You are here

Trojan in EraserDropPortable 2.1 ?

4 posts / 0 new
Last post
amemait
Offline
Last seen: 13 years 5 months ago
Joined: 2011-01-14 13:23
Trojan in EraserDropPortable 2.1 ?

My McAfee virus scanner just detected the Artemis!E4857B9E3DF5 Trojan in the gdiplus.dll during installation of EraserDropPortable version 2.1 (just downloaded today).

Has anyone else seen this?

I've used an earlier version of the app before, and it did *not* have the trojan in it. The app still _seems_ to work without the (replacement) DLL.

Info on the (original) DLL:
According to MSDN, Windows GDI+ (gdiplus.dll) is a class-based API for C/C++ programmers. It enables applications to use graphics and formatted text on both the video display and the printer. This trojan DLL is trying to exploit a vulnerability in that Windows will try to load a DLL from the directory from which the app was opened before searching for it in the system path.

John T. Haller
John T. Haller's picture
Offline
Last seen: 2 hours 34 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
False Positive

It's a false positive. If you check it on VirusTotal, you'll see it's just a McAfee issue again. Please report it to them.

Sometimes, the impossible can become possible, if you're awesome!

amemait
Offline
Last seen: 13 years 5 months ago
Joined: 2011-01-14 13:23
Thanks for the false positive

Thanks for the false positive report. I'll let my I.T. team know.

Any idea why it replaces the GDI+ DLL when it works without it?

:Michael

John T. Haller
John T. Haller's picture
Offline
Last seen: 2 hours 34 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Not Replace, Include

It doesn't replace the one on the PC already (as in copy itself onto the local PC), it's there in case there isn't on on the local PC already. Otherwise, if there isn't one on the local PC, the app would just crash.

Sometimes, the impossible can become possible, if you're awesome!

Log in or register to post comments