AVG Anti-virus is reporting the file tmd5.dll as a Trojan horse Downloader.Generic6.AFAG.
Is anyone else getting this flagged up?
Giveaway of the Day Forums » General discussion
Trojan horse in Wondershare Photo Story Platinum?
(28 posts)
-
Posted 5 months ago #
-
Yes,me too - appeared yesterday for the first time with my AVG Scan .Item was quarantined.
Posted 5 months ago # -
trend micro internet security pro with the most up-to-date definitions reports it's clean.
Posted 5 months ago # -
I was very surprised to see this topic today. My weekly scan done last night with AntiVir found a trojan on the same file (tmd5.dll)! I thought it was a fluke since AntiVir has had so many false positives. (Main reason I have not bought it yet, hoping Comodo gets their act together soon.) But Sanityclause said AVG also found it so this leads me to think is it not a false alarm this time.
I find it strange that it didn't find anything on this file in previous weekly scans since the program has been on my system for 6 months. And also strange is when I click on the name of the Trojan to see the AntiVir details, it says it can't find it. The name of the Trojan on my scan is "TR/Dldr.Delf.dzr". I have quarantined the file so the program is probably disabled. This sure makes me lose confidence in this vendor and I have several programs from the same one.
Perhaps GAOTD could contact Wondershare to find out what may be happening?
I just realized this thread should be in the Virus section -- could a moderator please move all to it? Thanks!
Posted 5 months ago # -
Kaspersky did find this not before now, no previous check did find anything:
C:\Programme\Wondershare\Photo Story\tmd5.dll;
ist das Trojanische Programm Trojan-Downloader.Win32.Delf.dzr;26.01.2008 17:26:23C:\Programme\Wondershare\Photo Story\tmd5.dll;
Objekt wurde nicht desinfiziert, Desinfektion wurde verschoben;26.01.2008 17:26:23C:\Programme\Wondershare\Photo Story\gaotd WondersharePhotoStory\WondersharePhotoStory.zip;
ist das Trojanische Programm Trojan-Downloader.Win32.Delf.dzr; 26.01.2008 17:29:52C:\Programme\Wondershare\Photo Story\gaotd WondersharePhotoStory\WondersharePhotoStory.zip\Setup.exe;
Objekt wurde nicht desinfiziert, Desinfektion wurde verschoben; 26.01.2008 17:29:52C:\Programme\Wondershare\Photo Story\gaotd WondersharePhotoStory\WondersharePhotoStory.zip\Setup.exe;
ist das Trojanische Programm Trojan-Downloader.Win32.Delf.dzr; 26.01.2008 17:29:52
---------Sorry it's in German, but I think you'll understand it.
graylox
Posted 5 months ago # -
I don't understand, sorry :)
In the short way, does kaspersky reports this dll as a malware? Just yes or no...Kaspersky is a really reliable product, but frankly, I still doubt this dll is really a trojan horse.
My antivirus trendmicro doesn't report anything, nor does my firewall report any connection to the internet.
To me, there is nothing strange with photo story platinum. I for one even find it a really good software...Wait and see.
Posted 5 months ago # -
YES!
Trojan-Downloader.Win32.Delf.dzr and
tmd5.dllThese objects are waiting in quarantine for my advise, and I'm waiting in this forum for help.
graylox
Posted 5 months ago # -
Weird...
So I will be waiting with you for some help. :(Posted 5 months ago # -
In nothing flat : Bitdefender & A-Squared ===> Nothing !
But, "tmd5.dll" [2008.01.23] >>> 10/32 [31,25%] + !!!
<===> http://www.virustotal.com/fr/analisis/1c7507090d241e513ef90c49e49ca2e7@ FranckW : bonsoir mon cher Ami :-)
Posted 5 months ago # -
Hi,FranckW and Stef,
thou my French is even worth than my English, I think I understand what your link is saying.
I tried to scan on :but Mr. Kaspersky won't let me upload that file: he is always shouting "KILL - KILL - KILL". And that's what I'll do now. All those Wondershare progs are sitting on my HDD, eating MB and doing nothing. In all those months since the download, I never ever used them. I'm still using my "old" programs.
