I had a phone call from my sister who had somehow picked up some malware called PC Security Guardian on her Windows7 machine, and was stuck with the constant popups and warnings. So I resorted to Google, had a good look around to see what i could find out. The best information I could find was this link and the suggestion to download Malware Bytes anti-Malware.
This would all have to be fixed by talking my sister ("whats windows safe mode?") through how to sort it all out, so i tried some of the anti-malware first. I've got windows XP and windows 2000 running as virtual machines inside linux mint . Like this - i can run them both at the same time.
Some wouldn't run under wine (software that lets you run some windows programs, without actually having the windows operating system, on linux, (but there again , why would you need to run anti-malware as there isn't really any), but I thought id have a trial run first. I could be very confident that this setup wouldn't contain any viruses, because I don't go onto the web with any programs ( its just for windows stuff that i have to run for a course) .Some of them did run under wine on linux . I downloaded SpyNoMore detection tool (demo version) 2.98.110604 ). I could run it in either of the virtual machines.... But ive also installed wine so i gave it a whirl.
Here's what it found
But the first file it found is the one that runs the windows little black box to do command line stuff - and not, as far as I'm aware, a trojan at all !
and dmusic32.dll is one of the files installed with wine , according to this list .
I thought Id contact SpyNoMore and tell them they have a false positive for a very common windows file, but i cant find any contact details on their website!
I have the same result for the same file today using MalwareBytes.
ReplyDeleteIt also suspected iexplore.exe, rundll.exe and winnls.dll.