Worm in msvcr80.dll?
in [Win32 Kernel]
|
From: ntman on 5 Dec 2009 11:58 Hi, Er (sheepish) how do I calculate the MD5 hash please? John. "blule" wrote: > The MD5 hash value of msvcr80.dll(8.00.50727.762) on my system is e4fece18310e23b1d8fee993e35e7a6f, is it same as yours? > > > "ntman" <ntman(a)discussions.microsoft.com> wrote: > >> > An anti-spyware program I use has reported a worm (w32worm.ircbot.60416.6) in > >> > a particular version of msvcr80.dll (8.0.50727.762). > > . >
From: Tom Walker on 5 Dec 2009 18:58 "ntman" <ntman(a)discussions.microsoft.com> wrote in message news:699D6B64-E427-4A80-8F11-F53D0B46E7E1(a)microsoft.com... > Hi, > > Er (sheepish) how do I calculate the MD5 hash please? > > John. You can use the SysInternals SigCheck tool: http://technet.microsoft.com/en-us/sysinternals/bb897441.aspx
From: blule on 6 Dec 2009 00:38 E:\WINDOWXP\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b 128700>sigcheck -h . sigcheck v1.60 - sigcheck Copyright (C) 2004-2009 Mark Russinovich Sysinternals - www.sysinternals.com E:\WINDOWXP\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b 128700\msvcm80.dll: Verified: Unsigned File date: 22:54 2006-12-1 Strong Name: Signed Publisher: Microsoft Corporation Description: Microsoft?C Runtime Library Product: Microsoft?Visual Studio?2005 Version: 8.00.50727.762 File version: 8.00.50727.762 MD5: cae6861b19a2a7e5d42fefc4dfdf5ccf SHA1: 609b81fbd3acda8c56e2663eda80bfafc9480991 SHA256: c4c8c2d251b90d77d1ac75cbd39c3f0b18fc170d5a95d1c13a0266f7260b479d E:\WINDOWXP\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b 128700\msvcp80.dll: Verified: Unsigned File date: 22:54 2006-12-1 Strong Name: Unsigned Publisher: Microsoft Corporation Description: Microsoft?C++ Runtime Library Product: Microsoft?Visual Studio?2005 Version: 8.00.50727.762 File version: 8.00.50727.762 MD5: 4c8a880eabc0b4d462cc4b2472116ea1 SHA1: d0a27f553c0fe0e507c7df079485b601d5b592e6 SHA256: 2026f3c4f830dff6883b88e2647272a52a132f25eb42c0d423e36b3f65a94d08 E:\WINDOWXP\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b 128700\msvcr80.dll: Verified: Unsigned File date: 22:54 2006-12-1 Strong Name: Unsigned Publisher: Microsoft Corporation Description: Microsoft?C Runtime Library Product: Microsoft?Visual Studio?2005 Version: 8.00.50727.762 File version: 8.00.50727.762 MD5: e4fece18310e23b1d8fee993e35e7a6f SHA1: 9fd3a7f0522d36c2bf0e64fc510c6eea3603b564 SHA256: 02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9 E:\WINDOWXP\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b 128700\sigcheck.exe: Verified: Signed Signing date: 8:22 2009-2-28 Strong Name: Unsigned Publisher: Sysinternals - www.sysinternals.com Description: sigcheck Product: Sysinternals Sigcheck Version: 1.60 File version: 1.60 MD5: a7f2437d407117b1875937fe0727943f SHA1: 3360dcd1d20cb224f079cc882e44899d0dd99638 SHA256: 25f99b00a1f56f3fe9bc0b6ae0dba7b4c5e12d33a869f6d442acec898ef9a95a "Tom Walker" <nobody(a)example.com> wrote: > You can use the SysInternals SigCheck tool: > http://technet.microsoft.com/en-us/sysinternals/bb897441.aspx > > "ntman" <ntman(a)discussions.microsoft.com> wrote: >> Hi, >> >> Er (sheepish) how do I calculate the MD5 hash please? >> >> John. >> >> "blule" <blule(a)cn99.com> wrote: >>> The MD5 hash value of msvcr80.dll(8.00.50727.762) on my system is e4fece18310e23b1d8fee993e35e7a6f, is it same as yours?
