NOD32误杀美萍的收费系统8.7版本的MPDL.DLL

molicn

C:\PROGRAM FILES\MPSOFT\CHARGE\CLIENT\MPDL.DLL
此文件是美萍收费系统里面的一个主要连接文件。并不是病毒文件。希望NOD32误杀能解决！

lingbo110120

不止是NOD报

Begin scan in 'C:\Documents and Settings\*******\桌面\mpdl.rar'
C:\Documents and Settings\Administrator\桌面\mpdl.rar
  [0] Archive type: RAR
    --> mpdl.dll
          [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Prorat.17 Backdoor server programs
      [NOTE]      The file was moved to '486ef382.qua'!


End of the scan: 2008年4月20日 星期日  15:38
Used time: 00:11 min

The scan has been done completely.

      0 Scanning directories
      2 Files were scanned
      1 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      1 Archives were scanned
      0 Warnings
      1 Notes
红伞也是

也许不是误报...

wolffshen

集体误报？
File mpdl.dll received on 04.20.2008 09:32:38 (CET)
Antivirus        Version        Last Update        Result
AhnLab-V3        2008.4.19.0        2008.04.18        -
AntiVir        7.8.0.8        2008.04.18        BDS/Prorat.17
Authentium        4.93.8        2008.04.19        -
Avast        4.8.1169.0        2008.04.19        Win32:Prorat-FR
AVG        7.5.0.516        2008.04.19        BackDoor.Small.39.B
BitDefender        7.2        2008.04.20        Backdoor.Prorat.N
CAT-QuickHeal        9.50        2008.04.19        Backdoor.Prorat.17
ClamAV        0.92.1        2008.04.20        Trojan.Prorat-154
DrWeb        4.44.0.09170        2008.04.19        BackDoor.ProRat.29
eSafe        7.0.15.0        2008.04.17        -
eTrust-Vet        31.3.5714        2008.04.19        -
Ewido        4.0        2008.04.19        Backdoor.Prorat.17
F-Prot        4.4.2.54        2008.04.20        W32/Backdoor2.TYF
F-Secure        6.70.13260.0        2008.04.19        Backdoor.Win32.Prorat.17
FileAdvisor        1        2008.04.20        High threat detected
Fortinet        3.14.0.0        2008.04.20        W32/Prorat.17!tr.bdr
Ikarus        T3.1.1.26        2008.04.20        Backdoor.Win32.Prorat.17
Kaspersky        7.0.0.125        2008.04.20        Backdoor.Win32.Prorat.17
McAfee        5277        2008.04.18        BackDoor-AVW
Microsoft        1.3408        2008.04.20        Backdoor:Win32/Prorat
NOD32v2        3041        2008.04.19        probably a variant of Win32/Prorat
Norman        5.80.02        2008.04.18        W32/Prorat.FWL
Panda        9.0.0.4        2008.04.19        Bck/Prorat.BB
Prevx1        V2        2008.04.20        -
Rising        20.40.60.00        2008.04.20        Backdoor.ProRat.17.a
Sophos        4.28.0        2008.04.20        Mal/Generic-A
Sunbelt        3.0.1056.0        2008.04.17        Backdoor.Prorat.N
Symantec        10        2008.04.20        Backdoor.Prorat
TheHacker        6.2.92.285        2008.04.19        -
VBA32        3.12.6.4        2008.04.16        Backdoor.Win32.Prorat.17
VirusBuster        4.3.26:9        2008.04.19        -
Webwasher-Gateway        6.6.2        2008.04.18        Trojan.Backdoor.Prorat.17
Additional information
File size: 19968 bytes
MD5...: c50f0cdec0b1c32de007f71a86cf04f8
SHA1..: f0952f10c09f52a10f50aea6258618686ef81569
SHA256: 9b261fcc345afe45dca068ff98fe9975c36e3cab7e35d9a467fa3df621c9f082
SHA512: ca1b7e0b43a3b3538cebb0bae8b276304ca8a77ddd5ce4148c210d30deccd106<br>b7e2a335a37d538161abea8c891ef76563b698ea81419b443dfd8f120bd27cc2
PEiD..: ASPack v2.000 -&gt; Alexey Solodovnikov
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10006001<br>timedatestamp.....: 0x4190845c (Tue Nov 09 08:48:28 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 7 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x1000 0x800 6.81 3f1d74a67a04c00cb9f2f59d9152b089<br>.rdata 0x2000 0x1000 0x1000 1.92 b0eac4e82a3c5e7ff810d86fb8f26b88<br>.data 0x3000 0x1000 0x200 3.03 94e81d770badc00695b180bc39c4859b<br>SHAREDAT 0x4000 0x1000 0x1000 0.01 14b6a6af898431d0fe8fa58241c39226<br>.reloc 0x5000 0x1000 0x200 5.84 63d523a5292b3eebe70de5abae88bc5c<br>.aspack 0x6000 0x2000 0x1200 5.82 a52ceb37106211e7cc72d53ea2d9339a<br>.rsrc 0x8000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br><br>( 4 imports ) <br>&gt; kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA<br>&gt; user32.dll: UnhookWindowsHookEx<br>&gt; imagehlp.dll: ImageDirectoryEntryToData<br>&gt; msvcrt.dll: __CxxFrameHandler<br><br>( 2 exports ) <br>Hook, Unhook<br>
Bit9 info: http://fileadvisor.bit9.com/serv ... 32de007f71a86cf04f8
packers: ASPack

lingbo110120

   这个还是误报？

很明显的病毒了撒...


但是也不排除那么多杀软的误报......

lingbo110120

你应该发到 国内的引擎扫描

molicn

这个是卡巴先杀到后，就全部都杀！哎，明明 正常文件都被误杀。重装美萍系统还是被误杀！

无尽藏海

集体误报……可能性很小……

molicn

你不信的话，可以自己下载美萍收费系统，在他官方下载都被误杀，你说呢~！怀疑有人把他说成病毒来！
【现在这个文件刚好是我现在帮这家网吧安装美萍的收费系统，安装影子系统和NOD，4月6日都没有杀这个文件的。一升级后就误杀！】
【病毒最先卡巴误杀】
【卡巴论坛 现在已经举报】
希望卡巴解决后就可以解决全部误杀

[ 本帖最后由 molicn 于 2008-4-20 15:55 编辑 ]

无尽藏海

那就是这个东西本身就有问题

红伞的误报回复，确认了
The file 'mpdl.dll' has been determined to be 'MALWARE'. Detection is added to our virus definition file (VDF) starting with version 6.31.01.180.

卡巴的回复是什么？

lingbo110120

难道是卡巴误报..
然后各大杀软COPY它的病毒库
然后导致今天的局面？