Virus or false positive "adobecp-200489-1.dll"?

Everyone’s help here has been so very great in past, present, and hopeful future.

I not know if false positive, or infection…
At the time I was online with Yahoo Mail, Netflix Instant, and Hulu. Those were the only websites I had visited since I started computer today. Within 5 minutes after loading Hulu website, I get virus detected. I immediately disconnected my Internet and moved the .dll to the avast! chest.

C:\Documents and Settings"Name"\Application Data\Adobe\Flash Player\NativeCache\340EE80BB6C2BDC03A237663EA24C806\21baedcf\adobecp-200489-1.dll

adobecp-200489-1.dll

Isthissitesafe website says its company is Adobe and the product is AdobeCP Dynamic Link Library, but website says it not signed. It was reported in France January 21, 2012. I am in United States.

Isthisfilesafe website says it copyright is 2012.

Anyway to check .dll property…maybe I mean credentials…without it getting out of chest?

Consider this info: http://isthisfilesafe.net/sha1/419232B12E21BDCABD2A84D074F543CC0E01EC65_details.aspx
But you also need the version number and the hash to check against,
upload to virustotal and give the scan link here,

polonus

Thank you for your fast time and great response.

http://isthisfilesafe.net/sha1/419232B12E21BDCABD2A84D074F543CC0E01EC65_details .aspx is where I found the information.

But how do I get the “version number and the hash to check against,
upload to virustotal and give the scan link here”?

upload suspicious file(s) to www.virustotal.com and test with 40+ malware scanners
when you have the result, copy the url in the address bar and post it here for us to see

alternative
Jotti http://virusscan.jotti.org/en
VirSCAN http://virscan.org/
Metascan http://www.metascan-online.com/

I will try, but how do I upload without first putting it back in the possibly infected folder?

What I did first was upload it from chest folder as it is known in chest folder as 00000012.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.

now you restore the file to that folder and upload from it

I restored it to different created folder, and uploading it now.

Here is the report.

https://www.virustotal.com/file/40bf7f640c15fe5856ed3b2051c77ee158e4bf041e5cb3b4c59f85f6a11f9071/analysis/1328056812/

SHA256: 40bf7f640c15fe5856ed3b2051c77ee158e4bf041e5cb3b4c59f85f6a11f9071
SHA1: 419232b12e21bdcabd2a84d074f543cc0e01ec65
MD5: d708f4daac18fb6f19052835ed933d20
File size: 3.7 MB ( 3837160 bytes )
File name: adobecp-200489-1.dll
File type: Win32 DLL
Detection ratio: 0 / 43
Analysis date: 2012-02-01 00:40:12 UTC ( 1 minute ago )

00Antivirus Result Update
AhnLab-V3 - 20120131
AntiVir - 20120131
Antiy-AVL - 20120131
Avast - 20120131
AVG - 20120131
BitDefender - 20120201
ByteHero - 20120126
CAT-QuickHeal - 20120131
ClamAV - 20120201
Commtouch - 20120201
Comodo - 20120131
DrWeb - 20120131
Emsisoft - 20120201
eSafe - 20120130
eTrust-Vet - 20120131
F-Prot - 20120201
F-Secure - 20120201
Fortinet - 20120201
GData - 20120131
Ikarus - 20120131
Jiangmin - 20120131
K7AntiVirus - 20120131
Kaspersky - 20120131
McAfee - 20120201
McAfee-GW-Edition - 20120201
Microsoft - 20120131
NOD32 - 20120201
Norman - 20120131
nProtect - 20120131
Panda - 20120131
PCTools - 20120131
Prevx - 20120201
Rising - 20120118
Sophos - 20120131
SUPERAntiSpyware - 20120201
Symantec - 20120201
TheHacker - 20120131
TrendMicro - 20120131
TrendMicro-HouseCall - 20120201
VBA32 - 20120131
VIPRE - 20120201
ViRobot - 20120131
VirusBuster - 20120131

Comments
Additional information
No commentsMore comments Leave your comment…? Rich Text AreaToolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼
Remove Formatting

Post comment You have not signed in. Only registered users can leave comments, sign in and have a voice!
Sign in Join the community

An error occurred
ssdeep
98304:y67Ica4V0v7AtnltQezzqDyMfhV6Cz3JXuS8Ve:t7Lapv70nzQ+z6yMfhV66JLc
TrID
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

