mfc70u.dll seems to be a false positive. Please also look at:
http://virusscan.jotti.org/de/scanresult/a...4b13ed4b718d550
http://www.virustotal.com/de/analisis/06c4...a62d-1247842082
- kjz
Moderator edit to correct file name
Full Version: false positive, Win32TrojanDropperDelf?
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive False Postive Issues
Hi kjz1,
Thank you for reporting this! Our Malware Labs team will have a look at this ASAP.
It does appear to be a FP, so don't delete that file until they can look into this for you.
(Did you mean to say mfc70u.dll rather than mfc40u.dll or is there another one also being detected?)
mfc70u.dll is what you sent here.
Thank you for reporting this! Our Malware Labs team will have a look at this ASAP.
It does appear to be a FP, so don't delete that file until they can look into this for you.
(Did you mean to say mfc70u.dll rather than mfc40u.dll or is there another one also being detected?)
mfc70u.dll is what you sent here.
QUOTE(LS CalamityJane @ Jul 17 2009, 07:46 PM) 
(Did you mean to say mfc70u.dll rather than mfc40u.dll or is there another one also being detected?)
mfc70u.dll is what you sent here.
mfc70u.dll is what you sent here.
Yes, sorry, Ad-Aware found c:\windows\system32\mfc70u.dll
And URL for jotti is:
http://virusscan.jotti.org/de/scanresult/c...8d1804c2b0f4c94
- kjz
Thanks kjz1,
No problem. I just wanted to confirm it was the one file and not two
Being the weekend now in Sweden, it might be Monday before they get to this, so please hang on and don't delete that file meanwhile
No problem. I just wanted to confirm it was the one file and not two
Being the weekend now in Sweden, it might be Monday before they get to this, so please hang on and don't delete that file meanwhile
mfc70u.dll is being incorrectly detected
I am having the the same or similar problem.
I am pasting the log in here, as opposed to attaching it. I hope that's OK.
If not, let me know and I will attach it.
Thanks for your kind help.
========================================================
MSG [17488] 2009/07/17 08:24:54: Configure new scan with profile: full
MSG [17488] 2009/07/17 08:24:54: -> scanning critical objects
MSG [17488] 2009/07/17 08:24:54: -> scanning running processes
MSG [17488] 2009/07/17 08:24:54: -> scanning registry
MSG [17488] 2009/07/17 08:24:54: -> scanning lsp
MSG [17488] 2009/07/17 08:24:54: -> scanning ads
MSG [17488] 2009/07/17 08:24:54: -> scanning hosts file
MSG [17488] 2009/07/17 08:24:54: -> scanning mru objects
MSG [17488] 2009/07/17 08:24:54: -> scanning browser hijacks
MSG [17488] 2009/07/17 08:24:54: -> scanning cookies
MSG [17488] 2009/07/17 08:24:54: -> neutralizing rootkits
MSG [17488] 2009/07/17 08:24:54: -> use spyware heuristics
MSG [17488] 2009/07/17 08:24:54: -> scan archives
MSG [17488] 2009/07/17 08:24:54: -> file size limit = 20480 kB (0 = unlimited)
MSG [17488] 2009/07/17 08:24:54: -> scan file/path = C:\
MSG [17488] 2009/07/17 08:24:54: -> scan file/path = D:\
MSG [17488] 2009/07/17 08:24:54: -> scan file/path = K:\
MSG [12568] 2009/07/17 16:08:41: Scan was completed in 27827 seconds
MSG [12568] 2009/07/17 16:08:41: Objects processed: 735588, infections detected: 3
ERR [17488] 2009/07/17 17:31:57: SDKController::GetQuarantineList -> Not in idle state
ERR [17488] 2009/07/17 17:31:57: SDKController::GetWhiteList -> Not in idle state
ERR [17488] 2009/07/17 17:31:58: SDKController::GetDefinitonsFileVersion -> Not in idle state
ERR [17488] 2009/07/17 17:31:58: SDKController::GetLatestSuccessfulScanReport -> Not in idle state
MSG [11300] 2009/07/17 17:32:26: Remediating 3 infections
MSG [11300] 2009/07/17 17:32:27: Infections quarantined: 0, removed: 2, repaired: 0
MSG [11300] 2009/07/17 17:32:27: Infections ignored by remediation: 1 (0 whitelisted, 1 skipped).
