False positive on Toshiba Laptop

falcon04 · April 22, 2007, 8:37pm

Am getting the following alert after installing the new free version (from the log ) :

04/22/2007 14:13:48: C:\PROGRA~1\TOSHIBA\TOSHIB~1\TOUCHP~1.DLL
Trojan horse was found in above file
DLDR-MURLO.C.001 MALWARE STOPPED by BOCLEAN!
Logged in user: xxxxxxxxxx
Active trojan horse was shut down. System now safe.

The file is touchpad_ONOFF.dll and it is called by TFncKy.exe.

Both files were run thru Jotti with nothing found.

I’ve disabled the startup of TFncKy.exe for the interim.

No phoning home or other unusual activity noted in my router or firewall logs.

Melih · April 22, 2007, 9:33pm

Hi Falcon

You can always put that on the exclude list until we know why this is the case.
I have the same file and BOClean but it doesn’t catch it. I wonder if your version is different.
would it be possible for you to PM that program to me pls for further analysis.

thanks
Melih

falcon04 · April 22, 2007, 9:57pm

Will be happy to, but how do I attach the file to a PM ??

panic · April 22, 2007, 10:26pm

Start a reply and click on the “Additional Options” link under the text entry window.
Cheers,
Ewen

falcon04 · April 22, 2007, 11:14pm

WADR,

(1) there is no existing provision in your PM page to upload an attacment

(2) .dll or .exe files are not on the permitted file upload list on the message reply page.

I’ve killed the process and excluded the two files mentioned.

CajunTek · April 23, 2007, 1:21am

Why not zip it, then upload it…

Kevin_McAleavey · April 23, 2007, 1:23am

I’ll have our guys fix it overnight with a fix in the next update out the door … I see already what the problem is - memory def was called on a particular piece of code that shouldn’t have been used. Give us a little time, it’ll be fixed …

falcon04 · April 23, 2007, 2:28am

Thanks Kevin - and I should have thunk of Zipping it - but a clean bill from Jotti “usuallY” has meant a FP in the past.

falcon04 · April 24, 2007, 12:03am

Thanks for the fix !