The BuBBies and all the other wise boys and girls seem to celebrate weekend. We should do the same...graylox
Posted 5 months ago # -
You should be able to turn off the on-access scanning to at least send the file to http://virusscan.jotti.org/
When a program after such a long period of time suddenly starts to appear as a suspected infection - my first reaction is a false positive (no offense to the AVG users, but when AVG complains, I am almost certain it is a false positive).
Please can somebody submit the file to jotti.org and also worth getting in touch with your vendor (eg AVG) find out how they like to be notified - usually a passworded zip file - and wait for notification of a false positive or not. (sometimes this can take a few days).
Just because you AV software says it is so - doesn't mean that it is. They can also each get a detection because they may share the definition of another unrelated virus that causes this file to appear similar.
Posted 5 months ago # | Login to Send PM -
Hi everybody et salut à toi, l'ami Stef :)
Here is the jotti result page. I'd like gotd managers to check out with wondershare what's going on here.File: tmd5.dll
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 7dd0011888b8501fb6eb6ffbaa33db64
Packers detected: -
Bit9 reports: High threat detectedScanner results
Scan taken on 27 Jan 2008 15:10:22 (GMT)
A-Squared Found nothing
AntiVir Found TR/Dldr.Delf.dzr
ArcaVir Found Trojan.Downloader.Delf.Dzr
Avast Found nothing
AVG Antivirus Found Downloader.Generic6.AFAG
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-Downloader.Win32.Delf.dzr
Fortinet Found W32/Delf.DZR!tr.dldr
Ikarus Found Trojan-Downloader.Win32.Delf.dzr
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Delf.dzr
NOD32 Found nothing
Norman Virus Control Found W32/Delf.BITX
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found Trojan-Downloader.Win32.Delf.dzrPosted 5 months ago # -
Next I would suggest submitting the file to the various AntiVirus sites that claim an infection "Delf", according to the various site policies - normally just involves zipping the file up with a password and emailing to a special email address. Each site is different. Usually - one site is sufficient (eg Kaspersky) as if they rule it as a false positive - then that should be enough - then to just get the other AV sites to update and remove the False Positives.
(BTW. Personally, I'm pleased NOD32 still has it's excellent rating of lowest false positives).
Posted 5 months ago # | Login to Send PM -
Sorry, I can not send those file to the Lab, have deleted the whole Wondershare folder and the backup files.
My confidence in Kaspersky got a break at that day in December :Virus Worm Win32 Huhk.c
http://forum.kaspersky.com/index.php?showtopic=55669I was one of those §%#& who deleted the explorer -"are you sure you want to-" "YES" . Hmmmm - oh wait, wait I didn't mean that, come back, pleeeeease come back...
Posted 5 months ago # -
Think of your antivirus / antispyware as "an advisor" who is blindly following some rules (A description and identikit photo) set up by a bunch of virus geeks who can get it wrong sometimes too (sometimes entirely by accident - they prepare the best description of the trojan they can - and then something else, that walks like a Delf, talks like a Delf, even looks like a Delf - but it is completely harmless shows up. These virus Geeks have to go back to the drawing board and rework that photo and describe Ol' Delf even better than they did before).
A message telling you "Virus detected" or "Trojan Detected" - is only a warning that begins the first step of a process to determine if the warning was correct or incorrect.
This one was OK for quite a while - then someone updated their signatures and they popped up everywhere - this "old faithful" file now has a trojan. My initial suspicion is that in updating the signature files (describing what Trojan "Delf" looks like) - they didn't make it quite specific enough, and the quite innocent, but extremely "delf-like" tmd5.dll now also matched the description.
Next step is to take tmd5.dll into the authorities so they can determine if it is the same Delf they described in their updates. If not, they will announce it is a false positive (false alarm) and release a more accurate description so tmd5.dll doesn't get arrested and hauled in for questioning again.
Posted 5 months ago # | Login to Send PM -
Thanks BuBBy, and good night or morning or what ever,
grayloxPosted 5 months ago # -
I sent the file to Kaspersky and they advised that it was a false positive
Posted 5 months ago # -
Jwkoda, thanks for the info !
