Jump to content
Watner

Dll Threats Detected

Recommended Posts

Hi Everyone,

 

ClamAV Free Version has identified a number of malicious .dlls, existing in one of two locations, ie

 

C:\Windows\Temp\knbf7whe.dll, and

 

C:\Users\[account_name]\AppData\Local\Temp\3pslr-y.dll,

 

all files have been installed by C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe in the last 4 days. I have eleven such files in total. OS is Windows 7. What should I do?

 

Watner

Share this post


Link to post
Share on other sites
Guest Orlando

These file are safe, restore it from quarantine, they will be put autatically in the exclusion.

 

Orlando

  • Like 1

Share this post


Link to post
Share on other sites

Thanks Orlando :)

 

I didn't put them in quarantine (I don't think I can with ClamAV Free). I'll just leave them where they are and ignore any similar warnings in the future.

Share this post


Link to post
Share on other sites

You are correct in that assumption Watner. Some types of malicious code will ingratiate itself into the C:\WINDOWS\Temp file so it is risky to exclude that file. By reading other posts you are not alone. Other members are encountering FP's with other software that utilize Microsoft's .NET Framework Application.

Share this post


Link to post
Share on other sites
Guest Orlando

Settings -> Scan Exclusion Settings -> (select type) file or folder

 

But if I exclude C:\Windows\Temp for example, isn't that risky?

 

A lot of malware are in temp folder. You can restore these files, and they are automatically put in the exclusions.

 

Orlando

Share this post


Link to post
Share on other sites

You are correct in that assumption Watner. Some types of malicious code will ingratiate itself into the C:\WINDOWS\Temp file so it is risky to exclude that file. By reading other posts you are not alone. Other members are encountering FP's with other software that utilize Microsoft's .NET Framework Application.

 

Yep, we have been highly aggressive with .NET apps over the last few months. The down side is the FP's but the engine in question has also helped snag a higher percentage of malware. It's always a balancing act. The alternative is non-heuristic sigs which are dead accurate but useful only after we have the sample.

 

al

Share this post


Link to post
Share on other sites

Thanks for all the help guys! (as well as using the free desktop app, I also use clamd (with postfix, amavis + spamd) on my mail server, so I'm doubly indebted to you)

 

So the FPs are caused because the files in question seem 'virus like' even though they aren't actually viruses? - This is what is meant by 'heuristics' then?

Share this post


Link to post
Share on other sites

Thanks for all the help guys! (as well as using the free desktop app, I also use clamd (with postfix, amavis + spamd) on my mail server, so I'm doubly indebted to you)

 

So the FPs are caused because the files in question seem 'virus like' even though they aren't actually viruses? - This is what is meant by 'heuristics' then?

 

Well, to the point, they look like a class of viruses and yes it's a heuristic detect albeit a defective one in this case.

 

al

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...