Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Advanced SystemCare Pro Review IObit Coupons A Good Utility Program From IObit IObit Driver Booster Pro Review IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs IObit Software Coupons & Promo Code

Does my computer have any threats or uneed files?


Recommended Posts

this look suspicious! :roll:


O23 - Service: ¥D?¨¾±s (ZhuDongFangYu) - 360¦w¥þ¤¤¤ß - C:\Program Files\360\360Safe\deepscan\zhudongfangyu.exe


this is china anti-maleware tools...

call 360安全衛士 is for their cloud secruity engine


virus total scan



Link to comment
Share on other sites

Hello. Could you please:


Use Unlock and Delete to remove:

  • C:\Program Files\ALiBaBar\ALiBaBar.dll


Select the corresponding box in Hijack Scan to remove:

  • O2 - BHO: ALiBaBar_Helper - {CE439C63-384A-747A-A357-23D96B5D652B} - C:\Program Files\ALiBaBar\ALiBaBar.dll


this file is my chinese traditional and simple chinese translation toolbar...



scan reported

Antivirus Version Last Update Result

a-squared 2009.10.07 -

AhnLab-V3 2009.10.06 -

AntiVir 2009.10.07 -

Antiy-AVL 2009.10.05 -

Authentium 2009.10.07 -

Avast 4.8.1351.0 2009.10.07 -

AVG 2009.10.04 -

BitDefender 7.2 2009.10.07 -

CAT-QuickHeal 10.00 2009.10.07 -

ClamAV 0.94.1 2009.10.07 -

Comodo 2527 2009.10.07 UnclassifiedMalware

DrWeb 2009.10.07 -

eSafe 2009.10.06 -

eTrust-Vet 35.1.7055 2009.10.07 -

F-Prot 2009.10.06 -

F-Secure 8.0.14470.0 2009.10.07 -

Fortinet 2009.10.07 -

GData 19 2009.10.07 -

Ikarus T3. 2009.10.07 -

Jiangmin 11.0.800 2009.10.07 -

K7AntiVirus 7.10.863 2009.10.06 Trojan.Win32.Malware.1

Kaspersky 2009.10.07 -

McAfee 5763 2009.10.06 -

McAfee+Artemis 5763 2009.10.06 Artemis!E18997873DDF

McAfee-GW-Edition 6.8.5 2009.10.07 -

Microsoft 1.5101 2009.10.07 -

NOD32 4487 2009.10.07 -

Norman 6.01.09 2009.10.06 -

nProtect 2009.1.8.0 2009.10.07 -

Panda 2009.10.06 Adware/Alibabar

PCTools 2009.10.07 -

Prevx 3.0 2009.10.07 -

Rising 2009.09.30 -

Sophos 4.45.0 2009.10.07 -

Sunbelt 3.2.1858.2 2009.10.07 Alibaba Toolbar

Symantec 2009.10.07 -

TheHacker 2009.10.06 -

TrendMicro 8.950.0.1094 2009.10.07 -

VBA32 2009.10.07 -

ViRobot 2009.10.7.1974 2009.10.07 -

VirusBuster 2009.10.06 -

Additional information

File size: 970240 bytes

MD5 : e18997873ddf51bc377342d69f230f44

SHA1 : 9e2619db420f72d703e374f5e9fc4829b7b3aac5

SHA256: c7df5d740f825a5d41452ae5ec174b958eb8a2b697b90a951b4edb12a7d5349f

PEInfo: PE Structure information


( base data )

entrypointaddress.: 0x8B4D8

timedatestamp.....: 0x2A425E19 (Sat Jun 20 00:22:17 1992)

machinetype.......: 0x14C (Intel I386)


( 7 sections )

name viradd virsiz rawdsiz ntrpy md5

CODE 0x1000 0x8A514 0x8A600 6.51 c6670dc99c81696de15d6d24045b579a

DATA 0x8C000 0x137C 0x1400 4.22 2890e338df6c29fd2b53f181b9b03a51

BSS 0x8E000 0xAE62D 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

.idata 0x13D000 0x27A6 0x2800 5.05 8f9ebce824003172609be85e551b7115

.edata 0x140000 0xA5 0x200 1.88 23b4983ee8b7ab27745f5038bd79b70f

.reloc 0x141000 0x9288 0x9400 6.66 408715fbf3becb5243b5666449385153

.rsrc 0x14B000 0x55200 0x55200 6.46 70c3fcc2eec86514e6e5c35e84ae8efb


( 10 imports )


> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey

> comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_LoadImageA, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls

> comdlg32.dll: ChooseColorA

> gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWindowExtEx, SetWinMetaFileBits, SetViewportOrgEx, SetViewportExtEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PolyPolyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetMapMode, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExtTextOutA, ExtCreatePen, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CombineRgn, BitBlt

> kernel32.dll: GetCurrentThreadId, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle

> ole32.dll: CoTaskMemFree, StringFromCLSID, CoLockObjectExternal, CoDisconnectObject, CoRevokeClassObject, CoRegisterClassObject, CoUninitialize, CoInitialize, IsEqualGUID

> oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysFreeString, SysReAllocStringLen, SysAllocStringLen

> shell32.dll: ShellExecuteA

> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA

> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA


( 1 exports )


> DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer

TrID : File type identification

Windows OCX File (63.0%)

InstallShield setup (21.9%)

Win32 Executable Delphi generic (7.4%)

Win32 Executable Generic (4.3%)

Win16/32 Executable Delphi generic (1.0%)

ssdeep: 12288:5Rh1OpNqPHe0aG8sRWp7OdSDBO0fsKRDkYcDWHQpG8ocH35Gx1665n/:5ZEIBJdW0KRDCvH23/

PEiD : -

CWSandbox: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=e18997873ddf51bc377342d69f230f44

RDS : NSRL Reference Data Set


ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Link to comment
Share on other sites

As you can see from above, it is actually malware. So please remove :smile:


That is false positive

I send it to Avira Virus testing lab

Suspicious Files and Miscellaneous Uploads


Thank you for your submission. Below you can see the current status of the uploaded files.





A listing of files alongside their results can be found below:


File ID Filename Size (Byte) Result

230288 ALiBaBar.dll 947.5 KB FALSE POSITIVE



Please find a detailed report concerning each individual sample below:


Filename Result



The file 'ALiBaBar.dll' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: .




Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.

Link to comment
Share on other sites

It depends on the verdict of the researcher. Some do classify this toolbar as adware, and for that reason it is detected by certain vendors. If you would like to keep the toolbar, you can of course, however, it is suggested that you remove it :smile:


that's okay

but my computer have any other threats?

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...