Win32:Delf-CDN [Trj] False Positive?

I use a program called FreeCap. It transparently redirects a program’s internet connections through a proxy server, presumably using a DLL injection technique. The last release of the program was over 6 months ago. I have been using this program for some time.

Today (11/01/06 - VPS Version 0645-0), Avast alerted me that the “inject.dll” in Freecap contains Win32:Delf-CDN [Trj]. I have been using this program for months and never got an error. The date modified on the file on the harddrive is from March. I went to the FreeCap website ( http://www.freecap.ru/eng/ ) to download the program again and to check its inject.dll against mine. The web module stopped me from downloading it since the .zip\inject.dll had the same virus.

Can someone please investigate this file and see if it really contains this trojan, and if it is really malicious? I have a feeling that a new virus definition has rendered a false positive on this file. Thanks.

Hi ariose,

Must be a FP, I scanned the program with DrWeb hyperlink scanner:
File size: 10778 bytes

?p=download#dl - archive HTML

?p=download#dl/javascript.0 - OK
?p=download#dl/javascript1.1.1 - OK
?p=download#dl/javascript1.2.2 - OK
?p=download#dl/javascript1.3.3 - OK
?p=download#dl/javascript.4 - OK
?p=download#dl - OK

Upload the file in question to jotti or virustotal and see what you get there.
There was a ting with a April ist joke of this program being bundled with spyware, apparently some took this serious,

polonus