Re: False postive on portable Wireshark v1.8.0's msvcp100.dll in Windows XP Pro. SP3?

[Ant <ant () zimage com>]

On Fri, Jun 22, 2012 at 09:02:52AM -0700, Gerald Combs wrote:

> > Is anyone getting msvcp100.dll as a possible malware infection with the 
> > updated ClamAV and SuperAntiSpyware? I am using the extracted portable 
> > version in my old, updated Windows XP Pro. SP3 machine.
> >
> > http://virusscan.jotti.org/en/scanresult/221a9ca9c452deef28f7acb79a34663564f3c56d 
> > (ClamAV; PUA.Win32.Packer.Upx-57) and Adware.Vundo/Variant-MSFake (SAS)
>
> Is there a way to find out what ClamAV database version Jotti's Malware
> Scan is using? ClamWin 0.97.4 + main 54 + daily 15069 says it's clean.
> VirusTotal says it's clean as well:
>
> https://www.virustotal.com/file/193758db483f6a420b00627ba60ec9c77069c2b5295c1df511d07a1ffd5f7d3a/analysis/1340378908/

I can't find any support or details. I only get its 6/22/2012 date.

SuperAntiSpyware still thinks it is an "Adware.Vundo/Variant-MSFake" 
right now on my updated 64-bit W7 HPE machine. :(

Do I assume this is a false positive?
-- 
Quote of the Week: "We're all ants. I'm a glittery little ant." --Alanis Morissette
  /\___/\                Ant @ http://antfarm.ma.cx (Personal Web Site)
 / /\ /\ \                 Ant's Quality Foraged Links: http://aqfl.net
| |o   o| |                 E-mail: philpi () earthlink net/ant () zimage com
   \ _ /              If crediting, then please kindly use Ant nickname
    ( )                                              and AQFL URL/link.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe