New possible FP borllndmm.dll (+ second problem) - Mischel Internet Security Forum

Jobs | About | Blog | Contact

Download TrojanHunter Now
Free 30-day trial!

Latest TrojanHunter Version:
TrojanHunter 5.0

Order Now
License file delivered within minutes.

Welcome, Guest. Please Login or Register.

Aug 8^th, 2008, 1:37pm

   Mischel Internet Security Forum
   TrojanHunter
   TrojanHunter Guard (Moderators: Helena, Gavin_Coe, Magnus)
   New possible FP borllndmm.dll (+ second problem)

« Previous topic | Next topic »

Pages: 1

Notify of replies

Send Topic

Author

Topic: New possible FP borllndmm.dll (+ second problem) (Read 532 times)

zoril
Newbie

Posts: 4

New possible FP borllndmm.dll (+ second problem)
« on: May 28^th, 2007, 7:09am »

Quote

Modify

Hi there

My derfinitions re TH are up to date - I updated yesterday. TH Guard is identifying the file borldnmm.dll as being a memory Trojan (Adware.delf.106). This file is is a part of Cyberscrub Professional Suite. It is a program that I have used for a long time without any problems...

Without removing the file I carried out a full scan with TH which showed nothing amiss. I also carried out a scan with my other security appliances. All showed everything to be fine. As a precaution I submitted the file to virus Total Scan. A multiple scan there showed no problems.

Having read your forum messages I noticed that earlier someone else experienced a similar situation with East Tech Eraser which would appear to have been a FP. Both these products are very similar and even look alike...

As a temporary measure I added the file to the TH exclusion list as TH Guard kept sending a message every few seconds. The only other alternative was to disable TH Guard.

My second problem also occured today for the first time. I am mentioning the problem in this thread as it may also relate again to the most recent updated definitions. TH attempts to "modify settings" bringing up a massive number of queries from a program I use Process Guard refusing the modifications. As a temporary fix I renamed the file thsec.dll. This resolved the problem in the short term.

I believe that this may mean that TH is not protected from being shutdown by a malicious application. However Process Guard does this anyway, as I have programmed it to prevent unofficial shutdown of TH along with other important apps.

Neither of the above problems occured prior to my last update of definitions yesterday.

I look forward to your reply.

« Last Edit: May 28^th, 2007, 7:13am by zoril »

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 5576

Re: New possible FP borllndmm.dll (+ second proble
« Reply #1 on: May 28^th, 2007, 10:39am »

Quote

Modify

Welcome to the forum zoril, Cheesy

Sorry for the false positive with Delf.106. Please update your rulesets again and see if Gavin's fix worked on borldnmm.dll. He just released a new update. Please let us know if it fixed it.

As for the ProcessGuard/THGuard issue, I use to use ProcessGuard and gave THG and TH scanner full rights to modify, etc., PG protected programs. I don't use PG anymore because it is not Vista compatible and is a dead program for further upgrades. THGuard injects code into other programs in memory for self protection. It needs the ability to do this if you want THG to be self protected.

« Last Edit: May 28^th, 2007, 10:39am by siliconman01 »

IP Logged

______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!

zoril
Newbie

Posts: 4

Re: New possible FP borllndmm.dll (+ second proble
« Reply #2 on: May 29^th, 2007, 7:36am »

Quote

Modify

Hi there

Many thanks for the prompt reply. I am very pleased to say that the borlndmm issue has been resolved since downloading the latest definitions today...

If I can't use Process Guard with Vista in the future I will need to find another hips program for when I upgrade shortly from Win XP.

The other program that I currently use is Reg Defend (Ghost Security Suite). Out of curiosity Is there any program that you recommend that I might try out that serves a similar function to Process Guard and that perhaps you are using at the moment?

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 5576

Re: New possible FP borllndmm.dll (+ second proble
« Reply #3 on: May 29^th, 2007, 8:15am »

Quote

Modify

Glad the false positive issue is resolved.

As for as another HIPS program to replace ProcessGuard, I had switched to System Safety Monitor. However, it is not quite Vista compatible at the moment. The developers are actively working on a new release to make it compatible to Vista. I expect a release very soon that will work with Vista. It does the work of PG and RegDefend. I gave up on Ghost Security after waiting more than 16 months for a promised release from beta 1.1.

I was actively using SSM until my new Dell XPS 410 came in with Vista Premium mid last month.

IP Logged

______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!

zoril
Newbie

Posts: 4

Re: New possible FP borllndmm.dll (+ second proble
« Reply #4 on: May 30^th, 2007, 4:28am »

Quote

Modify

Many thanks again for the reply. I have downloaded SSM to try it out.

Are you using the freeware or shareware version and is there much difference between the two?

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 5576

Re: New possible FP borllndmm.dll (+ second proble
« Reply #5 on: May 30^th, 2007, 5:15am »

Quote

Modify

I use the licensed version. I'm not sure what the differences are between the free and the licensed versions. The user forum should be able to answer your questions.

http://www.syssafety.com/forum/

I recommend that you trial the beta build 618 because it is the latest and greatest. It's called a beta only because some issues still remain with Vista...which should not affect you on your XP system.

IP Logged

______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!