I found those on a clients’ PC they get picked up as a Win32 Virus by NOD32 however they are fine by Symantec AND it comes as a software package on a USB drive. (Also Kanguru is a legit app). So the question is: WAs the USB drive infected at the manufacturer or is this a FP?
Please take a look especially at the MsMsSrv.dll and RunSrv.exe
and I just noticed: is that rar file contains what you are suspecting to be malware?
if so…woW!!! Please read the rules how to submit.
It must be passworded archive. Password supplied in the e-mail body
Yeap that is how I submitt to all my AV mailing lists. Password protected.
Why the hell did ComodBoclean e-mail submission had to change 3 times before going stable? It gets a bit annoying to have to resubmit the same file 3 times or rehunt the valid e-mail addy.
I am a creature of comfort and miss the day when I could just e-mail Kevin at NSclean and have things done in 10 hours or less.
Oh I did, that was the 3rd thing I did. And it did give HITS about 10/30 for the .exe and 20/30 for the DLL HOWEVER none of the big names gave hits aka Kaspersky, Symantec, Mcaffee, Sophos, AVG, Avast, e-trust. So it needed professional look over before the company decides to scrub the systems. Hence I turned to Kevin. I have dealt with Kevin for many years (I think Circa 2001…name changed it used to be Operation IvyMike) and I know that he is a professional at these type of things…and if it indeed was a true baddie, I wanted him to add it to his Boclean repertoire and upstage the bignames.
Hiya … emailed you earlier tonight after testing all of those files, and will just pook in here and say that despite the primary DLL being a “known name of a nasty” (Zapchast) the files in question actually ARE the legitimate files which are part of that Kanguru USB encryption thingy. I suppose our criminals out there saw the filenames and as usual, figured it’d be a good idea to use those same filenames for their nasties in hopes of getting ignored when spotted. Alas, they chose some really obscure filenames.
But they’re clean … that’s why the lab guys didn’t go bonkers on them. Sorry nobody got back - when things are busy unfortunately, the folks can be inadvertently rude sometimes. My PERSONAL apologies and THANKS for the heads-up just the same! You’ve always been a great help to BOClean over the years in winning the “spot the nasty” game. (:WAV)