Win32:Apart-A [Wrm]

I got the following result for my last scanning:

C:\Documents and Settings.…\Temp_avast4_\unp24512\mchook9x.dll [L] Win32:Apart-A [Wrm] (0)
and
C:.…\System Safety Monitor 1.9.4.zip\SSM194-1.exe\mchook9x.dll [L] Win32:Apart-A [Wrm] (0)

I have already submitted the file to Alwil. Is it a false positive or not?

There are some information about the application here: http://maxcomputing.narod.ru/get.html?what=ssmalt and could be downloaded here.

Informations: The System Safety Monitor 1.9.4 is an application-firewalling tool (it is not a “firewall” in traditional understanding, so there shouldn’t be any conflicts with your network firewalls). SSM controls which programs are running on your computer and what they are doing. For example, SSM can prevent so called “DLL Injection”. Also, SSM will notify you whenever a program you want to start was modified. In addition, SSM can constantly check your registry and alert you, when an important modification was made.

Features

Allows you to control which programs and applications can be opened on your computer. Alerts you whenever a program, you want to run was modified.
Allows you to control calls to some OS functions which is used in “DLL Injection” and Keystroke logging utilities.
Prevents unauthorized code-injection activity, so no application will be allowed to use another legitimate one for malicious activity.
Allows you to control which programs are allowed to start other, and wich cannot be started by others. For example, you may allow your browser to be started only by Explorer.exe but not by any other untrusted application.
Offers a choice of two modes - User and Administrator. In Administrator mode you can set your preferences to control programs. Access to this mode can be protected with an encrypted password to prevent anyone changing your settings. In User mode no changes can be made to your settings.
Supervises changes to important registry keys when installing new programs.
Will block or alert on any attempt to change guarded registry keys.
Allows you to control which programs run at system startup.
Maintains a list of running applications and allows you to terminate any application immediately.
Allows you to block specific windows (including websites) from opening.
Can be set to run automatically on system startup.

pk, help me, I tried to send this file by FTP but it’s closed for me again. Could you open it? Is it better to send the file by another way? :-\

I’ve notice that Win32:Apart-A [Wrm] was included in VPS 0312-6, 13.01.2004.

That file I downloaded on December 22th so it won’t detected untill now when I run a full scanning. Is it a false alarm or not?

scan at trend http://housecall.trendmicro.com if you havent done so

I’m trying right now and I will post the results… :wink:

It is a false alarm indeed :-
Sorry for the troubles.

Scanning from trendmicro said the same, i.e., false alarm indeed…
I can go to my vacations in peace! 8)

see you at the end of febuary

Thanks Mac :wink: