Watner Posted November 18, 2010 Report Share Posted November 18, 2010 Hi Everyone, ClamAV Free Version has identified a number of malicious .dlls, existing in one of two locations, ie C:\Windows\Temp\knbf7whe.dll, and C:\Users\[account_name]\AppData\Local\Temp\3pslr-y.dll, all files have been installed by C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe in the last 4 days. I have eleven such files in total. OS is Windows 7. What should I do? Watner Link to comment Share on other sites More sharing options...
Guest Orlando Posted November 18, 2010 Report Share Posted November 18, 2010 These file are safe, restore it from quarantine, they will be put autatically in the exclusion. Orlando Link to comment Share on other sites More sharing options...
Watner Posted November 18, 2010 Author Report Share Posted November 18, 2010 Thanks Orlando I didn't put them in quarantine (I don't think I can with ClamAV Free). I'll just leave them where they are and ignore any similar warnings in the future. Link to comment Share on other sites More sharing options...
Guest Orlando Posted November 18, 2010 Report Share Posted November 18, 2010 No, you can put them, go in the settings, there are (exclusion) under see good. Orlando Link to comment Share on other sites More sharing options...
Watner Posted November 18, 2010 Author Report Share Posted November 18, 2010 Settings -> Scan Exclusion Settings -> (select type) file or folder But if I exclude C:\Windows\Temp for example, isn't that risky? Link to comment Share on other sites More sharing options...
ritchie58 Posted November 19, 2010 Report Share Posted November 19, 2010 You are correct in that assumption Watner. Some types of malicious code will ingratiate itself into the C:\WINDOWS\Temp file so it is risky to exclude that file. By reading other posts you are not alone. Other members are encountering FP's with other software that utilize Microsoft's .NET Framework Application. Link to comment Share on other sites More sharing options...
Guest Orlando Posted November 19, 2010 Report Share Posted November 19, 2010 Settings -> Scan Exclusion Settings -> (select type) file or folder But if I exclude C:\Windows\Temp for example, isn't that risky? A lot of malware are in temp folder. You can restore these files, and they are automatically put in the exclusions. Orlando Link to comment Share on other sites More sharing options...
alfred Posted November 20, 2010 Report Share Posted November 20, 2010 You are correct in that assumption Watner. Some types of malicious code will ingratiate itself into the C:\WINDOWS\Temp file so it is risky to exclude that file. By reading other posts you are not alone. Other members are encountering FP's with other software that utilize Microsoft's .NET Framework Application. Yep, we have been highly aggressive with .NET apps over the last few months. The down side is the FP's but the engine in question has also helped snag a higher percentage of malware. It's always a balancing act. The alternative is non-heuristic sigs which are dead accurate but useful only after we have the sample. al Link to comment Share on other sites More sharing options...
Watner Posted November 21, 2010 Author Report Share Posted November 21, 2010 Thanks for all the help guys! (as well as using the free desktop app, I also use clamd (with postfix, amavis + spamd) on my mail server, so I'm doubly indebted to you) So the FPs are caused because the files in question seem 'virus like' even though they aren't actually viruses? - This is what is meant by 'heuristics' then? Link to comment Share on other sites More sharing options...
alfred Posted November 24, 2010 Report Share Posted November 24, 2010 Thanks for all the help guys! (as well as using the free desktop app, I also use clamd (with postfix, amavis + spamd) on my mail server, so I'm doubly indebted to you) So the FPs are caused because the files in question seem 'virus like' even though they aren't actually viruses? - This is what is meant by 'heuristics' then? Well, to the point, they look like a class of viruses and yes it's a heuristic detect albeit a defective one in this case. al Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.