npmirage.dll malware?

Guardian Angel

New Member
Thread author
Jun 30, 2011
10
Hello I hope this is the right forum to post in. I was doing a scan with hitmanpro (prevx scanner) detected that npmirage.dll is a High Rick Worm in the system32 folder. I did some research and a few says it was a false positive. I also ran the file on Virus Total and every scanner came out clean except (one again) Prevx saying it was a High Risk Worm. The file was created in 10/31/2006 which was before I actually got this computer for Christmas on 12/25/2006.

I am experiencing no symptoms and no problem with my computer...so what I am wondering if this is a false positive or actually a worm. Thank you. Here is the Virus Total scan report and the picture of the detected threat.

http://imageshack.us/photo/my-images/844/npmirage.jpg/

Antivirus results
AhnLab-V3 - 2011.07.01.00 - 2011.06.30 - -
AntiVir - 7.11.10.179 - 2011.06.30 - -
Antiy-AVL - 2.0.3.7 - 2011.06.30 - -
Avast - 4.8.1351.0 - 2011.06.30 - -
Avast5 - 5.0.677.0 - 2011.06.30 - -
AVG - 10.0.0.1190 - 2011.06.30 - -
BitDefender - 7.2 - 2011.06.30 - -
CAT-QuickHeal - 11.00 - 2011.06.30 - -
ClamAV - 0.97.0.0 - 2011.06.30 - -
Commtouch - 5.3.2.6 - 2011.06.30 - -
Comodo - 9231 - 2011.06.30 - -
DrWeb - 5.0.2.03300 - 2011.06.30 - -
eSafe - 7.0.17.0 - 2011.06.29 - -
eTrust-Vet - 36.1.8419 - 2011.06.30 - -
F-Prot - 4.6.2.117 - 2011.06.30 - -
F-Secure - 9.0.16440.0 - 2011.06.30 - -
Fortinet - 4.2.257.0 - 2011.06.30 - -
GData - 22 - 2011.06.30 - -
Ikarus - T3.1.1.104.0 - 2011.06.30 - -
Jiangmin - 13.0.900 - 2011.06.30 - -
K7AntiVirus - 9.106.4859 - 2011.06.30 - -
Kaspersky - 9.0.0.837 - 2011.06.30 - -
McAfee - 5.400.0.1158 - 2011.06.30 - -
McAfee-GW-Edition - 2010.1D - 2011.06.30 - -
Microsoft - 1.7000 - 2011.06.30 - -
NOD32 - 6254 - 2011.06.30 - -
Norman - 6.07.10 - 2011.06.30 - -
nProtect - 2011-06-30.01 - 2011.06.30 - -
Panda - 10.0.3.5 - 2011.06.30 - -
PCTools - 8.0.0.5 - 2011.06.30 - -
Prevx - 3.0 - 2011.06.30 - High Risk Worm
Rising - 23.64.03.03 - 2011.06.30 - -
Sophos - 4.67.0 - 2011.06.30 - -
SUPERAntiSpyware - 4.40.0.1006 - 2011.06.30 - -
Symantec - 20111.1.0.186 - 2011.06.30 - -
TheHacker - 6.7.0.1.245 - 2011.06.29 - -
TrendMicro - 9.200.0.1012 - 2011.06.30 - -
TrendMicro-HouseCall - 9.200.0.1012 - 2011.06.30 - -
VBA32 - 3.12.16.3 - 2011.06.29 - -
VIPRE - 9733 - 2011.06.30 - -
ViRobot - 2011.6.30.4542 - 2011.06.30 - -
VirusBuster - 14.0.104.0 - 2011.06.30 - -
File info:
MD5: 2769c7f358b98b8a9ce4877be4e2b774
SHA1: 7d4c4cd58ee93f69c85c2dfab45d6a7546c06d53
SHA256: e6012541e6197011c93bc38d37e90b57cabd1e4444eceb69b38268240d2f3f64
File size: 35344 bytes
Scan date: 2011-06-30 21:45:04 (UTC)
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
I believe this could be a False Positive, a topic on the Avast Forums mentions similar details to yours.

I would chose Prevx to ignore the file.
 

Guardian Angel

New Member
Thread author
Jun 30, 2011
10
Thank you both I was pretty sure it was a false positive; but, wanted to make sure. I had ignored it from the list as well reported it as a safe file.
 

Ramblin

Level 3
May 14, 2011
1,014
You did the right thing, ignoring the detection, until you confirmed whether
it was a FP or indeed, you had a virus. Uploading the file to Virus Total
was also a very good move. Next time, something similar happens, you
should also check the dates on the file. If its an old file, most likely its
a FP.

Bo
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top