Phillip Pi wrote:
> Hello!
>
> I recently downloaded and installed portable Wireshark v1.2.0 into my
> updated Windows XP Pro. SP3:
> http://media-2.cacetech.com/wireshark/win32/WiresharkPortable-1.2.0.paf.exe
> ...
>
> Today, updated SuperAntiSpyware (free) scanned and found msvcp90.dll
> being suspected as Adware.Vundo/Variant-MSFake. I also posted in
> http://forums.superantispyware.com/viewtopic.php?f=4&t=3107 about it
> just in case (I think this is a false positive).
>
> I also scanned online and others were detected:
> 1. http://www.virustotal.com/analisis/22f2e96608de5347259f638ee7d8fbe63eb25f940bdca3c53a95bcac5baa2fc5-1245614050
> (three companies/brands).
> 2. http://virusscan.jotti.org/en/scanresult/6101af43f7e80f5dd1d804c0ab2c88223d7fc740
> (Norman found W32/Virtumonde.AKKG).
> 3. http://scanner.virus.org/scan/SI5RVRHlu/27617e999dab00644c776d925b666d2a3d60faa6
> (still in progress).
MsvcpP90.dll is one of the C run-time libraries that ships with
Microsoft Visual Studio 2008:
http://msdn.microsoft.com/en-us/library/abx4dbyh.aspx
You can also get them as part of a separate redistributable package,
e.g. vcredist_x86.exe.
Does SuperAntiSpyware provide digest or checksum information for the
files it scans? The MD5, SHA1, and RMD160 hashes for the copy of
msvcp90.dll we shipped with 1.2.0 are:
MD5(msvcp90.dll)= 871f979d70414c900b35e56222932daf
SHA1(msvcp90.dll)= dd683e4ad54cab6ba1c7b3ce9c0925db0e1d0e66
RIPEMD160(msvcp90.dll)= 95f2bc0902409ec68e276bd742d54369556f0f1a
The DLL file version is 9.0.30729.1. It was copied from Microsoft Visual
Studio 2008 SP1's "redist" directory. I checked the hashes above with
two other systems here, and they all match.