'Re: [Wireshark-users] Wireshark v1.2.0's msvcp90.dll real or FP?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wireshark-users
Subject:    Re: [Wireshark-users] Wireshark v1.2.0's msvcp90.dll real or FP?
From:       Phillip Pi <ant () zimage ! com>
Date:       2009-06-23 14:07:20
Message-ID: 20090623140720.GJ4422 () alpha ! zimage ! com
[Download RAW message or body]

> > > OK, that's better. So the files aren't tampered. Also, notice more than 
> > > one online scanners detected suspicious beside SuperAntiSpyware?
> > 
> > Yes. Please note that
> > 
> >   1) We've received quite a few virus reports in the past:
> >      http://wiki.wireshark.org/FalsePositives
> > 
> >   2) So far they've _all_ been false positives.
> > 
> >   3) Trying to get confirmation about a specific positive for a specific
> >      file from a specific vendor is often an exercise in joylessness.
> > 
> > I'm not quite ready to declare this a false positive. However, the
> > hashes for msvcp90.dll that we shipped match the ones on multiple
> > systems (which appear to be clean), and the hashes for the version of
> > UPX used to compress msvcp90.dll match those from a fresh download from
> > SourceForge. It really, really looks like a false positive right now.
> 
> Yeah, I am thinking it is FP too. I am surprised that there a few 
> scanners thinking it is a bad file. Oy! :(

Woohoo. SuperAntiSpyware no longer detects msvcp.dll file as bad. :) 
Thanks all! Unsubscribing from mailing list. ;)
-- 
"Left right left right we're army ants. We swarm we fight. We have no 
home. We roam. We race. You're lucky if we miss your place." --Douglas 
Florian (The Army Ants Poem)
  /\___/\
 / /\ /\ \          Phil/Ant @ http://antfarm.ma.cx (Personal Web Site)
| |o   o| |         Ant's Quality Foraged Links (AQFL): http://aqfl.net
   \ _ /                 E-mail: philpi@earthlink.net or ant@zimage.com
    ( )
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic