Sign in to follow this  
kjz1

false positive, Win32TrojanDropperDelf?

Recommended Posts

Hi kjz1,

 

Thank you for reporting this! Our Malware Labs team will have a look at this ASAP.

 

It does appear to be a FP, so don't delete that file until they can look into this for you.

 

(Did you mean to say mfc70u.dll rather than mfc40u.dll or is there another one also being detected?)

 

mfc70u.dll is what you sent here.

Share this post


Link to post
Share on other sites

Thanks kjz1,

 

No problem. I just wanted to confirm it was the one file and not two :)

 

Being the weekend now in Sweden, it might be Monday before they get to this, so please hang on and don't delete that file meanwhile

Share this post


Link to post
Share on other sites

I am having the the same or similar problem.

 

I am pasting the log in here, as opposed to attaching it. I hope that's OK.

 

If not, let me know and I will attach it.

 

Thanks for your kind help.

 

========================================================

 

MSG [17488] 2009/07/17 08:24:54: Configure new scan with profile: full

MSG [17488] 2009/07/17 08:24:54: -> scanning critical objects

MSG [17488] 2009/07/17 08:24:54: -> scanning running processes

MSG [17488] 2009/07/17 08:24:54: -> scanning registry

MSG [17488] 2009/07/17 08:24:54: -> scanning lsp

MSG [17488] 2009/07/17 08:24:54: -> scanning ads

MSG [17488] 2009/07/17 08:24:54: -> scanning hosts file

MSG [17488] 2009/07/17 08:24:54: -> scanning mru objects

MSG [17488] 2009/07/17 08:24:54: -> scanning browser hijacks

MSG [17488] 2009/07/17 08:24:54: -> scanning cookies

MSG [17488] 2009/07/17 08:24:54: -> neutralizing rootkits

MSG [17488] 2009/07/17 08:24:54: -> use spyware heuristics

MSG [17488] 2009/07/17 08:24:54: -> scan archives

MSG [17488] 2009/07/17 08:24:54: -> file size limit = 20480 kB (0 = unlimited)

MSG [17488] 2009/07/17 08:24:54: -> scan file/path = C:\

MSG [17488] 2009/07/17 08:24:54: -> scan file/path = D:\

MSG [17488] 2009/07/17 08:24:54: -> scan file/path = K:\

MSG [12568] 2009/07/17 16:08:41: Scan was completed in 27827 seconds

MSG [12568] 2009/07/17 16:08:41: Objects processed: 735588, infections detected: 3

ERR [17488] 2009/07/17 17:31:57: SDKController::GetQuarantineList -> Not in idle state

ERR [17488] 2009/07/17 17:31:57: SDKController::GetWhiteList -> Not in idle state

ERR [17488] 2009/07/17 17:31:58: SDKController::GetDefinitonsFileVersion -> Not in idle state

ERR [17488] 2009/07/17 17:31:58: SDKController::GetLatestSuccessfulScanReport -> Not in idle state

MSG [11300] 2009/07/17 17:32:26: Remediating 3 infections

MSG [11300] 2009/07/17 17:32:27: Infections quarantined: 0, removed: 2, repaired: 0

MSG [11300] 2009/07/17 17:32:27: Infections ignored by remediation: 1 (0 whitelisted, 1 skipped).

MSG [17488] 2009/07/17 17:32:28: Dumping scan report:

>>> Logfile created: 7/17/2009 8:24:54

>>> Lavasoft Ad-Aware version: 8.0.7

>>> Extended engine version: 8.1

>>> User performing scan: (I removed my name)

>>>

>>> *********************** Definitions database information ***********************

>>> Lavasoft definition file: 149.7

>>> Extended engine definition file: 8.1

>>>

>>> ******************************** Scan results: *********************************

>>> Scan profile name: Full Scan (ID: full)

>>> Objects scanned: 735588

>>> Objects detected: 3

>>>

>>>

>>> Type Detected

>>> ==========================

>>> Processes.......: 0

>>> Registry entries: 0

>>> Hostfile entries: 0

>>> Files...........: 1

>>> Folders.........: 0

>>> LSPs............: 0

>>> Cookies.........: 2

>>> Browser hijacks.: 0

>>> MRU objects.....: 0

>>>

>>>

>>>

>>> Skipped items:

>>> Description: C:\WINDOWS\system32\mfc70u.dll Family Name: Win32.TrojanDropper.Delf Clean status: Success Item ID: 1238256 Family ID: 1385

>>>

>>> Removed items:

>>> Description: *real* Family Name: Cookies Clean status: Success Item ID: 408817 Family ID: 0

>>> Description: *realmedia* Family Name: Cookies Clean status: Success Item ID: 409139 Family ID: 0

>>>

>>> Scan and cleaning complete: Finished correctly after 27827 seconds

>>>

>>> *********************************** Settings ***********************************

>>>

>>> Scan profile:

>>> ID: full, enabled:1, value: Full Scan

>>> ID: scancriticalareas, enabled:1, value: true

>>> ID: scanrunningapps, enabled:1, value: true

>>> ID: scanregistry, enabled:1, value: true

>>> ID: scanlsp, enabled:1, value: true

>>> ID: scanads, enabled:1, value: true

>>> ID: scanhostsfile, enabled:1, value: true

>>> ID: scanmru, enabled:1, value: true

>>> ID: scanbrowserhijacks, enabled:1, value: true

>>> ID: scantrackingcookies, enabled:1, value: true

>>> ID: closebrowsers, enabled:1, value: false

>>> ID: folderstoscan, enabled:1, value: C:\,D:\,K:\

>>> ID: usespywareheuristics, enabled:1, value: true

>>> ID: extendedengine, enabled:0, value: true

>>> ID: useheuristics, enabled:0, value: true

>>> ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict

>>> ID: filescanningoptions, enabled:1

>>> ID: scanrootkits, enabled:1, value: true

>>> ID: archives, enabled:1, value: true

>>> ID: onlyexecutables, enabled:1, value: false

>>> ID: skiplargerthan, enabled:1, value: 20480

>>>

>>> Scan global:

>>> ID: global, enabled:1

>>> ID: addtocontextmenu, enabled:1, value: true

>>> ID: playsoundoninfection, enabled:1, value: false

>>> ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

>>>

>>> Scheduled scan settings:

>>> <Empty>

 

===============================================

If you need more of the log than this, let me know.

===============================================

Share this post


Link to post
Share on other sites

Hi everyone,

 

Thanks for posting. This detection was a false positive and has been fixed in update 0149.0008 - please update Ad-Aware to get the latest definition file.

 

Regards,

 

Andy

Lavasoft Malware Labs

Share this post


Link to post
Share on other sites
Sign in to follow this