ExifTool
beCP…: z+LegalCopyright
SubsystemVersion…: 5.0
InitializedDataSize…: 1207296
ImageVersion…: 0.0
FileVersionNumber…: 2.0.0.17
UninitializedDataSize…: 0
LanguageCode…: English (U.S.)
FileFlagsMask…: 0x0017
CharacterSet…: Unicode
LinkerVersion…: 9.0
Tag62599148920100421105021: D
MIMEType…: application/octet-stream
FileVersion…: 2,0,0,17
TimeStamp…: 2010:04:21 19:35:57+01:00
FileType…: Win32 DLL
PEType…: PE32
beCPDynamicLinkLibrary…: j#ProductVersion
InternalName…:
FileDescription…: AdobeCP Dynamic Link Library
OSVersion…: 5.0
FileOS…: Win32
Subsystem…: Windows GUI
MachineType…: Intel 386 or later, and compatibles
CompanyName…: Adobe Systems Incorporated
CodeSize…: 2624512
yright2010AdobeSystemsIncorporated: @ OriginalFilename
FileSubtype…: 0
ProductVersionNumber…: 2.0.0.17
EntryPoint…: 0x175b1e
ObjectFileType…: Dynamic link library
beCPdll…: ZProductName

Sigcheck
publisher…: Adobe Systems Incorporated
product…: AdobeCP Dynamic Link Library
internal name…: AdobeCP
copyright…: Copyright 2010, Adobe Systems Incorporated
original name…: AdobeCP.dll
signing date…: 9:24 PM 4/21/2010
signers…: Adobe Systems Incorporated
VeriSign Class 3 Code Signing 2009-2 CA
Class 3 Public Primary Certification Authority
file version…: 2,0,0,17
description…: AdobeCP Dynamic Link Library

Portable Executable structural information
PE Sections…:

Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 2624444 2624512 6.96 e46f5b1744ba8cd905ecc2bbf14db178
.rdata 2629632 982716 983040 7.58 fbc094c5f879ddb284ba635a643b1ff2
.data 3612672 99084 79872 6.13 d1f04dc4fc6c5dffac9f1e4549d078c4
.data1 3715072 84 512 1.12 a49b501377b9b2e309bd743e0dafbfc8
.rsrc 3719168 1408 1536 4.40 430e76a3fab98b41e75b1d18673ca09b
.reloc 3723264 141944 142336 5.48 76fbf81cd61b7b9c2235ac3c291cd9cd

PE Imports…:

WINMM.dll
timeGetTime

KERNEL32.dll
WideCharToMultiByte, ReadFile, MultiByteToWideChar, GetLastError, CloseHandle, WaitForSingleObject, SetEvent, Sleep, CreateEventA, ResetEvent, CreateThread, SleepEx, QueueUserAPC, OpenThread, GetCurrentThreadId, WriteFile, GetCurrentThread, GetTickCount, GetTimeZoneInformation, DeleteCriticalSection, CreateMutexA, ReleaseMutex, CreateFileA, DeviceIoControl, GetSystemInfo, InterlockedDecrement, GetVersionExW, GetProcAddress, LoadLibraryA, InterlockedIncrement, InterlockedCompareExchange, InterlockedExchange, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapFree, HeapAlloc, GetSystemTimeAsFileTime, HeapReAlloc, GetCommandLineA, EnterCriticalSection, RtlUnwind, LCMapStringA, LCMapStringW, GetCPInfo, GetStringTypeW, GetModuleHandleW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetStdHandle, GetModuleFileNameA, HeapCreate, HeapDestroy, VirtualFree, VirtualAlloc, ExitProcess, HeapSize, GetACP, GetOEMCP, IsValidCodePage, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetCurrentProcessId, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, GetStringTypeA, GetLocaleInfoW, InitializeCriticalSectionAndSpinCount, FreeLibrary, GetModuleHandleA, SetFilePointer, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetProcessHeap, lstrlenA, LeaveCriticalSection, RaiseException, InitializeCriticalSection, SetEndOfFile, LoadLibraryW, GetModuleFileNameW, OutputDebugStringA

OLEAUT32.dll
-, -, -, -, -

ADVAPI32.dll
CryptExportKey, GetUserNameA, CryptReleaseContext, CryptAcquireContextA, CryptGenRandom, CryptImportKey, CryptEncrypt, CryptGenKey, CryptDestroyKey

ole32.dll
CoUninitialize, CoSetProxyBlanket, CoTaskMemFree, CoFreeUnusedLibraries, CoTaskMemAlloc, CoCreateInstance, CoInitialize

USER32.dll
GetCursorPos, GetForegroundWindow, BeginPaint, GetClientRect, GetWindowRect, EndPaint, SetRectEmpty, wsprintfA

PE Exports…:

A, d, o, b, e, C, P, G, e, t, A, P, I
First seen by VirusTotal
2012-02-01 00:40:12 UTC ( 1 minute ago )
Last seen by VirusTotal
2012-02-01 00:40:12 UTC ( 1 minute ago )
File names (max. 25)
1.adobecp-200489-1.dll

I now have file in virus chest for safety.

Any idea why this happened, if not virus?

Probably just a FP.
According to your VT results avast! doesn’t detect it (anymore).

I think you can safely put it back where it belongs now,

polonus