Wireshark-users: Re: [Wireshark-users] False postive on portable Wireshark v1.8.0's msvcp100.dll

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "David H. Lipman" <DLipman@xxxxxxxxxxx>
Date: Fri, 22 Jun 2012 15:48:42 -0400
From: "Ant" <ant@xxxxxxxxxx>


On Fri, Jun 22, 2012 at 09:02:52AM -0700, Gerald Combs wrote:


Is anyone getting msvcp100.dll as a possible malware infection with the
updated ClamAV and SuperAntiSpyware? I am using the extracted portable
version in my old, updated Windows XP Pro. SP3 machine.

http://virusscan.jotti.org/en/scanresult/221a9ca9c452deef28f7acb79a34663564f3c56d
(ClamAV; PUA.Win32.Packer.Upx-57) and Adware.Vundo/Variant-MSFake (SAS)


Is there a way to find out what ClamAV database version Jotti's Malware
Scan is using? ClamWin 0.97.4 + main 54 + daily 15069 says it's clean.
VirusTotal says it's clean as well:

https://www.virustotal.com/file/193758db483f6a420b00627ba60ec9c77069c2b5295c1df511d07a1ffd5f7d3a/analysis/1340378908/


I can't find any support or details. I only get its 6/22/2012 date.

SuperAntiSpyware still thinks it is an "Adware.Vundo/Variant-MSFake"
right now on my updated 64-bit W7 HPE machine. :(

Do I assume this is a false positive?


Yes.


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp