Kaspersky flags dmocy.exe as trojan?

Kaspersky flags dmocy.exe as trojan?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Kaspersky flags dmocy.exe as trojan? steverossiter 04-21-2006
Posted by on April 21, 2006, 1:36 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,

I am using Kaspersky Anti-Virus and it has flagged dmocy.exe as
TrojanDownloader.Win32.Small.cse.

Kaspersky reccommends I delete the file. It is located at
C:\WINDOWS\SYSTEM32\dmocy.exe, has a size of 51Kb and the same Date
Modified of 8/4/2004 00:56 as a lot of files around it alphabetically
that are Microsoft's, some involved with disk management. I can find no
mention of dmocy.exe on the web nor in Microsoft's Knowledge Base.
Deleting something having to do with disk management is not my idea of
fun.

Has Kaspersky detected the Win32.Small trojan inside dmocy.exe or is
there a way to determine if this is a false alarm? Where could I find
more information given no luck in searching across the web?

Thanks kindly, Steve


Posted by Ron Lopshire on April 21, 2006, 1:50 am
If you were  Registered and logged in, you could reply and use other advanced thread options
steverossiter@sbcglobal.net wrote:

> I am using Kaspersky Anti-Virus and it has flagged dmocy.exe as
> TrojanDownloader.Win32.Small.cse.
>
> Kaspersky reccommends I delete the file. It is located at
> C:\WINDOWS\SYSTEM32\dmocy.exe, has a size of 51Kb and the same Date
> Modified of 8/4/2004 00:56 as a lot of files around it alphabetically
> that are Microsoft's, some involved with disk management. I can find no
> mention of dmocy.exe on the web nor in Microsoft's Knowledge Base.
> Deleting something having to do with disk management is not my idea of
> fun.
>
> Has Kaspersky detected the Win32.Small trojan inside dmocy.exe or is
> there a way to determine if this is a false alarm? Where could I find
> more information given no luck in searching across the web?

Steve,

Submit the file to VT and/or Jotti for analysis. If Kaspersky is the
only AV flagging your file as malicious, then either KL is ahead of
the others or it is a FP.

Virus Total Online Scan
(http://www.virustotal.com/flash/index_en.html)
Jotti's Online Malware Scan
(http://virusscan.jotti.org/)

If this is a new exploit, it will be submitted to all vendors who flag
it. Anytime KAV flags a file, submit it to KL through your KAV GUI for
analysis. If it is a FP, it will be removed in subsequent DB updates.

Ron :)

Posted by Ian Kenefick on April 21, 2006, 10:42 am
If you were  Registered and logged in, you could reply and use other advanced thread options
On 20 Apr 2006 22:36:53 -0700, steverossiter@sbcglobal.net wrote:

>Has Kaspersky detected the Win32.Small trojan inside dmocy.exe or is
>there a way to determine if this is a false alarm? Where could I find
>more information given no luck in searching across the web?

Fastest way around this.

Label the Subject as 'False Positive?' and send the file in a password
protected zip to newvirus@kaspersky.com They will tell you - besides
us guessing here.


--
Regards, Ian.
http://www.ik-cs.com
"The intelligent man finds almost everything ridiculous, the sensible man hardly
anything" - Johann Wolfgang von Goethe

Posted by jen on April 21, 2006, 11:33 am
If you were  Registered and logged in, you could reply and use other advanced thread options
> Hi,
>
> I am using Kaspersky Anti-Virus and it has flagged dmocy.exe as
> TrojanDownloader.Win32.Small.cse.
>
> Kaspersky reccommends I delete the file. It is located at
> C:\WINDOWS\SYSTEM32\dmocy.exe, has a size of 51Kb and the same Date
> Modified of 8/4/2004 00:56 as a lot of files around it alphabetically
> that are Microsoft's, some involved with disk management. I can find no
> mention of dmocy.exe on the web nor in Microsoft's Knowledge Base.
> Deleting something having to do with disk management is not my idea of
> fun.
>
> Has Kaspersky detected the Win32.Small trojan inside dmocy.exe or is
> there a way to determine if this is a false alarm? Where could I find
> more information given no luck in searching across the web?

From Kaspersky's site:
Trojan-Downloader.Win32.Small.cse
Detection added Apr 20 2006 18:25 GMT
Update released Apr 20 2006 19:48 GMT
Behavior TrojanDownloader


Currently there is no description available for this program.

As many viruses and worms are modifications of earlier versions, it may help
you to check the descriptions of similar programs. If such descriptions are
available, they will be listed at the top of the page.

Our virus analysts work hard to ensure that descriptions of the commonest
and most potentially dangerous software are available to users. The Virus
Encyclopedia is updated on a regular basis.

If you cannot find the description you need, please check back later, or
contact us on webmaster@viruslist.com.

http://www.viruslist.com/en/viruses/encyclopedia?virusid=118839



Posted by on April 21, 2006, 12:56 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Thank you everyone. You have been very helpful, Steve.


Similar ThreadsPosted
Kaspersky AV July 29, 2006, 8:37 am
I like using Kaspersky January 5, 2007, 4:45 pm
AVG conflict with Kaspersky? July 13, 2007, 12:47 am
Kaspersky online virus scan - result December 9, 2006, 6:07 pm
Trojan August 2, 2005, 8:42 pm
Trojan August 19, 2005, 6:31 pm
trojan by icq November 4, 2005, 6:40 am
Trojan November 7, 2005, 3:45 pm
trojan November 8, 2005, 3:46 pm
Trojan.moo December 18, 2005, 3:23 pm

The site map in XML format XML site map

Contact Us | Privacy Policy