7 replies to this topic

[asotome]

Hi,

Few days ago I downloaded and updated my openoffice installation with the new version, 3.2, from www.openoffice.org and my Ad-Aware installation reports finding 2 instances of the trojan Trojan.Win32.Generic!BT when I'm running the Writer component. The first one in the file
c:\program files\openoffice.org 3\program\helplinkermi.dll
from the day I updated, that I quarantined without issues. But recently it also detects it in the file
c:\program files\openoffice.org 3\ure\bin\salhelper3msc.dll
that is a critical component and I can not quarantine.

I have attached the log file from today after reinstalling the openoffice with a new download from the "official" website. Could you check if this is a false positive (as some people say at the openoffice forum) or both files are actually infected?

Thank you!

Attached Files

•  Scan_2010_02_23_16_55_14.log   57.3K   0 downloads

[LS Anders]

Hello

Thank you for reporting this issue. Could I please ask you to zip and upload the 2 files being detected.

Regards
LS Anders

[asotome]

Sure. Here they go.

Btw, I scanned the rest of the system and I did not find anything else in any other file. And also I tested the checksum of the openoffice installation and it was the same as reported at the web site.

Regards,

asotome

Attached Files

•  Lavasoft.zip   75.32K   1 downloads

[LS Anders]

Hello

Thank you for uploading the files. We will re-investigate the files and if they are found to be false positives they will be removed from detection.

Regards
LS Anders

[WBEN]

I repeatedly get this trojan (Trojan.win32.Generic!BT) on two different computers and there seems to be no pattern as to when it shows up on either computer. Also the trojan appears in different directories. I do not run Open Office on either of these computers. Next time it happens I can send the file and the log if needed at the moment I can upload one log file from the computer I just found it on. I believe I always remove most files like this rather than quarantine. On either computer, have never noticed anything unusual in terms of performance or activity. Hope this helps determine whether this is valid or false positive.

Attached Files

•  scan_log_2_23_10.txt   38.64K   1 downloads

[LS Anders]

Hello Wben

If you are detecting files that you think are false positives could I please ask you to zip and upload those files along with log files to here.


Regards
LS Anders

[LS Anders]

Hello asotome

The Open Office files have now been removed from detection. please update your definitions.


Regards
LS Anders

[asotome]

Hello asotome

The Open Office files have now been removed from detection. please update your definitions.
Regards
LS Anders

Thanks a lot!

***

http://www.lavasofts...showtopic=28850

Edited by visitor, 13 March 2010 - 02:26 PM.
For reference, added link to a different Open Office false positive report