> > > I recently downloaded and installed portable Wireshark v1.2.0 into my
> > > updated Windows XP Pro. SP3:
> > > http://media-2.cacetech.com/wireshark/win32/WiresharkPortable-1.2.0.paf.exe
> > > ...
> > >
> > > Today, updated SuperAntiSpyware (free) scanned and found msvcp90.dll
> > > being suspected as Adware.Vundo/Variant-MSFake. I also posted in
> > > http://forums.superantispyware.com/viewtopic.php?f=4&t=3107 about it
> > > just in case (I think this is a false positive).
> > >
> > > I also scanned online and others were detected:
> > > 1. http://www.virustotal.com/analisis/22f2e96608de5347259f638ee7d8fbe63eb25f940bdca3c53a95bcac5baa2fc5-1245614050
> > > (three companies/brands).
> > > 2. http://virusscan.jotti.org/en/scanresult/6101af43f7e80f5dd1d804c0ab2c88223d7fc740
> > > (Norman found W32/Virtumonde.AKKG).
> > > 3. http://scanner.virus.org/scan/SI5RVRHlu/27617e999dab00644c776d925b666d2a3d60faa6
> > > (still in progress).
> >
> > MsvcpP90.dll is one of the C run-time libraries that ships with
> > Microsoft Visual Studio 2008:
> >
> > http://msdn.microsoft.com/en-us/library/abx4dbyh.aspx
> >
> > You can also get them as part of a separate redistributable package,
> > e.g. vcredist_x86.exe.
> >
> > Does SuperAntiSpyware provide digest or checksum information for the
> > files it scans? The MD5, SHA1, and RMD160 hashes for the copy of
> > msvcp90.dll we shipped with 1.2.0 are:
> >
> > MD5(msvcp90.dll)= 871f979d70414c900b35e56222932daf
>
> Strange. My DiamondCS MD5 v1.4.0.0 tool doesn't match yours from
> portable Wireshark (after extraction): 7B80921F9F6126F53F4250E2B23E0EA3
Also, both
http://virusscan.jotti.org/en/scanresult/6101af43f7e80f5dd1d804c0ab2c88223d7fc740
and
http://www.virustotal.com/analisis/22f2e96608de5347259f638ee7d8fbe63eb25f940bdca3c53a95bcac5baa2fc5-1245614050
have the same MD5 as mine (7b80921f9f6126f53f4250e2b23e0ea3).
> > SHA1(msvcp90.dll)= dd683e4ad54cab6ba1c7b3ce9c0925db0e1d0e66
> > RIPEMD160(msvcp90.dll)= 95f2bc0902409ec68e276bd742d54369556f0f1a
> >
> > The DLL file version is 9.0.30729.1. It was copied from Microsoft Visual
> > Studio 2008 SP1's "redist" directory. I checked the hashes above with
> > two other systems here, and they all match.
>
> Mine is v9.0.30729.1 and 338 KB (346,112 bytes).
--
"Left right left right we're army ants. We swarm we fight. We have no
home. We roam. We race. You're lucky if we miss your place." --Douglas
Florian (The Army Ants Poem)
/\___/\
/ /\ /\ \ Phil/Ant @ http://antfarm.ma.cx (Personal Web Site)
| |o o| | Ant's Quality Foraged Links (AQFL): http://aqfl.net
\ _ / E-mail: philpi@xxxxxxxxxxxxx or ant@xxxxxxxxxx
( )