 |
 | Downadup detected in Wireshark plugins directory? |  |
|
mgood16
|
|
Yesterday (4/1/09), Clamwin began reporting coseventcomm.dll and cosnaming.dll as infected with downadup. These two dlls are standard plugins for Wireshark (the network protocol analyzer). The files are located in the C:\Program Files\Wireshark\plugins\1.0.6\ directory. I scanned the files in question with AVG and Symantec products, neither of which found an infection. A friend of mine also scanned his Wireshark plugins directory using Clamwin portable with the same results (infected). I'm pretty confident that this qualifies as a false positive. Has anyone else run into this with Wireshark and Clamwin?
Here is the scan report: Scan Started Wed Apr 01 12:00:00 2009 ------------------------------------------------------------------------------- *** Scanning Programs in Computer Memory *** *** Memory Scan: using ToolHelp *** *** Scanned 58 processes - 594 modules *** *** Computer Memory Scan Completed *** C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\vvqg7ff9.default\places.sqlite-journal: Permission denied C:\Documents and Settings\Me\Local Settings\Temp\etilqs_Oy35RzC2XtIvqAw7DaU0: Permission denied C:\Documents and Settings\Me\Local Settings\Temp\~DF5ECA.tmp: Permission denied C:\hiberfil.sys: Permission denied C:\pagefile.sys: Permission denied C:\Program Files\Wireshark\plugins\1.0.0\coseventcomm.dll: Worm.Downadup-310 FOUND C:\Program Files\Wireshark\plugins\1.0.0\cosnaming.dll: Worm.Downadup-354 FOUND C:\WINDOWS\system32\config\DEFAULT: Permission denied C:\WINDOWS\system32\config\SAM: Permission denied C:\WINDOWS\system32\config\SECURITY: Permission denied C:\WINDOWS\system32\config\SOFTWARE: Permission denied C:\WINDOWS\system32\config\SYSTEM: Permission denied ----------- SCAN SUMMARY ----------- Known viruses: 538081 Engine version: 0.94.1 Scanned directories: 7278 Scanned files: 68956 Infected files: 2 Data scanned: 20418.09 MB Time: 5645.492 sec (94 m 5 s) |
|||||||||||
|
|||||||||||||
 |
| |
|
Antonio S.
|
|
Hello,
This thread reported similar problems https://forums.clamwin.com/viewtopic.php?t=2228 Checked the latest posts and do the same so Clam virus DB will be fixed. Regards, |
|||||||||||
|
|||||||||||||
|
 | Downadup detected in Wireshark plugins directory? | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.