Suspected False Positive [aamd532.dll]

[TheGeekinator]

Rec'd disposition of "Rogue.EAntispy" on file "C:\WINDOWS\system32\aamd532.dll" during latest routine MBAM "QUICK" type scan.

This is identical file which has been at that location during all previous MBAM scans for at least the past 4+ months (confirmed via an identical SHA1 checksum against a backup dated Sep 1, 2008). I'm not certain, but I believe it was installed, and is organic to, resident installation of AutoPatcher.

Submitted the file to VirusTotal.com for cross-check. It scans 100% clean there at 0/38:

Please refer to:

1. FILEALYZER REPORT.

2. MBAM DEVELOPER SCAN LOG.

3. Attached archive containing subject file [password: falsepositive].

Thanks once again for your great product, as well as your conscientious and timely support.

====================================================================

FILEALYZER REPORT:

--------------------------

File: C:\WINDOWS\system32\aamd532.dll

Date: 1/9/2009 3:53:07 AM

***** General ******************************************************

Location: C:\WINDOWS\system32\

Size: 10752

Version: 1.0.0.1

CRC-32: D7BC0DD7

MD5: CEFD956A1EF122CDA4D53007BAB6C694

SHA1: B3E34E6B0C8BEAC8874D0B6414C5CFB5E0FB0B9F

Read only: No

Hidden: No

System file: No

Directory: No

Archive: Yes

Symbolic link: No

Time stamp: Sunday, October 07, 2007 10:27:50 AM

Creation: Sunday, August 17, 2008 7:20:36 AM

Last access: Sunday, August 17, 2008 7:20:36 AM

Last write: Sunday, October 07, 2007 10:27:50 AM

***** Version ******************************************************

Supported languages:: English (United States) (1033/1200)

--- Version --------------------------------------------------------

File version: 1, 0, 0, 2

Company name: Almeida & Andrade Ltda

Internal name: aamd532

Comments:

Legal copyright: Copyright © 1998, 1999 Almeida & Andrade Ltda

Legal trademarks:

Original filename: aamd532.DLL

Product name: MD5 Maker DLL

Product version: 1, 0, 0, 2

File description: aamd532 DLL

Private build:

Special build:

***** Resources ****************************************************

***** PE Header ****************************************************

:

:

:

:

:

:

:

:

:

:

:

:

***** PE Sections **************************************************

CRC-32: ?

MD5: ?

----- PE Sections --------------------------------------------------

Section VirtSize VirtAddr PhysSize PhysAddr Flags

CRC32 MD5

***** Import/Export table ******************************************

====================================================================

MBAM DEVELOPER SCAN LOG:

-------------------------------------

Malwarebytes' Anti-Malware 1.32

Database version: 1634

Windows 5.1.2600 Service Pack 3

1/9/2009 2:54:35 AM

mbam-log-2009-01-09 (02-54-22).txt

Scan type: Quick Scan

Objects scanned: 1

Time elapsed: 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\aamd532.dll (Rogue.EAntispy) -> No action taken. [4134524130518072867015383479857484819013016870716926222366187071181919686966216

922201717246766672368232621]

====================================================================

aamd532.dll.zip

aamd532.dll.zip

[Manide]

1

[nosirrah]

Let me know if this is corrected .

[Rorschach112]

Its corrected, no more FP

Nice one

[TheGeekinator]

Let me know if this is corrected .

Corrected indeed, Bruce.

I've said it before, and I'll say it again ... thanks for your great product, as well as your conscientious and timely support. Yet again, you make it quite apparent that team MBAM takes corrective/update actions seriously: recieve, review, analyze/test, make determination, update the master online malware sig's database, and respond to my post ... all performed within a handful of hours.