MSG [17488] 2009/07/17 17:32:28: Dumping scan report:
>>> Logfile created: 7/17/2009 8:24:54
>>> Lavasoft Ad-Aware version: 8.0.7
>>> Extended engine version: 8.1
>>> User performing scan: (I removed my name)
>>>
>>> *********************** Definitions database information ***********************
>>> Lavasoft definition file: 149.7
>>> Extended engine definition file: 8.1
>>>
>>> ******************************** Scan results: *********************************
>>> Scan profile name: Full Scan (ID: full)
>>> Objects scanned: 735588
>>> Objects detected: 3
>>>
>>>
>>> Type Detected
>>> ==========================
>>> Processes.......: 0
>>> Registry entries: 0
>>> Hostfile entries: 0
>>> Files...........: 1
>>> Folders.........: 0
>>> LSPs............: 0
>>> Cookies.........: 2
>>> Browser hijacks.: 0
>>> MRU objects.....: 0
>>>
>>>
>>>
>>> Skipped items:
>>> Description: C:\WINDOWS\system32\mfc70u.dll Family Name: Win32.TrojanDropper.Delf Clean status: Success Item ID: 1238256 Family ID: 1385
>>>
>>> Removed items:
>>> Description: *real* Family Name: Cookies Clean status: Success Item ID: 408817 Family ID: 0
>>> Description: *realmedia* Family Name: Cookies Clean status: Success Item ID: 409139 Family ID: 0
>>>
>>> Scan and cleaning complete: Finished correctly after 27827 seconds
>>>
>>> *********************************** Settings ***********************************
>>>
>>> Scan profile:
>>> ID: full, enabled:1, value: Full Scan
>>> ID: scancriticalareas, enabled:1, value: true
>>> ID: scanrunningapps, enabled:1, value: true
>>> ID: scanregistry, enabled:1, value: true
>>> ID: scanlsp, enabled:1, value: true
>>> ID: scanads, enabled:1, value: true
>>> ID: scanhostsfile, enabled:1, value: true
>>> ID: scanmru, enabled:1, value: true
>>> ID: scanbrowserhijacks, enabled:1, value: true
>>> ID: scantrackingcookies, enabled:1, value: true
>>> ID: closebrowsers, enabled:1, value: false
>>> ID: folderstoscan, enabled:1, value: C:\,D:\,K:\
>>> ID: usespywareheuristics, enabled:1, value: true
>>> ID: extendedengine, enabled:0, value: true
>>> ID: useheuristics, enabled:0, value: true
>>> ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
>>> ID: filescanningoptions, enabled:1
>>> ID: scanrootkits, enabled:1, value: true
>>> ID: archives, enabled:1, value: true
>>> ID: onlyexecutables, enabled:1, value: false
>>> ID: skiplargerthan, enabled:1, value: 20480
>>>
>>> Scan global:
>>> ID: global, enabled:1
>>> ID: addtocontextmenu, enabled:1, value: true
>>> ID: playsoundoninfection, enabled:1, value: false
>>> ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
>>>
>>> Scheduled scan settings:
>>> <Empty>
===============================================
If you need more of the log than this, let me know.
===============================================
I am pasting the log in here, as opposed to attaching it. I hope that's OK.
If not, let me know and I will attach it.
Thanks for your kind help.
========================================================
MSG [17488] 2009/07/17 08:24:54: Configure new scan with profile: full
MSG [17488] 2009/07/17 08:24:54: -> scanning critical objects
MSG [17488] 2009/07/17 08:24:54: -> scanning running processes
MSG [17488] 2009/07/17 08:24:54: -> scanning registry
MSG [17488] 2009/07/17 08:24:54: -> scanning lsp
MSG [17488] 2009/07/17 08:24:54: -> scanning ads
MSG [17488] 2009/07/17 08:24:54: -> scanning hosts file
MSG [17488] 2009/07/17 08:24:54: -> scanning mru objects
MSG [17488] 2009/07/17 08:24:54: -> scanning browser hijacks
MSG [17488] 2009/07/17 08:24:54: -> scanning cookies
MSG [17488] 2009/07/17 08:24:54: -> neutralizing rootkits
MSG [17488] 2009/07/17 08:24:54: -> use spyware heuristics
MSG [17488] 2009/07/17 08:24:54: -> scan archives
MSG [17488] 2009/07/17 08:24:54: -> file size limit = 20480 kB (0 = unlimited)
MSG [17488] 2009/07/17 08:24:54: -> scan file/path = C:\
MSG [17488] 2009/07/17 08:24:54: -> scan file/path = D:\
MSG [17488] 2009/07/17 08:24:54: -> scan file/path = K:\
MSG [12568] 2009/07/17 16:08:41: Scan was completed in 27827 seconds
MSG [12568] 2009/07/17 16:08:41: Objects processed: 735588, infections detected: 3
ERR [17488] 2009/07/17 17:31:57: SDKController::GetQuarantineList -> Not in idle state
ERR [17488] 2009/07/17 17:31:57: SDKController::GetWhiteList -> Not in idle state
ERR [17488] 2009/07/17 17:31:58: SDKController::GetDefinitonsFileVersion -> Not in idle state
ERR [17488] 2009/07/17 17:31:58: SDKController::GetLatestSuccessfulScanReport -> Not in idle state
MSG [11300] 2009/07/17 17:32:26: Remediating 3 infections
MSG [11300] 2009/07/17 17:32:27: Infections quarantined: 0, removed: 2, repaired: 0
MSG [11300] 2009/07/17 17:32:27: Infections ignored by remediation: 1 (0 whitelisted, 1 skipped).
