SysInternals Suite FP ?

[wozofoz]

This is the latest version of SysInternals Suite, updated 3 days ago

I am sure you know that the software in SysInternals Suite are not installed to the PC in the normal way (aka: portable)

I mainly launch Process Explorer (ProcExp) from the folder SysInternalsSuite - Launch This folder is just my re-naming of the original SysInternals Suite folder

 

 

IObit Security 360

 

OS:Windows XP

Version:1.0.1.30

Define Version:1233

Time Elapsed:00:18:17

Objects Scanned:66286

Threats Found:1

 

|Name|Type|Description|ID|

Adware.SpywareIsolator, File, C:\Documents and Settings\Wozofoz\My Documents\Acer SW - Installed\SysinternalsSuite - Launch\ldmdump.exe, 11-10902

 

All the best, woz of oz

[itobe]

This is the latest version of SysInternals Suite, updated 3 days ago

I am sure you know that the software in SysInternals Suite are not installed to the PC in the normal way (aka: portable)

I mainly launch Process Explorer (ProcExp) from the folder SysInternalsSuite - Launch This folder is just my re-naming of the original SysInternals Suite folder

Define Version:1233

|Name|Type|Description|ID|

Adware.SpywareIsolator, File, C:\Documents and Settings\Wozofoz\My Documents\Acer SW - Installed\SysinternalsSuite - Launch\ldmdump.exe, 11-10902

All the best, woz of oz

 

hello wozofoz,

 

Roger that, It must be a FP.

 

According to routine, it will be solved as soon as you upload the ldmdump.exe to http://www.virustotal.com to prove it‘s innocence. Compress and attach ldmdump.exe here also is ok.

 

Sorry for the inconvenience.

 

Best regards.

[wozofoz]

I hope this is right

 

I hope this is right, it says:

Current status: finished

then it says:

Result: 0/41 (0%)

 

 

 

File IObit_Security_360_Report_16-10-0 received on 2009.10.16 07:56:38 (UTC)

Current status: finished

Result: 0/41 (0%)

 

 

Antivirus Version Last Update Result

a-squared 4.5.0.41 2009.10.16 -

AhnLab-V3 5.0.0.2 2009.10.15 -

AntiVir 7.9.1.35 2009.10.15 -

Antiy-AVL 2.0.3.7 2009.10.16 -

Authentium 5.1.2.4 2009.10.16 -

Avast 4.8.1351.0 2009.10.14 -

AVG 8.5.0.420 2009.10.16 -

BitDefender 7.2 2009.10.16 -

CAT-QuickHeal 10.00 2009.10.16 -

ClamAV 0.94.1 2009.10.16 -

Comodo 2617 2009.10.16 -

DrWeb 5.0.0.12182 2009.10.16 -

eSafe 7.0.17.0 2009.10.15 -

eTrust-Vet 35.1.7070 2009.10.15 -

F-Prot 4.5.1.85 2009.10.15 -

F-Secure 8.0.14470.0 2009.10.16 -

Fortinet 3.120.0.0 2009.10.15 -

GData 19 2009.10.16 -

Ikarus T3.1.1.72.0 2009.10.16 -

Jiangmin 11.0.800 2009.10.16 -

K7AntiVirus 7.10.871 2009.10.15 -

Kaspersky 7.0.0.125 2009.10.16 -

McAfee 5772 2009.10.15 -

McAfee+Artemis 5772 2009.10.15 -

McAfee-GW-Edition 6.8.5 2009.10.15 -

Microsoft 1.5101 2009.10.16 -

NOD32 4512 2009.10.15 -

Norman 6.03.02 2009.10.16 -

nProtect 2009.1.8.0 2009.10.15 -

Panda 10.0.2.2 2009.10.15 -

PCTools 4.4.2.0 2009.10.15 -

Prevx 3.0 2009.10.16 -

Rising 21.51.41.00 2009.10.16 -

Sophos 4.46.0 2009.10.16 -

Sunbelt 3.2.1858.2 2009.10.15 -

Symantec 1.4.4.12 2009.10.16 -

TheHacker 6.5.0.2.043 2009.10.15 -

TrendMicro 8.950.0.1094 2009.10.16 -

VBA32 3.12.10.11 2009.10.15 -

ViRobot 2009.10.16.1987 2009.10.16 -

VirusBuster 4.6.5.0 2009.10.15 -

Additional information

File size: 316 bytes

MD5...: 061c6922f0ec7b47a53b27b0d6d3b851

SHA1..: 725f025422ea8f4e5f06e1992281ac59d5c6e31b

SHA256: 6e6881feec0759f07bc39a3979ce468710c1e0289c02abfb775d25abf2d5c70d

ssdeep: 6:cGRTCaf3+CU2mFxkfk4KUbOvLwKgKQU4EcivHEEARm5h2GdAVMy+RBB5S6tQd4

v:cG1CaPZUtLn4KLvEZETv5jpdpb6Vs

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: Unknown!

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

 

 

All the best, woz of oz

[enoskype]

Hi wozofoz,

 

I think you have uploaded the IS 360 report file, but you should have uploaded ldmdump.exe file (151 KB), which is in SysinternalsSuite.

 

Cheers.

