[Dshield] Possible virus question?

Tony Maro tonym at nlisc.com
Fri Oct 12 13:42:15 GMT 2001


Okay, this isn't quite a virus maillist, much less an AVP maillist, but here
goes...

We have about 150 PC's running Kaspersky Antivirus Workstation (KAV) across
6 companies.  In the last few weeks we upgraded nearly all machines to IE6.
In the last few days, KAV started spewing errors on certain shared Microsoft
files saying they are suspicious.  The files include (from KAV logs):

c:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMWS.DLL
Suspicious	Mail Bomb	<d80000.0.13>
c:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\MSSADMWS.DLL
Suspicious	Mail Bomb	<d80000.0.13>

Then, yesterday and today KAV started automatically deleting MSSADMWS.DLL.

A little research shows these files to be part of IE6 designed for the
Microsoft Sharepoint Server (TAHOE).

Anyone else run into this?  Is this a false-positive as I suspect, or is
there a virus infecting MSSADMWS.DLL?

Thanks,
Tony Maro




More information about the list mailing list