Hello all. I scanned my mates computer with clamwin portable from portable apps. And it said he had a trojan, problem is i can't see it in the folder its supposedly in and can't remove it.

I also scanned with AVG and it found nothing so we could be looking at a false postive maybe?

Clamwin found - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP122F.tmp\mscorlib.dll: Trojan.Spy-11241 FOUND

I used VirusTotal and submitted the file path and it uploaded the file but it had already had it analyzed, i looked at the analysis here. -https://www.virustotal.com/analisis/945736dbc7c0c0badb749e6d77d2cccf https://www.virustotal.com/analisis/945736dbc7c0c0badb749e6d77d2cccf

As you see only 1/32 scanners identified it as bad. So is it bad or a false positive???

And as the gateway washer scanner says its .dam which means the file is damaged, thats why i probably couldn't see it.

To futhur speculate here as clamwin says its a Spy Trojan is it likely that its keylogger that has injected itself into a windows process? As he says the i/o light on his router have been flashing more than often when his computer is idle, but i think its him being a bit paranoid and i don't think he can make that assumtion. I might have to get a packet sniffer on it though but i don't know what to look for.

If it is a keylogger then this is quite bad, his steam account has ?50 of games on it.

Any help will be deeply appreciated. Cheers Trantula.


I couldn't post it in the top forum it kept giving me a php error.