HP malware server? hpslpsvc32.dll flagged as Backdoor.Win32.PcClient.~a@88561940

Happy New Year all

I’ve got an alert with this HP dll:

c:\program files\HP\digital imaging\bin\hpslpsvc32.dll Backdoor.Win32.PcClient.~a@88561940

http://camas.comodo.com/cgi-bin/submit?file=e600009a647d8f9bba66ce118cdd20c06cac556f283403041f93c2e7a8842d99

[attachment deleted by admin]

Hi Regression,

We are going to check that and get back to you shortly.

Happy New Year!

Regards,
Erik M.

Hi,
This is to inform you that we have scanned submitted file with
latest antivirus database version<3526> of Comodo Internet Security
Version<3.13.126709.581> and have not found this file being detected.
Please check again.

Thanks,
Regards,
Erik M.

Same thing happened to me:
hpslpsvc32.dll is marked as containing “Backdoor.Win32.PcClient.~a[at]88561940”
False positive?

Hi chupachups,

Pls check the product version and DB of CIS.If happened again,pls make a shot and post it in the forum,also the system version.

Thanks and Regards,
hailong.■■■■

Thanks it was with Version<3.13.126709.579> (and latest DB).

I’m sick of HP junk/crapware anyway. It is insane how far they populate windows services and system. I run the same printer from linux faster and without all theirs spying dlls …

I reformatted my laptop yesterday and installed CIS Product Version: 3.13.126709.581.
I have installed system updates from Microsoft except for SP2. Every time I attempt to install the update CIS finds

Name: backdoor.win32.pcclient.~a@88561940

Location: C:\windows\winsxs\temp\pendingrenames\0c12da38a991ca017d0200004010581c.x86_microsoft-windows-dns-client_31bf385ad364e35_6.0.6002.18005_none_e3cdf5e97f7b2eb7_dnsrslvr.dll_faf65b7a

Is this the backdoor Microsoft said didn’t exist or is it a false positive?

Thanks

Hi Snowshagger,

Please send this file to us using Webinterface for detailed analysing.
Thanks.

Kind Regards,
Erik M.

Hi,

I got the same HP HPSLPSVC32.DLL alert.

The alert happens immediately at windows xp startup.
But later, when I run the virus scan manually it does not alert this file any more .

regards
Alois

[attachment deleted by admin]

Hi ahahn,

Thanks for report, we will investigate this.

Kind Regards,
Erik M.

Hi all

I get the same backdoor-alert from Comodo when I try 2 install Vista SP2… @ end it will not install correctly with unknown error.

here’s my backdoor filename:

Backdoor.Win32.PcClient.~a@88561940

@ location:

C:\Windows\winsxs\Temp\PendingRenames\e2395ef1e292ca011f020000b8096008.x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.18005_none_e3cdf5e97f7b2eb7_dnsrslvr.dll_faf65b7a

Comodo puts it automatically in quarantaine

looks like there’s more than a bit shit in microsoft
Kind regards

Hi SquidG,

Please take the file from quarantine and submit it to Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year and we will verify the status of it.

Thanks and regards,
Ionel

Please take the file from quarantine and submit it to Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year and we will verify the status of it.

Thanks and regards,
Ionel

Hi Ionel
Tried 2 do that, but file doesn’t exist anymore within 2 minutes.
I’ve sent the files with the option in main Comodo feature.
I don’t know if u will be able to review it, but I didn’t saw another way.

for now, as my vista is crapping due 2 error after error in installing SP2, which never passes the 80% mark, I see myself forced 2 backup and format and install this laptop again.

Kind regards and thanks for looking in to this kind of problems

■■■■■

Has been fixed by jan-13, 2010
Thanks and best regards
Alois

And yet, when I submitted the file for review I get:
File Info
Name Value
Size 585728
MD5 dc5a6c052b6d000f9417262f40ccf8ea
SHA1 54c5d18e40db6d83fbc7a8c348aa37fc2ddd4943
SHA256 9323013eeff511d6dfa0ea124befb37c96848dc14a563f7d3e950cb2d624f23f
Process Failed

• Verdict
Auto Analysis Verdict
Unexecutable
???
My Comodo Internet Security (w/ AV) tags this file on every bootup as a backdoor virus.
Thx.

Hi alexnco,

We will check this and get back to you after reaching a conclusion.

Thanks,
Ionel

Hi alexnco,

This false-positive is already fixed with DB 3596. You can check to confirm.

Thanks,
Ionel

Hi All

I have a similiar problem with a Toshiba Laptop running on Vista Home premium. I had the SP2 installed and had no problems until I took I had to ship it out to the authorised service centre for a hardware failure, I got it back from the service on January 7th 2010 and they had reimaged the HDD and I had to do all the updates and found out surprisingly that CIS was preventing the SP2 for being installed.
CIS log: C:\Windows\winsxs\Temp\PendingRenames\bd08559b989dca0163270000a4044c11.x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6002.18005_none_d945a2ac2bb19ac6_dhcpcsvc.dll_8155446a[/size]
Backdoor.Win32.PcClient.~a@88561940
I red all I could about this problem and I could not find a solution. I tried to upload the file to be checked online but I had no permitions to do so, thus I took ownership of the entire folder but I still could not send the file for upload.
I turned off CIS thinking that of all the “hackers” in the world Microsoft is the “less harmful”, and managed to install SP2, but CIS was still reporting the backdoor present. I think I got rid of the backdoor files through AVIRA Antivir and everything seemed to be working fine but I noticed an accessive amount of reports in the CIS logs of my OS IGMP packets being blocked and in the same time ICMP packets from Microsoft Servers.

I reimaged the HDD and I’m at the point where I’m about to install SP2 again that is still failing due to the same reason.

Please if anyone can help…

Thank You in advance and Kind Regards

Hi enhazi,

Thanks for reporting.Please add the detected file in exclusion list and then try to submit at Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year.

Regards,
Haja

Hi Haja

Thank you for replying. I tried but I could not get to upload the files, however I tried to install SP2 once again and I noticed that the filename this time has changed and I did select to exclude it and I was able to upload it. Thus my SP2 was successful.
I would have like to have had some info on this issue before I installed SP2, however it is done now, waiting to get the results of the file I uploaded.

Thank you once again, regards