False positive on SBWebCtl.dll

On my XP Pro system that is an IBM ThinkCentre I am getting a false positive on SBWebCtl.dll since 4/25/2010 when I did a Full system scan.

This file has been on my system since I bought it and just now has been detected.
It is in the SBUtils Folder that looks like the Folder that provides Dialup Networking.

I have submitted a False positve report but it is still being detected.

See:
SBWebCtl.dll flagged as Malware; on all 3 A31p’s
http://forum.thinkpads.com/viewtopic.php?f=5&t=86649

Usual drill then, confirm at virustotal and submit to avast.

I submitted:
Result: 8/40 (20.00%)
http://www.virustotal.com/analisis/53d56fa769adc1537e8c8f66f45a73d7a0f55308230189a2ae7b4f6089f4f857-1271671764

But i think it is a real adware,have a look at the Import/export table,it is importing functions that we see in adware
any way virus lab will tell us soon ::slight_smile: ::slight_smile:

looks like Lenovo ad-ware if you still getting updates - previously ThinkCentre - may have linked to SBWebCtl.dll and triggered false positive, or a record still there.
nothing about this in Windows Defender?

Hello,
please send us the file via email, please. There’s bug in submiting in 5.0.507.

Milos

Submiited a ticket at:
http://support.avast.com/index.php

Looks like it is STB-629366

VLK has his email in his profile that I forgot to note.

Hi ye all,

The unsafe forms of this are worms: http://www.prevx.com/filenames/1064160846460379863-X1/SBWEBCTL.DLL.html

http://www.virustotal.com/analisis/53d56fa769adc1537e8c8f66f45a73d7a0f55308230189a2ae7b4f6089f4f857-1271671764

The apparent FP finding:
http://forum.thinkpads.com/viewtopic.php?f=5&t=86649
c:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll Infected: not-a-virus:AdWare.Win32.WindowEnhancer.c
also found as CYDOOR variant,

polonus