Hi,

This is another posting regarding the win32.trojan-dropper.delf virus that Ad-Aware found yesterday that has been determined to be a false positive in these postings. I ran the scan and deleted it immediately, then I started having problems. Both itunes and Picassa will not start normallly on two Windows Vista PCs where I deleted the file. The error I get when I try launching the programs is "Application failed to start because pthreadVC2@.dll was not found." I've tried reinstalling both programs and they still have that horrible error. I also tried adding back the file that was suggested in another posting for Macromedia Flash--but that didn't help either. Is there anyway to get the file that I deleted back? I am wondering if it's related to my deletion of the win32.trojan-dropper-delf item I deleted. Unfortunately, I didn't set a restore point. Has anyone else had this issue? On June 24, I removed the win.32.trojan.agent file that was considered a false positive as well--but didn't have any operational issues until this other recent removal. I've attached the log file....I hope someone can help!

Thanks in advance~!

Hi--I posted this subject in False Positives category but I may have put it in the wrong subject and hoping that someone in this forum can help. This is another posting regarding the win32.trojan-dropper.delf virus that my Ad-Aware 2008 found yesterday that has been determined to be a false positive in other postings. I ran the scan and deleted it immediately, then I started having problems. itunes, Quicktime and Picasa will not start on two Windows Vista PCs where I deleted the file. The error I get when I try launching the programs is "Application failed to start because pthreadVC2@.dll was not found." I've tried reinstalling both programs and they still have that horrible error. I also tried adding back the file that was suggested in another posting for Macromedia Flash--but that didn't help either. Is there anyway to get the file that I deleted back? I am wondering if it's related to my deletion of the win32.trojan-dropper-delf item I deleted. Unfortunately, I didn't set a restore point. Has anyone else had this issue? On June 24, I removed the win.32.trojan.agent file that was considered a false positive as well--but didn't have any operational issues until this other recent removal. The log file I attached in the False Positive forum was for the wrong scan--and since I use the free version, I can't go back to get the older file.

Thanks in advance~!

Hi!

The win32.trojan-dropper.delf object that you refer to in the previous threads was associated with the iTunesIco.exe that is used at the installation of iTunes. The iTunesIco.exe has been removed from detection. One version of the pthreadVC2@.dll file is published by CyberLink Corp and is mainly associated to their PowerDVD application and it is not installed by iTunes or Picasa. There are many variants of pthreadVC2@.dll and some of them may be malware files. Installing PowerDVD8 also installs the mentioned dll file. PowerDVD8 is available at: http://www.cyberlink.com/multi/download/trials_1_ENU.html

The pthreadVC2@.dll file, nor other files installed by PowerDVD8, was not detected by Ad-Aware 2008 when tested.

According to the attached log file there are no win32.trojan-dropper.delf objects detected, only 24 cookie files:

********************************************************************************
***********

Scan Statistics
===========================
Method: Smart
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off

Item Scanned: 205490Infections Detected: 24
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 0 0
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 24 24
File Hash Scan..: 0 0

Infections Found
===========================
Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3
Item Id: 600000144 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\AppData\Roaming\Microsoft\Windows\Cookies\index.dat doubleclick.net id /
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2o7.net s_vi_mcx60ocaox7Cx7Dhx7Fg /
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2o7.net s_vi_gijupe /
Item Id: 600000295 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\AppData\Roaming\Microsoft\Windows\Cookies\index.dat glb.adtechus.com JEB2 /
Item Id: 600000187 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\AppData\Roaming\Microsoft\Windows\Cookies\index.dat advertising.com ACID /
Item Id: 600000187 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\AppData\Roaming\Microsoft\Windows\Cookies\index.dat advertising.com BASE /
Item Id: 600000187 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\AppData\Roaming\Microsoft\Windows\Cookies\index.dat advertising.com ROLL /
Item Id: 600000187 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\AppData\Roaming\Microsoft\Windows\Cookies\index.dat advertising.com F1 /
Item Id: 600000068 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\AppData\Roaming\Microsoft\Windows\Cookies\index.dat statse.webtrendslive.com ACOOKIE /
Item Id: 600000513 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\AppData\Roaming\Microsoft\Windows\Cookies\index.dat adbrite.com Apache /
Item Id: 600000513 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\AppData\Roaming\Microsoft\Windows\Cookies\index.dat adbrite.com usd /
Item Id: 600000513 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\AppData\Roaming\Microsoft\Windows\Cookies\index.dat adbrite.com b /
Item Id: 600000144 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\Cookies\index.dat doubleclick.net id /
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\Cookies\index.dat 2o7.net s_vi_mcx60ocaox7Cx7Dhx7Fg /
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\Cookies\index.dat 2o7.net s_vi_gijupe /
Item Id: 600000295 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\Cookies\index.dat glb.adtechus.com JEB2 /
Item Id: 600000187 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\Cookies\index.dat advertising.com ACID /
Item Id: 600000187 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\Cookies\index.dat advertising.com BASE /
Item Id: 600000187 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\Cookies\index.dat advertising.com ROLL /
Item Id: 600000187 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\Cookies\index.dat advertising.com F1 /
Item Id: 600000068 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\Cookies\index.dat statse.webtrendslive.com ACOOKIE /
Item Id: 600000513 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\Cookies\index.dat adbrite.com Apache /
Item Id: 600000513 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\Cookies\index.dat adbrite.com usd /
Item Id: 600000513 Value: Browser: Internet Explorer Cookie: C:\Users\Sagie\Cookies\index.dat adbrite.com b /

********************************************************************************
***********

No objects were detected as malicious when running a test scan with Ad-Aware 2008 (using 0102.0000 definitions) with both iTunes and Picasa installed, downloaded from the following locations:
http://www.apple.com/itunes/download/ and http://picasa.google.com/download/thanks.html

The iTunes and Picasa applications may be downloaded from the locations mentioned. The file iTunesIco.exe seems to be a iTunes installer file that is used only at the installation of iTunes (C:\WINDOWS\Installer\{EF6C4600-306D-4F6A-A119-C2A877D25B4A}\iTunesIco.exe)

In order to let Ad-Aware 2008 quarantine objects before removal users may choose to press the Quarantine button instead of the Remove button at the Scan Results window. This way the quarantined item may be restored later if the user so chooses. The restore is done by pressing the Scan button, choosing Qarantine & Ignore, ticking the box in front of the quarantined object in the list and then pressing the Restore button.

In order to configure the auto scan to quarantine detected objects prior the removal it may be done in the following manner:

Press the settings button and then the Auto Scans tab. Then tick the radio button in front of "Quarantine objects prior to removal". Then press the Save button to save the settings.

Regards,

LS Pekka

Lavasoft Research

Thank you so much for the info, LS Pekka. I ended up removing iTunes, Quicktime and Apple udpater completely (including files left behind after uninstalling the programs--but not the music files) on my Vista machine and I was able to load a new version and get it started fine. Whew!

I found that other pthreadVC2.dll file used by PowerDVD also. But Picasa still doesn't start even after uninstalling completely and reinstalling multiple times. I still get the same error. No worries--I still believe in Adaware.

Thanks!

GA