Kasperski no longer reports it as a trojan ! :)Posted 5 months ago # -
I sent the file to Grisoft/AVG on 6th Feb.
No reply yet, and the latest update still flags it up.Posted 4 months ago # -
Instead of sending mail and requests to all anti-virus producers, I suggest to send 1 email to Wondershare and ask them to produce software that don’t come up with this kind of messages. I really wonder how this people develop. Don’t they use virus protection software?
Posted 1 month ago # -
The problem is with the AntiVirus developers not the software developers. There is no Virus present - it is because the description of what a virus looks like isn't stringent enough - so completely innocent programs get detected as having viruses.
Sometimes this can happen after a piece of software has been installed for months or years - an update of the installed AntiVirus program/definitions suddenly detects a previously safe program as having a suspected virus. Clearly the developer cannot predict the future changes made by the antivirus software.
Some AntiVirus programs are better than others, they have fewer of these false positives. The past track record, I have found that AVG is almost always one of the culprits detecting perfectly safe programs as a "detected virus" (which is really a "suspected" virus).
9 times out of 10 - a report of such a problem to the developer will result in them contacting the antivirus developer to retest and update their definitions, releasing a more "accurate" definition of what the "detected" virus really looks like, that doesn't include the false positive application code.
You need to remember - from the viewpoint of the AntiVirus developers - it is not always easy to accurately describe what a virus looks like, when there are so many variations and you cannot test against every available piece of software.
To date I have not seen a reported piece of software offered as a giveaway that has confirmed to be infected by any virus or trojan etc. In 100% of the cases so far the problem has ALWAYS been a problem/deficiency with the Antivirus program - and reporting to the developers the problem usually gets repaired with a subsequent AntiVirus definition update.
Posted 1 month ago # | Login to Send PM -
This is why I've removed AVG from my computer.. it had a way of taking over, had 4 items running in my Task Manager, was always running in the background, etc. I did not like that at all!
Posted 1 month ago # -
Any Antivirus that does real time detection/scanning will have one or more background processes running.
It's how well those processes have been written that determines how much you notice the antivirus. The perfect antivirus program you could install, and have it continue to detect at the highest levels - but you are left unaware of any impacts on performance on your computer usage. No major slowdowns, popups, or other interference getting in your way. In my opinion, unless there is a problem the Antivirus cannot handle - it should be invisible.
Posted 1 month ago # | Login to Send PM -
Indeed, there is a trojan in the installer. AVG detected it on both the standard installation and the Windows Vista "install this program with recommended settings". Oh, well. Also, in response to "copmom"'s post, the new AVG 8.0 isn't as bad as 7.5, it takes less of a toll on your system, and you never have more than two items in the Task Manager (avgtray.exe and avgscanx.exe are all).
Posted 1 month ago # -
I am not that knowledgable about these threats. Is this file safe or not?
Thanks
Posted 1 month ago # -
Wondershare Photo Story Virus detected 5/26/08
TrendMicro Internet Security Program Version: 16.10.1079; Engine Version: 8.710.1002; Pattern Version: 5.297.50; last updated May 26, 2008 detected the tmd5.dll as a trojan generic and quarantined it. OS Winxp Pro Sp3. This is not AVG and it shows found this file also to be a trojan virus. Please advise.
Posted 1 month ago # -
On this one, when I tried clicking on setup, my McAfee popped up a trojan message and wouldn't allow it to even proceed! Tried a couple of times, then figured if it's that hard to install, it's not meant to be. I'm happy with Microsoft's Photo Story 3 for Windows, that works great.
Posted 1 month ago # -
Folks i am at present using Wondershare Photo Story having downloaded it from GAOTD, none of my security programs indicated then, nor after scanning,that there was anything amiss?
Comodo Anti Virus
Comodo Anti Malware
Spycatcher Express
A-Squared Free
Ad-Aware
Rogue Remover
Panda Nano Scan
Sophos Anti Root
plus a few more, not a trace?Posted 1 month ago #
Reply
You must log in to post.