ShowCursor, LoadCursorW, SetCursor, IntersectRect, EqualRect, GetSysColorBrush, InvalidateRect, IsWindowEnabled, WinHelpW, BeginPaint, EndPaint, SetPropW, PtInRect, SetCapture, ClipCursor, ValidateRect, ChildWindowFromPoint, DialogBoxIndirectParamAorW, CreateDialogIndirectParamAorW, CharNextA, GetWindowLongW, FrameRect, GetSysColor, CopyRect, ReleaseDC, DrawFocusRect, InflateRect, GetDC, GetFocus, MapWindowPoints, GetClientRect, GetDlgItem, CallWindowProcW, SetFocus, GetDlgItemInt, SetDlgItemInt, GetDlgItemTextW, RemovePropW, EndDialog, UpdateWindow, SendDlgItemMessageW, SetWindowPos, EnableWindow, ShowWindow, MoveWindow, SetWindowLongW, GetWindowRect, DrawEdge, FillRect, GetParent, SendMessageW, GetPropW, TranslateAcceleratorW( 1 exports )> ChooseColorA, ChooseColorW, ChooseFontA, ChooseFontW, CommDlgExtendedError, FindTextA, FindTextW, GetFileTitleA, GetFileTitleW, GetOpenFileNameA, GetOpenFileNameW, GetSaveFileNameA, GetSaveFileNameW, LoadAlterBitmap, PageSetupDlgA, PageSetupDlgW, PrintDlgA, PrintDlgExA, PrintDlgExW, PrintDlgW, ReplaceTextA, ReplaceTextW, Ssync_ANSI_UNICODE_Struct_For_WOW, WantArrows, dwLBSubclass, dwOKSubclassTrID : File type identificationWin32 Executable MS Visual C++ (generic) (53.1%)Windows Screen Saver (18.4%)Win32 Executable Generic (12.0%)Win32 Dynamic Link Library (generic) (10.6%)Generic Win/DOS Executable (2.8%)ssdeep: -sigcheck: publisher....: Microsoft Corporationcopyright....: © Microsoft Corporation. All rights reserved.product......: Microsoft_ Windows_ Operating Systemdescription..: Common Dialogs DLLoriginal name: comdlg32.dllinternal name: comdlg32file version.: 6.00.2900.5512 (xpsp.080413-2105)comments.....: n/asigners......: -signing date.: -verified.....: UnsignedPEiD : -RDS : NSRL Reference Data Setoledlg.dll result File 7529A63100B9BD08E01801CAC2C39A0084060BC7.dll received on 2010.05.23 05:56:31 (UTC)Current status: finishedResult: 0/41 (0.00%)Compact CompactPrint results Print resultsAntivirus Version Last Update Resulta-squared 4.5.0.50 2010.05.10 -AhnLab-V3 2010.05.23.00 2010.05.22 -AntiVir 8.2.1.242 2010.05.21 -Antiy-AVL 2.0.3.7 2010.05.21 -Authentium 5.2.0.5 2010.05.22 -Avast 4.8.1351.0 2010.05.22 -Avast5 5.0.332.0 2010.05.22 -AVG 9.0.0.787 2010.05.23 -BitDefender 7.2 2010.05.23 -CAT-QuickHeal 10.00 2010.05.21 -ClamAV 0.96.0.3-git 2010.05.22 -Comodo 4918 2010.05.23 -DrWeb 5.0.2.03300 2010.05.23 -eSafe 7.0.17.0 2010.05.20 -eTrust-Vet None 2010.05.21 -F-Prot 4.6.0.103 2010.05.23 -F-Secure 9.0.15370.0 2010.05.22 -Fortinet 4.1.133.0 2010.05.22 -GData 21 2010.05.23 -Ikarus T3.1.1.84.0 2010.05.23 -Jiangmin 13.0.900 2010.05.22 -Kaspersky 7.0.0.125 2010.05.23 -McAfee 5.400.0.1158 2010.05.23 -McAfee-GW-Edition 2010.1 2010.05.23 -Microsoft 1.5802 2010.05.23 -NOD32 5138 2010.05.22 -Norman 6.04.12 2010.05.22 -nProtect 2010-05-22.01 2010.05.22 -Panda 10.0.2.7 2010.05.22 -PCTools 7.0.3.5 2010.05.23 -Prevx 3.0 2010.05.23 -Rising 22.48.06.03 2010.05.23 -Sophos 4.53.0 2010.05.23 -Sunbelt 6341 2010.05.23 -Symantec 20101.1.0.89 2010.05.23 -TheHacker 6.5.2.0.285 2010.05.23 -TrendMicro 9.120.0.1004 2010.05.22 -TrendMicro-HouseCall 9.120.0.1004 2010.05.23 -VBA32 3.12.12.5 2010.05.22 -ViRobot 2010.5.20.2326 2010.05.22 -VirusBuster 5.0.27.0 