Sunday, 5 June 2011

No No SpyNoMore, youve got it wrong

I had a phone call  from my sister who had somehow  picked up some malware called  PC Security Guardian on her Windows7 machine, and was stuck with the constant popups and warnings. So I resorted to Google, had a good look around to see what i could find out. The best information I could find  was this link  and the suggestion to download Malware Bytes anti-Malware.

This would  all have to be fixed by talking my sister ("whats windows safe mode?") through how to  sort it all out, so i tried some of the anti-malware  first. I've got  windows XP and windows 2000 running as virtual machines inside linux mint . Like this - i can run them both at the same time.


Some wouldn't run under wine (software that lets you run some windows programs, without actually having  the windows operating system,  on linux, (but there again , why would you need to run anti-malware as there isn't really any), but I thought id have a trial run first.  I could be very confident that this setup wouldn't contain any viruses, because I don't go onto the web with  any programs ( its just for windows stuff that i have to run for a course) .Some of them did run under wine on linux .  I downloaded SpyNoMore detection tool (demo version) 2.98.110604 ). I could run it in either of the virtual machines.... But ive also installed wine so i gave it a whirl.


Here's what it found
 But the first  file it found is the one that runs the windows little black box to do command line stuff - and not, as far as I'm aware, a trojan at all !

and dmusic32.dll is one of the files installed with wine , according to this list .

I thought Id contact SpyNoMore and tell them they have a false positive for a very common windows file, but i cant find any contact details on their website!

1 comment:

  1. I have the same result for the same file today using MalwareBytes.
    It also suspected iexplore.exe, rundll.exe and winnls.dll.

    ReplyDelete