ccrpbds6.dll -- "Backdoor.Win32.VB.aey virus?

Help for Comodo AntiVirus
#1

I just installed CAVS (free version), updated the virus definitions, and ran a scan for the first time.

The scan found only 1 infected file, named ccrpbds6.dll . (I had “scrubbed” my laptop pretty well with some other similar products prior to installing CAVS.) The screen said this file is infected with a virus named "Backdoor.Win32.VB.aey . The screen also said “Disinfect Failed.” This has me really worried! Can someone here please tell me more about this and what I can/should do about this? THANK YOU!

#2

Hi and welcome,

If you are pretty sure that your computer was ‘clean’ this may be a false positive. You can submit this file to Comodo from the quarantine section in CAVS.

You may also want to use an online scanner to test this file and see what other antiviruses report:

Mike

#3

Thanks for your reply, Mike.

Since I started this thread, CAVS also found and quarantined a0006152.dll , another file that it said is infected with a virus name “Backdoor.Win32.VB.aey”.

I just submitted both of those .dll files on virustotal.com and they both got “a clean bill of health” according to all those other AVRs.

So I’ll now follow your other suggestion and submit those files to Comodo from the quarantine section in CAVS.

I’ll repost “the rest of the story” when it’s available!

#4

Ok, It seems it is false positive if all the other AV’s are not detecting it, but it may still be a new unknown virus which CAVS has detected.

Don’t forget to let us know.

Thanks,
Mike

#5

that dll file looks like a look2me file, that’s adware

try this tool, it will most likely find more bad files
http://www.atribune.org/content/view/28/

#6

The file “ccrpbds6.dll”, assuming it’s an original, is part of the Common Control Replacement Project, which produced altrnative OCX and DLL files for use in Visual Basic programming, as an alternative to the common controls that Microsoft provides.

It’s most likely a false positive but, the source code MAY have been compromised. You could try downloading the file from the authors site - http://ccrp.mvps.org/) and compare it to the copy currently installed on your system.

Hope this helps,
Ewen :slight_smile:

#7
The scan found only 1 infected file, named ccrpbds6.dll . (I had "scrubbed" my laptop pretty well with some other similar products prior to installing CAVS.) The screen said this file is infected with a virus named "Backdoor.Win32.VB.aey . The screen also said "Disinfect Failed." This has me really worried! Can someone here please tell me more about this and what I can/should do about this? THANK YOU!
My case is the same as the OP. I went to http://www.atribune.org/content/view/28/ and used the Look2Me-Destroyer tool. Here are the results that make me assume that it wasn't a false positive. Am I wrong?- (Edit- Just read that I probably should have posted the results at the atribune.org forum)

Look2Me-Destroyer V1.0.12

Scanning for infected files…
Scan started at 12/23/2006 6:56:33 PM

Attempting to delete infected files…

Making registry repairs.

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved “{19F500E0-9964-11cf-B63D-08002B317C03}”
HKCR\Clsid{19F500E0-9964-11cf-B63D-08002B317C03}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded