Discussion:
zlib.dll malware?
(too old to reply)
Vic Dura
2006-04-26 19:47:41 UTC
Permalink
I just did a scan with LavaSoft Ad-Aware SE v1.05 using the defs.ref
file dated 4/26/05. It flagged \lccwin32\lcc\bin\zlib.dll (46592
12/27/02) as being malware. The scan I did last month did not flag
zlib.dll so I'm wondering if this is an error? I installed lccwindows
about a year ago and haven't done much with it since then.

Is zlib.dll part of LCC or might it have been placed there by some
other malware?
--
To email me directly, remove CLUTTER.
jacob navia
2006-04-26 22:43:29 UTC
Permalink
Post by Vic Dura
I just did a scan with LavaSoft Ad-Aware SE v1.05 using the defs.ref
file dated 4/26/05. It flagged \lccwin32\lcc\bin\zlib.dll (46592
12/27/02) as being malware. The scan I did last month did not flag
zlib.dll so I'm wondering if this is an error? I installed lccwindows
about a year ago and haven't done much with it since then.
Is zlib.dll part of LCC or might it have been placed there by some
other malware?
It is known problem that some bytes in zlib.dll make some antivirus
software think that there is a virus in there.
The zlib.dll is only 46 592 bytes long, so there can't be any virus in
there

In my machine McAffee anti virus never complains about that file.
The md5 of zlib.dll is:

f42601d4ac18bb06d830b6f8e4500adf

To obtain the md5 of YOUR zlib.dll just open a command prompt and
type \lcc\bin\md5 \lcc\bin\zlib.dll

and you should obtain the SAME pattern as above

jacob
Vic Dura
2006-04-27 11:18:27 UTC
Permalink
On Thu, 27 Apr 2006 00:43:29 +0200, jacob navia
Post by jacob navia
Post by Vic Dura
I just did a scan with LavaSoft Ad-Aware SE v1.05 using the defs.ref
file dated 4/26/05. It flagged \lccwin32\lcc\bin\zlib.dll (46592
12/27/02) as being malware. The scan I did last month did not flag
zlib.dll so I'm wondering if this is an error? I installed lccwindows
about a year ago and haven't done much with it since then.
Is zlib.dll part of LCC or might it have been placed there by some
other malware?
It is known problem that some bytes in zlib.dll make some antivirus
software think that there is a virus in there.
The zlib.dll is only 46 592 bytes long, so there can't be any virus in
there
In my machine McAffee anti virus never complains about that file.
f42601d4ac18bb06d830b6f8e4500adf
To obtain the md5 of YOUR zlib.dll just open a command prompt and
type \lcc\bin\md5 \lcc\bin\zlib.dll
and you should obtain the SAME pattern as above
jacob
Thank you jacob. The md5 checksum is the same for my file.

Regards,
Vic Dura
--
To email me directly, remove CLUTTER.
me
2006-05-04 11:15:10 UTC
Permalink
Post by Vic Dura
I just did a scan with LavaSoft Ad-Aware SE v1.05 using the defs.ref
file dated 4/26/05. It flagged \lccwin32\lcc\bin\zlib.dll (46592
12/27/02) as being malware. The scan I did last month did not flag
zlib.dll so I'm wondering if this is an error? I installed lccwindows
about a year ago and haven't done much with it since then.
Is zlib.dll part of LCC or might it have been placed there by some
other malware?
Had the same problem and did some research. zlib.dll is a dropper name for
a dll from a virus called Trojan.VXGAME.n. original name is ZLBW.DLL.
\LCC\BIN\ZLIB.DLL is coded inside the virus as a dropper location. I think
adaware only looks for the filename and gives a false alert.

Continue reading on narkive:
Loading...