From: ntman on 6 Dec 2009 07:20 OK, I've now got the hash for my version of msvcr80.dll. As it is the same as the other ones posted, I'm now pretty certain that I haven't got a virus/spyware in this file and that a false positive has been reported (by ZoneAlarm anti-spyware for future reference). Thanks to all for thie help. John. "blule" wrote: > E:\WINDOWXP\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b > 128700>sigcheck -h . > > sigcheck v1.60 - sigcheck > Copyright (C) 2004-2009 Mark Russinovich > Sysinternals - www.sysinternals.com > > E:\WINDOWXP\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b > 128700\msvcm80.dll: > Verified: Unsigned > File date: 22:54 2006-12-1 > Strong Name: Signed > Publisher: Microsoft Corporation > Description: Microsoft?C Runtime Library > Product: Microsoft?Visual Studio?2005 > Version: 8.00.50727.762 > File version: 8.00.50727.762 > MD5: cae6861b19a2a7e5d42fefc4dfdf5ccf > SHA1: 609b81fbd3acda8c56e2663eda80bfafc9480991 > SHA256: c4c8c2d251b90d77d1ac75cbd39c3f0b18fc170d5a95d1c13a0266f7260b479d > > E:\WINDOWXP\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b > 128700\msvcp80.dll: > Verified: Unsigned > File date: 22:54 2006-12-1 > Strong Name: Unsigned > Publisher: Microsoft Corporation > Description: Microsoft?C++ Runtime Library > Product: Microsoft?Visual Studio?2005 > Version: 8.00.50727.762 > File version: 8.00.50727.762 > MD5: 4c8a880eabc0b4d462cc4b2472116ea1 > SHA1: d0a27f553c0fe0e507c7df079485b601d5b592e6 > SHA256: 2026f3c4f830dff6883b88e2647272a52a132f25eb42c0d423e36b3f65a94d08 > > E:\WINDOWXP\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b > 128700\msvcr80.dll: > Verified: Unsigned > File date: 22:54 2006-12-1 > Strong Name: Unsigned > Publisher: Microsoft Corporation > Description: Microsoft?C Runtime Library > Product: Microsoft?Visual Studio?2005 > Version: 8.00.50727.762 > File version: 8.00.50727.762 > MD5: e4fece18310e23b1d8fee993e35e7a6f > SHA1: 9fd3a7f0522d36c2bf0e64fc510c6eea3603b564 > SHA256: 02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9 > > E:\WINDOWXP\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b > 128700\sigcheck.exe: > Verified: Signed > Signing date: 8:22 2009-2-28 > Strong Name: Unsigned > Publisher: Sysinternals - www.sysinternals.com > Description: sigcheck > Product: Sysinternals Sigcheck > Version: 1.60 > File version: 1.60 > MD5: a7f2437d407117b1875937fe0727943f > SHA1: 3360dcd1d20cb224f079cc882e44899d0dd99638 > SHA256: 25f99b00a1f56f3fe9bc0b6ae0dba7b4c5e12d33a869f6d442acec898ef9a95a > > "Tom Walker" <nobody(a)example.com> wrote: > > You can use the SysInternals SigCheck tool: > > http://technet.microsoft.com/en-us/sysinternals/bb897441.aspx > > > > "ntman" <ntman(a)discussions.microsoft.com> wrote: > >> Hi, > >> > >> Er (sheepish) how do I calculate the MD5 hash please? > >> > >> John. > >> > >> "blule" <blule(a)cn99.com> wrote: > >>> The MD5 hash value of msvcr80.dll(8.00.50727.762) on my system is e4fece18310e23b1d8fee993e35e7a6f, is it same as yours? > > . >
First
|
Prev
|
Pages: 1 2 Prev: How to get system time in microseconds in miniport driver Next: SpinLock/Mutex : Difference ? |