1 Reply Latest reply on Mar 19, 2009 9:25 AM by LANDave

    False Positive for Microsoft.Transactions.Bridge.Dtc.ni.dll

    Rookie

      Yesterday afternoon and this morning we started getting calls at the helpdesk and I had it happen on a pc I am working on.  I didn't find anything on landesk but did at kaspersky's site.  I had to make some quick exclusions of the %windir%\assembly folder.  LDAV identified the Microsoft dll as Packed.Win32.Katusha.b

        • 1. Re: False Positive for Microsoft.Transactions.Bridge.Dtc.ni.dll
          LANDave SupportEmployee

          Bobby,

           

          You need to zip up the file into a .ZIP archive with the password "infected" and upload it to ftp://ftp.landesk.com/ldav

           

          Ideally, call LANDesk support and open up a support case first, so we can notify you of the response to the investigation of the file.

           

          The virus pattern file content will need to be changed for the Katusha virus so that it doesn't detect this file as infected when it is not.

           

           

          I already noticed a file that had been uploaded called "katusha.zip", however it did not have password protection, so it was automatically rejected.

           

          If this was you, please reupload the zip file (With a different name) and a password of "infected".