MSG [17488] 2009/07/17 17:32:28: Dumping scan report:
>>> Logfile created: 7/17/2009 8:24:54
>>> Lavasoft Ad-Aware version: 8.0.7
>>> Extended engine version: 8.1
>>> User performing scan: (I removed my name)
>>>
>>> *********************** Definitions database information ***********************
>>> Lavasoft definition file: 149.7
>>> Extended engine definition file: 8.1
>>>
>>> ******************************** Scan results: *********************************
>>> Scan profile name: Full Scan (ID: full)
>>> Objects scanned: 735588
>>> Objects detected: 3
>>>
>>>
>>> Type Detected
>>> ==========================
>>> Processes.......: 0
>>> Registry entries: 0
>>> Hostfile entries: 0
>>> Files...........: 1
>>> Folders.........: 0
>>> LSPs............: 0
>>> Cookies.........: 2
>>> Browser hijacks.: 0
>>> MRU objects.....: 0
>>>
>>>
>>>
>>> Skipped items:
>>> Description: C:\WINDOWS\system32\mfc70u.dll Family Name: Win32.TrojanDropper.Delf Clean status: Success Item ID: 1238256 Family ID: 1385
>>>
>>> Removed items:
>>> Description: *real* Family Name: Cookies Clean status: Success Item ID: 408817 Family ID: 0
>>> Description: *realmedia* Family Name: Cookies Clean status: Success Item ID: 409139 Family ID: 0
>>>
>>> Scan and cleaning complete: Finished correctly after 27827 seconds
>>>
>>> *********************************** Settings ***********************************
>>>
>>> Scan profile:
>>> ID: full, enabled:1, value: Full Scan
>>> ID: scancriticalareas, enabled:1, value: true
>>> ID: scanrunningapps, enabled:1, value: true
>>> ID: scanregistry, enabled:1, value: true
>>> ID: scanlsp, enabled:1, value: true
>>> ID: scanads, enabled:1, value: true
>>> ID: scanhostsfile, enabled:1, value: true
>>> ID: scanmru, enabled:1, value: true
>>> ID: scanbrowserhijacks, enabled:1, value: true
>>> ID: scantrackingcookies, enabled:1, value: true
>>> ID: closebrowsers, enabled:1, value: false
>>> ID: folderstoscan, enabled:1, value: C:\,D:\,K:\
>>> ID: usespywareheuristics, enabled:1, value: true
>>> ID: extendedengine, enabled:0, value: true
>>> ID: useheuristics, enabled:0, value: true
>>> ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
>>> ID: filescanningoptions, enabled:1
>>> ID: scanrootkits, enabled:1, value: true
>>> ID: archives, enabled:1, value: true
>>> ID: onlyexecutables, enabled:1, value: false
>>> ID: skiplargerthan, enabled:1, value: 20480
>>>
>>> Scan global:
>>> ID: global, enabled:1
>>> ID: addtocontextmenu, enabled:1, value: true
>>> ID: playsoundoninfection, enabled:1, value: false
>>> ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
>>>
>>> Scheduled scan settings:
>>> <Empty>
===============================================
If you need more of the log than this, let me know.
===============================================
Hi Guys,
This is definitely a false detection. Please do not delete or quarantine the file.
This is definitely a false detection. Please do not delete or quarantine the file.
Hi everyone,
Thanks for posting. This detection was a false positive and has been fixed in update 0149.0008 - please update Ad-Aware to get the latest definition file.
Regards,
Andy
Lavasoft Malware Labs
Thanks for posting. This detection was a false positive and has been fixed in update 0149.0008 - please update Ad-Aware to get the latest definition file.
Regards,
Andy
Lavasoft Malware Labs
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.