Search
Forum Home | Login
Jazzmin
Jazzmin
Join Date 10/2004
+1

Malware code found in window blinds

December 19, 2008 1:52:23 AM from WinCustomize ForumsWinCustomize Forums

I just ran a scan on my machine and was notified of this threat:

HeurEngine.Packed.Execryptor

The heuristics engine has identified unknown code that is found to be highly suspicious.  This file is packed with the same run-time compression that is commonly used by malware and thus, could be a potentially unknown threat.

Process

winlogon.exe (C:\program files\stardock\object destop\WindowBlinds\wbsrv.dll)

File

c:\program files\stardock\object desktop\windowblinds\wbsrv.dll

Startup

String is too long to type but it's in the registry...

 

Anybody know anything about this?

Thanks.

 

 

windowblinds
Locked Post
Search this post
Advanced Search
Subscription Options
Reason for Karma (Optional)
Successfully updated karma reason!
Jazzmin
Neil Banfield
Join Date 04/2001
+1104 sdemployee
Reply #1 December 19, 2008 3:02:18 AM
from WinCustomize ForumsWinCustomize Forums

It is not malware.  The message is just saying that execryptor was used on the dll which is true, but execryptor is a perfectly legitimate tool.

What app produced that error message?

Reason for Karma (Optional)
Successfully updated karma reason!
Jazzmin
Tailsgirl
Join Date 12/2008
+321
Reply #2 December 19, 2008 3:03:55 AM
from WinCustomize ForumsWinCustomize Forums

I would imagine it's a false positive, and your AV is just picking up, as you said, a similar compression method as something in it's database.

I wouldn't worry too much about it, Stardock isn't out to get us.     

Reason for Karma (Optional)
Successfully updated karma reason!
Jazzmin
BluesBrother
Join Date 11/2008
+32
Reply #3 December 19, 2008 5:07:28 AM
from WinCustomize ForumsWinCustomize Forums

i havent had any similair virus error messeges..but i trust WB and its creators , the skinners.

Reason for Karma (Optional)
Successfully updated karma reason!

Sign Up or Login and this ad disappears!
There are many great features available to you once you register. Sign Up for a free account and browse the forums without ads.

Jazzmin
Jafo
Join Date 03/2001
+1846 sdemployee
Reply #4 December 19, 2008 7:32:17 AM
from WinCustomize ForumsWinCustomize Forums

Listen to Neil ....

Reason for Karma (Optional)
Successfully updated karma reason!
Jazzmin
Jazzmin
Join Date 10/2004
+1
Reply #5 December 19, 2008 11:19:47 AM
from WinCustomize ForumsWinCustomize Forums

Quoting Neil Banfield,
reply 1
It is not malware.  The message is just saying that execryptor was used on the dll which is true, but execryptor is a perfectly legitimate tool.

What app produced that error message?

It's PC Tools Spyware Doctor.

I wasn't worried but thought it was strange to have this type of warning over software I've been using for years.  Thanks to everyone who responded, I appreciate it!

Reason for Karma (Optional)
Successfully updated karma reason!
Jazzmin
DorkCoffeez
Join Date 03/2006
+115
Reply #6 December 19, 2008 11:24:46 AM
from Stardock ForumsStardock Forums

Jazzmin could you please send a copy of the Spy Doctor report to support@stardock.com? We would like to track these messges and work with the company to provide a more friendly enviroment. Thank you very much for the heads up!

Reason for Karma (Optional)
Successfully updated karma reason!
Jazzmin
Jazzmin
Join Date 10/2004
+1
Reply #7 December 19, 2008 12:55:56 PM
from WinCustomize ForumsWinCustomize Forums

Quoting Seabass,
reply 6
Jazzmin could you please send a copy of the Spy Doctor report to support@stardock.com? We would like to track these messges and work with the company to provide a more friendly enviroment. Thank you very much for the heads up!

Sure thing Seabass... just forwarded to the email you provided.

I have since allowed the software to run but had to reinstall window blinds to get it to work correctly again.

 

 

Reason for Karma (Optional)
Successfully updated karma reason!
Jazzmin
Jafo
Join Date 03/2001
+1846 sdemployee
Reply #8 December 19, 2008 6:04:22 PM
from WinCustomize ForumsWinCustomize Forums

Jazzmin could you please send a copy of the Spy Doctor report to support@stardock.com? We would like to track these messges and work with the company to provide a more friendly enviroment.

My mistake....I should have requested that, too...

It's unfortunately not uncommon for similar issues to arise...as both the programs and the spyware/AV checkers are updated.

Once the 'false-positive' is flagged the company is contacted to amend their signature updates/exclusions...

Reason for Karma (Optional)
Successfully updated karma reason!
View all recent posts
Mark all posts as read Delete cookies created by the forum Return to Top
Stardock Forums v        Server Load Time:   Page Render Time: