npmirage.dll malware?

G

Guardian Angel

New Member
Thread author
Jun 30, 2011
10
2
6
Hello I hope this is the right forum to post in. I was doing a scan with hitmanpro (prevx scanner) detected that npmirage.dll is a High Rick Worm in the system32 folder. I did some research and a few says it was a false positive. I also ran the file on Virus Total and every scanner came out clean except (one again) Prevx saying it was a High Risk Worm. The file was created in 10/31/2006 which was before I actually got this computer for Christmas on 12/25/2006.

I am experiencing no symptoms and no problem with my computer...so what I am wondering if this is a false positive or actually a worm. Thank you. Here is the Virus Total scan report and the picture of the detected threat.

http://imageshack.us/photo/my-images/844/npmirage.jpg/

Antivirus results
AhnLab-V3 - 2011.07.01.00 - 2011.06.30 - -
AntiVir - 7.11.10.179 - 2011.06.30 - -
Antiy-AVL - 2.0.3.7 - 2011.06.30 - -
Avast - 4.8.1351.0 - 2011.06.30 - -
Avast5 - 5.0.677.0 - 2011.06.30 - -
AVG - 10.0.0.1190 - 2011.06.30 - -
BitDefender - 7.2 - 2011.06.30 - -
CAT-QuickHeal - 11.00 - 2011.06.30 - -
ClamAV - 0.97.0.0 - 2011.06.30 - -
Commtouch - 5.3.2.6 - 2011.06.30 - -
Comodo - 9231 - 2011.06.30 - -
DrWeb - 5.0.2.03300 - 2011.06.30 - -
eSafe - 7.0.17.0 - 2011.06.29 - -
eTrust-Vet - 36.1.8419 - 2011.06.30 - -
F-Prot - 4.6.2.117 - 2011.06.30 - -
F-Secure - 9.0.16440.0 - 2011.06.30 - -
Fortinet - 4.2.257.0 - 2011.06.30 - -
GData - 22 - 2011.06.30 - -
Ikarus - T3.1.1.104.0 - 2011.06.30 - -
Jiangmin - 13.0.900 - 2011.06.30 - -
K7AntiVirus - 9.106.4859 - 2011.06.30 - -
Kaspersky - 9.0.0.837 - 2011.06.30 - -
McAfee - 5.400.0.1158 - 2011.06.30 - -
McAfee-GW-Edition - 2010.1D - 2011.06.30 - -
Microsoft - 1.7000 - 2011.06.30 - -
NOD32 - 6254 - 2011.06.30 - -
Norman - 6.07.10 - 2011.06.30 - -
nProtect - 2011-06-30.01 - 2011.06.30 - -
Panda - 10.0.3.5 - 2011.06.30 - -
PCTools - 8.0.0.5 - 2011.06.30 - -
Prevx - 3.0 - 2011.06.30 - High Risk Worm
Rising - 23.64.03.03 - 2011.06.30 - -
Sophos - 4.67.0 - 2011.06.30 - -
SUPERAntiSpyware - 4.40.0.1006 - 2011.06.30 - -
Symantec - 20111.1.0.186 - 2011.06.30 - -
TheHacker - 6.7.0.1.245 - 2011.06.29 - -
TrendMicro - 9.200.0.1012 - 2011.06.30 - -
TrendMicro-HouseCall - 9.200.0.1012 - 2011.06.30 - -
VBA32 - 3.12.16.3 - 2011.06.29 - -
VIPRE - 9733 - 2011.06.30 - -
ViRobot - 2011.6.30.4542 - 2011.06.30 - -
VirusBuster - 14.0.104.0 - 2011.06.30 - -
File info:
MD5: 2769c7f358b98b8a9ce4877be4e2b774
SHA1: 7d4c4cd58ee93f69c85c2dfab45d6a7546c06d53
SHA256: e6012541e6197011c93bc38d37e90b57cabd1e4444eceb69b38268240d2f3f64
File size: 35344 bytes
Scan date: 2011-06-30 21:45:04 (UTC)
 
I believe this could be a False Positive, a topic on the Avast Forums mentions similar details to yours.

I would chose Prevx to ignore the file.
 
Thank you both I was pretty sure it was a false positive; but, wanted to make sure. I had ignored it from the list as well reported it as a safe file.
 
You did the right thing, ignoring the detection, until you confirmed whether
it was a FP or indeed, you had a virus. Uploading the file to Virus Total
was also a very good move. Next time, something similar happens, you
should also check the dates on the file. If its an old file, most likely its
a FP.

Bo
 

You may also like...