 | Downadup detected in Wireshark plugins directory? |  |
mgood16
Joined: 02 Apr 2009 |
Posts: 0 |
|
|
 |
Posted: Thu Apr 02, 2009 1:32 pm |
|
 |
 |
 |
 |
Yesterday (4/1/09), Clamwin began reporting coseventcomm.dll and cosnaming.dll as infected with downadup. These two dlls are standard plugins for Wireshark (the network protocol analyzer). The files are located in the C:\Program Files\Wireshark\plugins\1.0.6\ directory. I scanned the files in question with AVG and Symantec products, neither of which found an infection. A friend of mine also scanned his Wireshark plugins directory using Clamwin portable with the same results (infected). I'm pretty confident that this qualifies as a false positive. Has anyone else run into this with Wireshark and Clamwin?
Here is the scan report:
Scan Started Wed Apr 01 12:00:00 2009
-------------------------------------------------------------------------------
*** Scanning Programs in Computer Memory ***
*** Memory Scan: using ToolHelp ***
*** Scanned 58 processes - 594 modules ***
*** Computer Memory Scan Completed ***
C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\vvqg7ff9.default\places.sqlite-journal: Permission denied
C:\Documents and Settings\Me\Local Settings\Temp\etilqs_Oy35RzC2XtIvqAw7DaU0: Permission denied
C:\Documents and Settings\Me\Local Settings\Temp\~DF5ECA.tmp: Permission denied
C:\hiberfil.sys: Permission denied
C:\pagefile.sys: Permission denied
C:\Program Files\Wireshark\plugins\1.0.0\coseventcomm.dll: Worm.Downadup-310 FOUND
C:\Program Files\Wireshark\plugins\1.0.0\cosnaming.dll: Worm.Downadup-354 FOUND
C:\WINDOWS\system32\config\DEFAULT: Permission denied
C:\WINDOWS\system32\config\SAM: Permission denied
C:\WINDOWS\system32\config\SECURITY: Permission denied
C:\WINDOWS\system32\config\SOFTWARE: Permission denied
C:\WINDOWS\system32\config\SYSTEM: Permission denied
----------- SCAN SUMMARY -----------
Known viruses: 538081
Engine version: 0.94.1
Scanned directories: 7278
Scanned files: 68956
Infected files: 2
Data scanned: 20418.09 MB
Time: 5645.492 sec (94 m 5 s)
|
|
 |
 | |  |
Antonio S.
Joined: 20 Apr 2008 |
Posts: 0 |
Location: Italy |
|
 |
Posted: Thu Apr 02, 2009 1:43 pm |
|
 |
 |
 |
 |
Hello,
This thread reported similar problems
https://forums.clamwin.com/viewtopic.php?t=2228
Checked the latest posts and do the same so Clam virus DB will be fixed.
Regards,
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by
phpBB © phpBB Group
Design by
phpBBStyles.com |
Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.