[vlc] Problem

Ryan Spinuzzi rspinuz at gmail.com
Thu Apr 23 20:25:19 CEST 2009 

I ran a check with spyware terminator with the clam anti-virus and it said I
have a TDSS-128 Trojan in the uninstaller.exe of VLC.  Here is the scan
report.

Logfile of Spyware Terminator v2.5.6.316 (db:3.004.023.000)
Scan Time: 4/23/2009 10:29:57 AM  length: 1458 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Full_Virus__Spyware_Scan
Scanned Objects: 57451 (Critical:1)
Filter: No System items, No Safe items, No Invalid items

Running Processes
smax4pnp.exe [Analog Devices, Inc.] : C:\Program Files\Analog
Devices\Core\smax4pnp.exe

Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO
02 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} -  [Sun Microsystems, Inc.] :
C:\Program Files\Java\jre6\bin\jp2ssv.dll
02 - BHO: JQSIEStartDetectorImpl Class -
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} -  [Sun Microsystems, Inc.] :
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

StartUps
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SoundMAXPnP :
[Analog Devices, Inc.] : C:\Program Files\Analog Devices\Core\smax4pnp.exe
04 - HKLM\System\CurrentControlSet\Control\Session Manager, BootExecute :
[UltraDefrag Development Team] : C:\WINDOWS\system32\defrag_native.exe

Services
23 - [Intel Corporation] : C:\WINDOWS\system32\DRIVERS\e100b325.sys
23 - [Intel Corporation] : C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23 - [Creative Technology Ltd.] : C:\WINDOWS\system32\drivers\senfilt.sys
23 - [Analog Devices, Inc.] : C:\WINDOWS\system32\drivers\smwdm.sys
23 - [Crawler.com] : C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui,
DLLName :  [Intel Corporation] : C:\WINDOWS\system32\igfxdev.dll

Threat Files
<TDSS-128> : C:\Program Files\VideoLAN\VLC\uninstall.exe
<Trojan.TDSS-128> : C:\Program Files\VideoLAN\VLC\uninstall.exe

Advanced Files Report
%SYSDIR%\lameACM.acm [http://www.mp3dev.org/] [Lame MP3 codec]
MD5=22722B4E887BB95AB071542DE5A42C80 SIZE=839680
%SYSDIR%\hccutils.DLL [Intel Corporation] [Intel(R) Common User Interface]
MD5=CF833AC004268E1C3C4BF543656200A9 SIZE=73728
%SYSDIR%\igfxsrvc.dll [Intel Corporation] [Intel(R) Common User Interface]
MD5=25A2C1F0A75AB0B6508784220D1B102C SIZE=57344
%SYSDIR%\igfxres.dll [Intel Corporation] [Intel(R) Common User Interface]
MD5=41B2B21ABE8D2029AFE0F6194E0A8BBA SIZE=135168
%PROGRAMFILES%\Analog Devices\Core\SMWDMIF.dll [Analog Devices, Inc.] [Audio
Driver Interface Module] MD5=17CC0A9B3ABB69ED96D1EEB8117DF856 SIZE=286720
%SYSDIR%\EDCrypt.DLL [Analog Devices Incorporated]
MD5=B9D2D59FF389A8C824308A08665C97F2 SIZE=311296
deskpan.dll
%SYSDIR%\igfxdev.dll [Intel Corporation] [Intel(R) Common User Interface]
MD5=09DC1F2A2293E5536FE31D23AF3E8C05 SIZE=135168
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\DRIVERS\e100b325.sys [Intel Corporation] [Intel(R) PRO/100 Adapter]
MD5=7D91DC6342248369F94D6EBA0CF42E99 SIZE=154112
%SYSDIR%\DRIVERS\ialmnt5.sys [Intel Corporation] [Intel Graphics Accelerator
Drivers for Windows NT(R)] MD5=9A883C3C4D91292C0D09DE7C728E781C SIZE=1302332
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\svchost -k rpcss
%SYSDIR%\drivers\senfilt.sys [Creative Technology Ltd.]
MD5=B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 SIZE=732928
%SYSDIR%\drivers\smwdm.sys [Analog Devices, Inc.] [SoundMAX Digital Audio
Driver] MD5=C6D9959E493682F872A639B6EC1B4A08 SIZE=260352
%SYSDIR%\drivers\sp_rsdrv2.sys [Crawler.com] [Spyware Terminator]
MD5=8831252BCF05FCFB5ABD116A22E552D8 SIZE=142592

End of Report

My VLC Version is 0.9.9 Grishenko  It was compiled by jb at sasmira.jbkempf.com
This is for windows i386.

My question is is this a false positive, Why did I get this, so on and so
forth?  Also if it makes a difference I downloaded directly from
videolan.org
Please follow up with me on this so that I know what is going on.

Thank You for your help.

Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc/attachments/20090423/30917f74/attachment.html>

More information about the vlc mailing list