Jump to content
DooGie

EVEREST_ICONS.DLL

Recommended Posts

Since the last couple of definition updates EVEREST_ICONS.DLL a Lavalys Everest Ultimate dll is showing up as a Trojan.

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 09/16/2010 at 08:13 PM

Application Version : 4.43.1000

Core Rules Database Version : 5520

Trace Rules Database Version: 3332

Scan type : Complete Scan

Total Scan Time : 00:12:59

Memory items scanned : 438

Memory threats detected : 0

Registry items scanned : 13075

Registry threats detected : 0

File items scanned : 26843

File threats detected : 1

Trojan.Agent/Gen-CDesc[VB-Packed]

C:\ANDY\DIAGNOSTICS\EVEREST ULTIMATE EDITION\EVEREST_ICONS.DLL

Share this post


Link to post
Share on other sites

Hi Doogie.

You might want to submit the file to Virus Total just to be sure it's a false positive.

If it is (likely), you can submit it as false positive when the SAS scan completes.

Share this post


Link to post
Share on other sites

Hi Doogie.

You might want to submit the file to Virus Total just to be sure it's a false positive.

If it is (likely), you can submit it as false positive when the SAS scan completes.

Hi Seth

Just checked the file with Virus Total and it was flagged as a Trojan by four softwares.

Namely Comodo, Prevx, SUPERAntiSpyware and TrendMicro.

However I've a feeling that the packer used for the .dll is probably causing these detections and that the file is clean.

Also the copy of Everest was downloaded from the authors site not 3rd party.

Share this post


Link to post
Share on other sites

This FP is now fixed.

Nice fast work by the SAS team :)

Update

I thought it was fixed as when I scanned the Everest directory from the context menu it showed as clean.

However running a complete scan on the whole drive showed the dll up as infected.

I would have thought that both scans would produce the same result?

Share this post


Link to post
Share on other sites

This FP is now fixed.

Nice fast work by the SAS team :)

Update

I thought it was fixed as when I scanned the Everest directory from the context menu it showed as clean.

However running a complete scan on the whole drive showed the dll up as infected.

I would have thought that both scans would produce the same result?

This looks like an inconsistency that needs fixed by SAS. Please submit a Customer Support Request and request resolution. The inconsistency makes context switch scanning useless.

https://www.superantispyware.com/csrcreateticket.html

Share this post


Link to post
Share on other sites

My post referring to the context menu scan was it turns out an error on my part, not looking at the path of a file closely enough.

Since my original post regarding the possible fp I'd installed the latest beta version of Everest, in this version the icons.dll is not flagged as infected by SAS.

However I'd saved a copy of the dll from the previous version to another directory which is the one being picked up by SAS during a complete scan.

I still feel that this was a fp but obviously Lavalys have changed something in the latest release.

Share this post


Link to post
Share on other sites

An update on the above.

After updating to SAS version 4.44.1000 the original EVEREST_ICONS.DLL that I posted as a fp is no longer detected as a trojan :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×