icfupgd.dll reports as Trojan.BuzusAovd - it is a window file! [SOLVED by db 1408]

[framosbiz]

Hi,

 

I Googled this file because Iobit 360 reports it to be a trojan. After Googling this, a few people mentioned it was a false positive. I then looked at the file closely and it is a .dll file.

 

Well, here is the report, please tell me if it is a false positive or not. I am afraid to delete it. On my last scan, it had reported something else as a trojan and then removed it. I believe it was an itunes file because after Removing the so called "Threat," all of a sudden, I am getting an error message for itunes at start up.

 

Now, that one was no big deal because I reinstalled it. But this, I am not so sure, but I don't think it is a trojan since it is just a .dll file and reports say that if I delete it, I would be sabotaging myself.

 

IObit Security 360

 

OS:Windows 7

Version:1.4.1.11

Define Version:1407

Time Elapsed:00:14:51

Objects Scanned:71917

Threats Found:2

 

|Name|Type|Description|ID|

Trojan.BuzusAovd, File, C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7600.16385_none_5e6da7259d4ac682\icfupgd.dll, 12-241

Trojan.BuzusAovd, File, C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\icfupgd.dll, 12-241

 

And this is the one report from the experts I was talking about.

 

The icfupgd.dll is a Windows Firewall ICF Settings Upgrade.

 

This file is part of Microsoft® Windows® Operating System. Icfupgd.dll is developed by Microsoft Corporation. It’s a system and hidden file. Icfupgd.dll is usually located in the %SYSTEM% folder and its usual size is 89,088 bytes.

 

Recommendation

 

The icfupgd.dll process is safe and disabling it can be dangerous, because programs on your computer need it to work correctly.

 

:???:

 

Please get it RIght Iobit, I trust in you so I don't damage my computer and I am recommending your product to a lot of people who would naturally Remove any threat it reports to them and they wouldn't even know how to do what I am just doing here.

 

I am into computer repairs and it would be very bad for my business if I recommend Iobit 360 and then reports useful files as a threats to remove and then ruin people's system, then you become the very bug we are all trying to avoid for just $19.95. I am getting dissapointed your product is getting way too paranoid.

[enoskype]

Hi framosbiz,

 

I am not saying that it is not a False Positive, but sometimes Trojans enter into a legitimate file.

 

The best thing to do is to upload it to VirusTotal and post the result report link here.

 

Also you can upload the file to servers available for uploading, so IObit can try the file themselves. The other option is to send the file to IObit.

 

All of this is explained in detail in Guidelines and Requirements for Reporting a False Positive thread.

 

This procedure will help IObit to respond quickly.

 

BTW, since it is an important subject, I am moving your post as a thread in this section.

 

Cheers.

[manning01]

Trojan BuzusAovd think it's a false positive

 

I keep getting these two hits on my scans 360 deletes them and they are back again after reboot. Are these files good or not I see anouther member has the same issue? I did the upload to virustotal with nothing found. Here is the scan results and virus total link.

 

IObit Security 360

 

OS:Windows 7

Version:1.4.1.11

Define Version:1407

Time Elapsed:00:09:06

Objects Scanned:67530

Threats Found:2

 

|Name|Type|Description|ID|

Trojan.BuzusAovd, File, C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7600.16385_none_5e6da7259d4ac682\icfupgd.dll, 12-241

Trojan.BuzusAovd, File, C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\icfupgd.dll, 12-241

 

Result: 0/36 (0.00%)

http://www.virustotal.com/analisis/0666aef1cd6ae6a8e235fe973f960f8035b5c52c3ac1786a9a4b3a4e683e7922-1270371405

Result: 0/42 (0.00%)

http://www.virustotal.com/analisis/4a81c3af2497e7a39e1e016cfcbdd152caf3c65ead921d9a1fd6f9a67e84b313-1270380458

[Chaos63]

Persistent Files

 

Every time I do a full scan 2 files show up, if i remove them and rescan they appear time after time :cry:

 

report says ...

 

IObit Security 360

 

OS:Windows 7

Version:1.4.1.11

Define Version:1407

Time Elapsed:00:01:24

Objects Scanned:66170

Threats Found:2

 

|Name|Type|Description|ID|

Trojan.BuzusAovd, File, C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7600.16385_none_5e6da7259d4ac682\icfupgd.dll, 12-241

Trojan.BuzusAovd, File, C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\icfupgd.dll, 12-241

 

Hijack log ..

 

 

Logfile of IObit HijackScan v1.0.0.0

Scan saved at 10:16:43, on 2010-4-5

 

Running processes:

 

O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [CtxfiReg] CTXFIREG.exe /FAIL1

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [DelayShred] c:\PROGRA~2\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\chaos\appdata\local\temp\MPROJE~1.SH!

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Microsoft WinUpdate] C:\Windows\system32\msupdte.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll/206

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_19 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}Java Plug-in 1.6.0_19 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_19 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

O23 - Service: Creative Audio Engine Licensing Service (Creative Audio Engine Licensing Service) - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe

O23 - Service: Message Queuing Service (MSMQSVC) - Unknown - C:\Windows\system32\mqsv32.exe

O23 - Service: MySQL (MySQL) - Unknown - C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe

O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: NMIndexingService (NMIndexingService) - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe

O23 - Service: Block Level Backup Engine Service (wbengine) - Unknown - %systemroot%\system32\wbengine.exe

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe

 

Anyway to get rid of these? :-?

[viking]

icfupgd.dll a trojan ?

 

Also getting the same result in win 7, tried to delete it but it just reappears in winsxs.

It's a dll related to the windows firewall, so slightly nervous about this reappearing as a trojan in the Iobit scan results....

Grateful for any advice frm iobit...

 

-------

IObit Security 360

 

OS:Windows 7

Version:1.4.1.11

Define Version:1407

Time Elapsed:00:13:43

Objects Scanned:68418

Threats Found:2

 

|Name|Type|Description|ID|

Trojan.BuzusAovd - Quarantined, File, C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7600.16385_none_5e6da7259d4ac682\icfupgd.dll, 12-241

Trojan.BuzusAovd - Quarantined, File, C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\icfupgd.dll, 12-241

------

[atific]

Trojan.BuzusAovd already acknowledged as a false positive

 

I found previous threads from mid 2009 in this forum talking about "Trojan.BuzusAovd". At that time the, the moderators found that this was indeed a false positive and stated that it would be resloved on there next update. Appearently it has not been. How do we make 10-bit stop reporting this false positive.

===

IObit Security 360

 

OS:Windows 7

Version:1.4.1.11

Define Version:1408

Time Elapsed:00:06:11

Objects Scanned:66743

Threats Found:3

cicely

Senior Member

Join Date: 27 Jul 2009

Posts: 36

[enoskype]

Hi atific.

 

Please read post #2 in this thread.

 

You can put those to Ignore List until the solution is available.

 

Cheers.

[hxin]

Hi

 

icfupgd.dll have saved at Define Version:1408.

PLS update.

[enoskype]

Thanks hxin, title of the thread is also updated.

 

Cheers.