[Dshield] Possible virus question?

Tony Maro tonym at nlisc.com
Fri Oct 12 18:04:33 GMT 2001

Okay - Kaspersky confirms it's a false positive and will be fixed in the
next daily update.

-----Original Message-----
From: Tony Maro [mailto:tonym at nlisc.com] 
Sent: Friday, October 12, 2001 8:42 AM
To: 'dshield at dshield.org'
Subject: [Dshield] Possible virus question?

Okay, this isn't quite a virus maillist, much less an AVP maillist, but here

We have about 150 PC's running Kaspersky Antivirus Workstation (KAV) across
6 companies.  In the last few weeks we upgraded nearly all machines to IE6.
In the last few days, KAV started spewing errors on certain shared Microsoft
files saying they are suspicious.  The files include (from KAV logs):

c:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMWS.DLL
Suspicious	Mail Bomb	<d80000.0.13>
c:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\MSSADMWS.DLL
Suspicious	Mail Bomb	<d80000.0.13>

Then, yesterday and today KAV started automatically deleting MSSADMWS.DLL.

A little research shows these files to be part of IE6 designed for the
Microsoft Sharepoint Server (TAHOE).

Anyone else run into this?  Is this a false-positive as I suspect, or is
there a virus infecting MSSADMWS.DLL?

Tony Maro

Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list