virus total analize

system · December 1, 2008, 2:23am

I received this scan from virus total. Just one of these found a trojan. I would like an opinion, please.
Thanks
Elenir

Complete scanning result of “dmserver.dll”, processed in VirusTotal at 12/01/2008 03:15:41 (CET).

[ file data ]

name…: dmserver.dll
size…: 23552
md5…: 57edec2e5f59f0335e92f35184bc8631
sha1…: 80c6f2808d413ae6fa37f6fd4ada8dc160f99a0a
peid…: -

[ scan result ]
AhnLab-V3 2008.11.28.2/20081130 found nothing
AntiVir 7.9.0.36/20081130 found nothing
Authentium 5.1.0.4/20081130 found nothing
Avast 4.8.1281.0/20081129 found nothing
AVG 8.0.0.199/20081130 found nothing
BitDefender 7.2/20081201 found nothing
CAT-QuickHeal 10.00/20081129 found nothing
ClamAV 0.94.1/20081130 found nothing
DrWeb 4.44.0.09170/20081201 found nothing
eSafe 7.0.17.0/20081130 found nothing
eTrust-Vet 31.6.6234/20081128 found nothing
Ewido 4.0/20081130 found nothing
F-Prot 4.4.4.56/20081130 found nothing
F-Secure 8.0.14332.0/20081201 found nothing
Fortinet 3.117.0.0/20081130 found nothing
GData 19/20081201 found nothing
Ikarus T3.1.1.45.0/20081130 found nothing
K7AntiVirus 7.10.538/20081129 found nothing
Kaspersky 7.0.0.125/20081201 found nothing
McAfee 5450/20081130 found nothing
McAfee+Artemis 5450/20081130 found nothing
Microsoft 1.4104/20081201 found nothing
NOD32 3652/20081201 found nothing
Norman 5.80.02/20081128 found nothing
Panda 9.0.0.4/20081130 found nothing
PCTools 4.4.2.0/20081130 found nothing
Prevx1 V2/20081201 found nothing
Rising 21.05.62.00/20081130 found nothing
SecureWeb-Gateway 6.7.6/20081130 found [trojan.LooksLike.Patched]
Sophos 4.36.0/20081130 found nothing
Sunbelt 3.1.1832.2/20081127 found nothing
Symantec 10/20081201 found nothing
TheHacker 6.3.1.1.169/20081129 found nothing
TrendMicro 8.700.0.1004/20081128 found nothing
VBA32 3.12.8.9/20081130 found nothing
ViRobot 2008.11.29.1492/20081129 found nothing
VirusBuster 4.5.11.0/20081130 found nothing

RZPogi · December 1, 2008, 2:26am

it might be a false positive. try googling it if it’s malware.

If it’s malware, then send it in a zip file with password “infected” to virus@avast.com .

system · December 1, 2008, 7:25am

Please check the version number of your dmserver.dll to see if it is one of the 2 listed below.

File Version Description Publisher
dmserver.dll 2600.0.503.0 Logical Disk Manager service dll Microsoft
dmserver.dll 2600.2180.503.0 Logical Disk Manager service dll Microsoft

DavidR · December 1, 2008, 4:00pm

Try a forum search for dmserver and you will find many such topics that may be helpful.

Make sure that you have the latest avast version, 4.8.1296 and VPS version 081130-0.
When did avast detect it ?

system · December 2, 2008, 5:18am

Charley
Now the version of dmserver.dll in my system 32 is 2600.5512.503.0
The version 2600.2180.503.0 was detected by avast as a trojan

I have the latest version of avast 4.8.1296 but VPS is 081201.0. I update everyday.

Thanks
Elenir

system · December 2, 2008, 6:37am

According to Prevx, that should be a legitimate Microsoft file.

Microsoft Corp.; Logical Disk Manager service dll; 2600.5512.503.0.D

http://www.prevx.com/filenames/X932175800409666064-0/DMSERVER2EDLL.html

DavidR · December 2, 2008, 2:17pm

You can only confirm legitimacy if the MD5 of both files match (Prevx and source) otherwise the files are different (even though name might be the same), that could indicate, just a different version, right up to malware injected code.

So it isn’t possible to confirm the legitimacy on file name alone, unless it happens to be security signed (which would be invalidated if tampered with), unfortunately this file isn’t signed…

virus total analize

Announcements