Hello alltogeter,
I'm using Ad-Aware 8.2.0 and OpenOffice version 3.2 (de). Some days ago I couldn't open Open Office Base because Ad-Aware said the file hsqldb.dll is a trojan:
MSG [2740] 2010/03/10 17:58:38: C:\Programme\OpenOffice.org 3\program\hsqldb.dll (diagnosis: Malware family: Trojan-Downloader.Win32.Small accessed by: C:\Programme\OpenOffice.org 3\program\soffice.bin) => Block
MSG [0652] 2010/03/10 17:58:38: C:\Programme\OpenOffice.org 3\program\hsqldb.dll (diagnosis: Malware family: Trojan-Downloader.Win32.Small accessed by: C:\Programme\OpenOffice.org 3\program\soffice.bin) => Block
MSG [2412] 2010/03/10 17:58:38: C:\Programme\OpenOffice.org 3\program\hsqldb.dll (diagnosis: Malware family: Trojan-Downloader.Win32.Small accessed by: C:\Programme\OpenOffice.org 3\program\soffice.bin) => Block
MSG [3532] 2010/03/10 17:58:38: C:\Programme\OpenOffice.org 3\program\hsqldb.dll (diagnosis: Malware family: Trojan-Downloader.Win32.Small accessed by: C:\Programme\OpenOffice.org 3\program\soffice.bin) => Block
MSG [1664] 2010/03/10 18:00:58: C:\Programme\OpenOffice.org 3\program\hsqldb.dll (diagnosis: Malware family: Trojan-Downloader.Win32.Small accessed by: C:\Programme\OpenOffice.org 3\program\soffice.bin) => Block
MSG [3832] 2010/03/10 18:00:58: C:\Programme\OpenOffice.org 3\program\hsqldb.dll (diagnosis: Malware family: Trojan-Downloader.Win32.Small accessed by: C:\Programme\OpenOffice.org 3\program\soffice.bin) => Block
MSG [3124] 2010/03/10 18:00:58: C:\Programme\OpenOffice.org 3\program\hsqldb.dll (diagnosis: Malware family: Trojan-Downloader.Win32.Small accessed by: C:\Programme\OpenOffice.org 3\program\soffice.bin) => Block
MSG [2832] 2010/03/10 18:00:58: C:\Programme\OpenOffice.org 3\program\hsqldb.dll (diagnosis: Malware family: Trojan-Downloader.Win32.Small accessed by: C:\Programme\OpenOffice.org 3\program\soffice.bin) => Block
It was impossible for me to revert the block-action. I had to uninstall OpenOffice and install it again. Now same procedure:
MSG [3892] 2010/03/12 20:34:56: C:\Programme\OpenOffice.org 3\program\hsqldb.dll (diagnosis: Malware family: Trojan-Downloader.Win32.Small accessed by: C:\Programme\OpenOffice.org 3\program\soffice.bin) => Block
MSG [3480] 2010/03/12 20:34:56: C:\Programme\OpenOffice.org 3\program\hsqldb.dll (diagnosis: Malware family: Trojan-Downloader.Win32.Small accessed by: C:\Programme\OpenOffice.org 3\program\soffice.bin) => Block
MSG [0580] 2010/03/12 20:34:56: C:\Programme\OpenOffice.org 3\program\hsqldb.dll (diagnosis: Malware family: Trojan-Downloader.Win32.Small accessed by: C:\Programme\OpenOffice.org 3\program\soffice.bin) => Block
MSG [3128] 2010/03/12 20:34:56: C:\Programme\OpenOffice.org 3\program\hsqldb.dll (diagnosis: Malware family: Trojan-Downloader.Win32.Small accessed by: C:\Programme\OpenOffice.org 3\program\soffice.bin) => Block
I don't think hsqldb.dll is any malware, I don't find any information about such problems in the internet. May be there is any mistake about the patterns used ba Ad-Aware.
Question: How can I prevent Ad-Aware from doing the block-action? I can't find a possibility in german "Ad-Watch-Dateien" ("blockiert aktiv schädliche Dateien auf Ihrem System") to put some corresponding rule. Any hint?
kind regards
False positive "hsqldb.dll" Open Office 3.2 base trojan?
Started by
MrEd
, Mar 13 2010 01:41 PM
6 replies to this topic
#2
visitor
-
- Valued Member
-
- 2855 posts
Advanced Member
Posted 13 March 2010 - 02:26 PM
For reference, here's a different Open Office false positive which was fixed Feb 23:
http://www.lavasofts...showtopic=28674
http://www.lavasofts...showtopic=28674
Before posting, please read the pinned topics atop the forums or check the Lavasoft searchable FAQs.
Lavasoft Support for Plus/Pro paid licenses.
Help fight malware! Upload Suspicious Files to Lavasoft.
Malware removal assistance? Please read this first.
After following the instructions, open a new thread in the HijackThis Forum where you can copy/paste your HJT log.
Note: do not bump HJT threads by replying - volunteer security advisors help the 0 reply threads on a first-come, first-served basis.
Lavasoft Support for Plus/Pro paid licenses.
Help fight malware! Upload Suspicious Files to Lavasoft.
Malware removal assistance? Please read this first.
After following the instructions, open a new thread in the HijackThis Forum where you can copy/paste your HJT log.
Note: do not bump HJT threads by replying - volunteer security advisors help the 0 reply threads on a first-come, first-served basis.
#3
MrEd
-
- Members
-
- 3 posts
Newbie
Posted 13 March 2010 - 03:15 PM
For reference, here's a different Open Office false positive which was fixed Feb 23:
http://www.lavasofts...showtopic=28674
Thank You. I've read this message. Perhaps it's a similar case? (I don't know.)
#4
LS_Zoran
-
- Members
-
- 12 posts
Member
Posted 13 March 2010 - 04:59 PM
Thank you for reporting this, Malware Labs will look into it as soon as possible
Regards
Göran - LS Support
Regards
Göran - LS Support
#5
LS Pekka
-
- Members
-
- 452 posts
Advanced Member
Posted 14 March 2010 - 10:59 PM
Hi MrEd!
Using the German version of OpenOffice 3.2.0 OOO320m12 (Build:9483) and hsqldb.dll (3.2.9472.500 MD5: 5b3f720c747ab80abfcef2cee0c3290b , German) we were unable to reproduce the stated issue.
Would it be possible for you to update to the latest Ad-Aware definitions and perform a full scan of your system in order to see if the issue persists? If so, please attach the full scan-log and/or the detected file to your post (zip the file and password protect it with "infected").
Regards,
LS Pekka
Lavasoft Malware Labs
Using the German version of OpenOffice 3.2.0 OOO320m12 (Build:9483) and hsqldb.dll (3.2.9472.500 MD5: 5b3f720c747ab80abfcef2cee0c3290b , German) we were unable to reproduce the stated issue.
Would it be possible for you to update to the latest Ad-Aware definitions and perform a full scan of your system in order to see if the issue persists? If so, please attach the full scan-log and/or the detected file to your post (zip the file and password protect it with "infected").
Regards,
LS Pekka
Lavasoft Malware Labs
#6
MrEd
-
- Members
-
- 3 posts
Newbie
Posted 15 March 2010 - 12:20 PM
Hi MrEd!
Using the German version of OpenOffice 3.2.0 OOO320m12 (Build:9483) and hsqldb.dll (3.2.9472.500 MD5: 5b3f720c747ab80abfcef2cee0c3290b , German) we were unable to reproduce the stated issue.
Would it be possible for you to update to the latest Ad-Aware definitions and perform a full scan of your system in order to see if the issue persists? If so, please attach the full scan-log and/or the detected file to your post (zip the file and password protect it with "infected").
Regards,
LS Pekka
Lavasoft Malware Labs
Hello LS Pekka,
thank You so far. I performed a full scan and no problems were detected. The problem I told about was apparently caused by Ad-Watch every time at the moment I wanted to open some database table.
I tried to reproduce the problem but now - for the moment - everything works correctly. Nevertheless, I send You the full-scan-log and a copy of hsqldb.dll (fullscan.zip)
Regards,
MrEd
fullscan.zip 91.67K
1 downloads
#7
LS Pekka
-
- Members
-
- 452 posts
Advanced Member
Posted 16 March 2010 - 08:10 AM
Hello LS Pekka,
thank You so far. I performed a full scan and no problems were detected. The problem I told about was apparently caused by Ad-Watch every time at the moment I wanted to open some database table.
I tried to reproduce the problem but now - for the moment - everything works correctly. Nevertheless, I send You the full-scan-log and a copy of hsqldb.dll (fullscan.zip)
Regards,
MrEd
Hi MrEd!
Thank you for providing the scan-log and the copy of your "hsqldb.dll"
Please let us know if the problem reoccurs on your system.
Regards,
LS Pekka
Lavasoft Malware Labs
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