2010.05.22 -Additional informationFile size: 122880 bytesMD5 : 0b467f470cc9918fdceedcfd7dc4d697SHA1 : 1cb8c72bc84e5e1f21c72aca356f1fc91cd4a704SHA256: 87c8bcc4dff318fc393a8c0fb0b82ccc9da83ec0f5811cf303f3ac265a575578PEInfo: PE Structure information( base data )entrypointaddress.: 0x11759timedatestamp.....: 0x4802A117 (Mon Apr 14 02:11:03 2008)machinetype.......: 0x14C (Intel I386)( 4 sections )name viradd virsiz rawdsiz ntrpy md5.text 0x1000 0x12693 0x12800 6.40 45117fbb928e78c7a030dc362df2f2f8.data 0x14000 0x136C 0x200 1.37 5ecd1c97ec69a51963958999263056e5.rsrc 0x16000 0xA010 0xA200 4.53 b067c9dc540d7dc64407935995e790e2.reloc 0x21000 0xFE4 0x1000 6.16 4ed1bf81b131925cf441b5f5a00d31d6( 7 imports )> advapi32.dll: RegNotifyChangeKeyValue, RegOpenKeyW, RegQueryValueW, RegEnumKeyW, RegCloseKey> gdi32.dll: CreateICW, GetMetaFileBitsEx, GetTextExtentPointW, CreateCompatibleDC, BitBlt, GetBkColor, DeleteDC, CreateSolidBrush, SetBkMode, UnrealizeObject, SetBrushOrgEx, SetBkColor, ExtTextOutW, SaveDC, SetMapMode, SetViewportOrgEx, SetViewportExtEx, EnumMetaFile, PlayMetaFile, RestoreDC, CreateCompatibleBitmap, CreateBitmap, SetDIBits, GetBitmapBits, PlayMetaFileRecord, GetStockObject, SelectObject, GetTextMetricsW, DeleteObject, GetObjectW, CreateFontIndirectW, GetDeviceCaps, SetTextColor> kernel32.dll: GetProcAddress, LoadLibraryW, lstrcmpW, lstrcmpiA, MultiByteToWideChar, SearchPathW, FindClose, FindFirstFileW, GetShortPathNameW, GetCurrentDirectoryW, GetFileAttributesW, TlsGetValue, GetVersion, TlsAlloc, TlsFree, LocalFree, TlsSetValue, LocalAlloc, GlobalSize, ResetEvent, WaitForSingleObject, CreateEventW, CloseHandle, MulDiv, FindNextFileW, DisableThreadLibraryCalls, GetVersionExW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, lstrcmpiW, lstrlenW, GetFullPathNameW, IsBadStringPtrW, IsBadCodePtr, IsBadWritePtr, CompareFileTime, GetDateFormatW, FileTimeToSystemTime, FileTimeToLocalFileTime, GetTimeFormatW, LocalFileTimeToFileTime, SystemTimeToFileTime, GetSystemTime, WideCharToMultiByte, IsBadReadPtr, GetNumberFormatW, GetLocaleInfoW, LockResource, LoadResource, FindResourceW, GlobalLock, FreeLibrary, GlobalAlloc, GlobalFree, GlobalUnlock> msvcrt.dll: _onexit, __dllonexit, _adjust_fdiv, _initterm, __2@YAPAXI@Z, __3@YAXPAX@Z, iswalpha, _except_handler3, wcschr, malloc, free, _vsnwprintf, memmove, _resetstkoflw> ntdll.dll: RtlFreeHeap, RtlAllocateHeap, RtlImageNtHeader> ole32.dll: OleDuplicateData, ReleaseStgMedium, OleMetafilePictFromIconAndLabel, GetClassFile, CLSIDFromProgID, OleGetIconOfFile, OleCreateLinkToFile, OleCreateFromFile, OleRegGetUserType, CoGetMalloc, OleQueryCreateFromData, OleQueryLinkFromData, OleGetClipboard, CoTaskMemRealloc, CoTaskMemFree, IsValidInterface, StringFromCLSID, CLSIDFromString, OleCreate, OleGetIconOfClass> user32.dll: GetLastActivePopup, IsIconic, LoadIconW, IsWindow, GetDesktopWindow, DialogBoxIndirectParamW, GetWindowLongW, SetPropW, RemovePropW, EnableWindow, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, WinHelpW, GetDlgCtrlID, SetForegroundWindow, ScreenToClient, GetCursorPos, GetPropW, MapWindowPoints, GetClipboardFormatNameW, CharPrevW, GetDialogBaseUnits, GetClientRect, DestroyWindow, UpdateWindow, InvalidateRect, IsDlgButtonChecked, CreateIcon, GetSystemMetrics, DrawFocusRect, DrawIcon, GetSysColor, RegisterWindowMessageW, GetFocus, EndPaint, GetWindowWord, BeginPaint, FillRect, SetWindowWord, DefWindowProcW, RegisterClassW, LoadCursorW, CheckDlgButton, CharNextW, DialogBoxParamW, SetTimer, KillTimer, InflateRect, PeekMessageW, DispatchMessageW, TranslateMessage, IsDialogMessageW, DrawMenuBar, GetMenu, GetActiveWindow, DestroyMenu, InsertMenuW, CreatePopupMenu, DeleteMenu, RegisterClipboardFormatW, GetForegroundWindow, SetClipboardViewer, ChangeClipboardChain, LoadBitmapW, ShowCursor, SetCursor, CharLowerW, GetWindow, GetWindowThreadProcessId, GetWindowTextW, IsWindowEnabled, GetDlgItemInt, MessageBoxW, DestroyIcon, GetParent, GetWindowTextLengthW, SetFocus, CheckRadioButton, SetDlgItemInt, CreateWindowExW, GetDlgItem, ShowWindow, LoadStringW, SendMessageW, PostMessageW, EndDialog, GetDlgItemTextW, SetWindowLongW, SetDlgItemTextW, SendDlgItemMessageW, SetWindowTextW, IsWindowVisible, ChildWindowFromPointEx( 1 exports )> OleUIAddVerbMenuA, OleUIAddVerbMenuW, OleUIBusyA, OleUIBusyW, OleUICanConvertOrActivateAs, OleUIChangeIconA, OleUIChangeIconW, OleUIChangeSourceA, OleUIChangeSourceW, OleUIConvertA, OleUIConvertW, OleUIEditLinksA, OleUIEditLinksW, OleUIInsertObjectA, OleUIInsertObjectW, OleUIObjectPropertiesA, OleUIObjectPropertiesW, OleUIPasteSpecialA, OleUIPasteSpecialW, OleUIPromptUserA, OleUIPromptUserW, OleUIUpdateLinksA, OleUIUpdateLinksWTrID : File type identificationWin32 Executable MS Visual C++ (generic) (65.2%)Win32 Executable Generic (14.7%)Win32 Dynamic Link Library (generic) (13.1%)Generic Win/DOS Executable (3.4%)DOS Executable Generic (3.4%)ssdeep: 1536:xpg+5cfZrz1wYZ7HtkwuFQCdcdlwT8/zEw+fNgG121Ab8Lqzn4Ck/6CutK5:WZrzmYJHmQqwlwT8c21Ab8Lqzi6Csigcheck: publisher....: Microsoft Corporationcopyright....: © Microsoft Corporation. All rights reserved.product......: Microsoft Windows OLE 2.0 User Interface Supportdescription..: Microsoft Windows OLE 2.0 User Interface Supportoriginal name: OLEDLG.DLLinternal name: OLEDLGfile version.: 1.0 (xpsp.080413-2108)comments.....: n/asigners......: -signing date.: -verified.....: UnsignedPEiD : -RDS : NSRL Reference Data Set-Hello Dan 76049! Welcome to MalwareBytes' Anti-Malware Forums!My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following: The process of cleaning your system may take some time, so please be patient.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!If you don't know or can't understand something please ask. Do not install or uninstall any software or hardware, while work on.Please go to www.virustotal.com and upload the following files:C:\WINDOWS\system32\comdlg32.dllC:\WINDOWS\system32\oledlg.dllPlease post the resaults in your next reply here. Link to post Share on other sites More sharing options...
Maniac Posted May 30, 2010 ID:258894 Share Posted May 30, 2010 These are false positives.http://service1.symantec.com/sarc/sarc.nsf...e.positive.htmlDon't trust to ZeroSpyware. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 6, 2010 Root Admin ID:262700 Share Posted June 6, 2010 Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you. Link to post Share on other sites More sharing options...
Recommended Posts