Jump to content
bizzeebeever

Dicom.dll -- from irfanview plugins

Recommended Posts

irfanview plugins folder, dicom.dll, flagged as "Spyware.Banker"

Compared MD5 sum to that of Dicom.dll from source, MD5 sum was same. Scanned file with Symantec's Norton IAV and virusTotal.com -- no security risks detected by any of 42 AVs. MBAM has never flagged this file before.

Windows XP SP3, MBAM 1.50 w/AV database 5353.

Attached: dicom.dll (in zip file) and mbam log.

P.S. Tried to post this message previously, but repeatedly got a "not-logged-in" forum error, so I sent my results to support@malwarebytes.org. I apologize.

Dicom.zip

mbam_log_2010_12_18__23_33_46_.txt

Share this post


Link to post
Share on other sites

I can confirm this, although a global quick scan didn't pick it up , *possibly* because I have the file in its default location: %Program Files%\IrfanView\Plugins

A file scan does flag it.

Share this post


Link to post
Share on other sites

I came to the computer to find a message from mbam about a malicious process trying to start. It was Dicom.dll in the irfanview plugins folder and it was being called spyware.banker by mbam. Msseces saw no problem with this file, nor did spybot s&d. Google lead me straight here, where it's being discussed in the false possitives section. Is it a false possitive or has it been lying in wait? I havn't updated irfanview or it's plugins in some time but mbam gets updated all the time. This seems so random and in a wierd folder.

Share this post


Link to post
Share on other sites

This will be fixed in just a few minutes. Some poor coding practices on their part got this one flagged but it is clean none the less.

Share this post


Link to post
Share on other sites
This will be fixed in just a few minutes. Some poor coding practices on their part got this one flagged but it is clean none the less.

Cool. Just wondering...could you be more specific about the poor coding practices? (I like to pretend that I'm more technically inclined than average. :)

Share this post


Link to post
Share on other sites
Cool. Just wondering...could you be more specific about the poor coding practices? (I like to pretend that I'm more technically inclined than average. :)

Failing to use a cert or any version info at all is a good place to start.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.