[wozofoz]

Here is the report

 

I uploaded the file to Virus Total and it said

File has already been analysed:

MD5: 202119e519dd179de64afd195f0dda42

First received: 2009.02.22 05:40:23 UTC

Date: 2009.09.14 09:19:25 UTC [>32D]

Results: 0/41

Permalink: analisis/980e64020cfceb02652a2a08270b84b974f18f290e9cb798f5d46d3aa3a0ec94-1252919965

 

I clicked on Show last report and here it is:

 

File ldmdump.exe received on 2009.09.14 09:19:25 (UTC)

Current status: finished

Result: 0/41 (0.00%)

 

Antivirus Version Last Update Result

a-squared 4.5.0.24 2009.09.14 -

AhnLab-V3 5.0.0.2 2009.09.13 -

AntiVir 7.9.1.14 2009.09.14 -

Antiy-AVL 2.0.3.7 2009.09.14 -

Authentium 5.1.2.4 2009.09.13 -

Avast 4.8.1351.0 2009.09.13 -

AVG 8.5.0.412 2009.09.14 -

BitDefender 7.2 2009.09.14 -

CAT-QuickHeal 10.00 2009.09.14 -

ClamAV 0.94.1 2009.09.14 -

Comodo 2313 2009.09.14 -

DrWeb 5.0.0.12182 2009.09.14 -

eSafe 7.0.17.0 2009.09.13 -

eTrust-Vet 31.6.6736 2009.09.14 -

F-Prot 4.5.1.85 2009.09.13 -

F-Secure 8.0.14470.0 2009.09.13 -

Fortinet 3.120.0.0 2009.09.14 -

GData 19 2009.09.14 -

Ikarus T3.1.1.72.0 2009.09.14 -

Jiangmin 11.0.800 2009.09.14 -

K7AntiVirus 7.10.843 2009.09.12 -

Kaspersky 7.0.0.125 2009.09.14 -

McAfee 5740 2009.09.13 -

McAfee+Artemis 5740 2009.09.13 -

McAfee-GW-Edition 6.8.5 2009.09.14 -

Microsoft 1.5005 2009.09.14 -

NOD32 4423 2009.09.14 -

Norman 6.01.09 2009.09.11 -

nProtect 2009.1.8.0 2009.09.14 -

Panda 10.0.2.2 2009.09.13 -

PCTools 4.4.2.0 2009.09.11 -

Prevx 3.0 2009.09.14 -

Rising 21.47.02.00 2009.09.14 -

Sophos 4.45.0 2009.09.14 -

Sunbelt 3.2.1858.2 2009.09.13 -

Symantec 1.4.4.12 2009.09.14 -

TheHacker 6.3.4.4.402 2009.09.12 -

TrendMicro 8.950.0.1094 2009.09.14 -

VBA32 3.12.10.10 2009.09.13 -

ViRobot 2009.9.14.1933 2009.09.14 -

VirusBuster 4.6.5.0 2009.09.13 -

Additional information

File size: 154424 bytes

MD5 : 202119e519dd179de64afd195f0dda42

SHA1 : 9dfca2c430ef0e0c618eb229d840575411ff6aba

SHA256: 980e64020cfceb02652a2a08270b84b974f18f290e9cb798f5d46d3aa3a0ec94

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x403024

timedatestamp.....: 0x44E35223 (Wed Aug 16 19:13:07 2006)

machinetype.......: 0x14C (Intel I386)

 

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x5B47 0x6000 6.43 7be02d5d851695025bc1269bd44c94b8

.rdata 0x7000 0xB8E 0x1000 4.28 a0111b5555cc9177dc538cfa758ba54b

.data 0x8000 0x1CD9C 0x1C000 5.29 c49a61ef335a43ebbc034acab6e150c2

 

( 0 imports )

 

 

( 0 exports )

TrID : File type identification

Win32 Executable MS Visual C++ (generic) (53.1%)

Windows Screen Saver (18.4%)

Win32 Executable Generic (12.0%)

Win32 Dynamic Link Library (generic) (10.6%)

Generic Win/DOS Executable (2.8%)

ssdeep: 1536:MQVwz0C90qKVl2WcEtQdkmVnTA6uv5/Haei4:SlK72WRt0oCn4

PEiD : Armadillo v1.71

RDS : NSRL Reference Data Set

-

 

PS: My previous post with the wrong scan may cause some confusion so if you would like to delete it that is fine with me :-)

 

All the best, woz of oz

[enoskype]

Hi wozofoz,

 

It is a good pactice to get the report of the freshly uploaded file, as there is a possibility that, only your file could have been infected. (Very low probabilty though).

 

Cheers.

 

PS. There is no need for deletion of the other post, but you can do so, if you wish to soft delete.

[wozofoz]

3rd time lucky ?

 

Hi enoskype

 

I had quarantined that file and so it no longer existed in my folder

I went to Security 360 Quarantine to Restore the file but it was gone (I do have 'quarantine threats when removing them' ticked)

So I downloaded a new SysInternals Suite zip and extracted all files.

I did a Security 360 scan of the resulting folder and got exactly the same Report as my first Post

I then browsed to and uploaded the file to VirusTotal and that was the message I got.

 

I just tried it again and exactly the same thing happened.

I will zip the file and attach it :-)

 

EDIT: Just tried it again and got told it was already scanned today at the time I did it. I then clicked Reanalyse file now and it scanned and I got the all clear.

I didn't notice that 'Reanalyse file now' button before, sorry for making a mess of this :oops:

Anyhow, IObit has the file now and can do a scan to make sure the result is correct

 

All the best, woz of oz

ldmdump.zip

[enoskype]

Sorry for the inconvenience wozofoz, I just wanted to be sure that it is a False Positive for you and all.

 

Thanks for the efforts.

 

Cheers.