Possible false positive on smtp.ocx

We have some software that uses a "smtp.ocx" control, which I downloaded as
freeware a few years ago from the web (the file is dated Feb 23, 2001, size
73,728 bytes).

This is being reported (on multiple systems here, as we all have it
installed, as do our customers) as the Holar.G trojan.

The Lagel worm creates four new files: MPLAYER.EXE, which
is run every time windows is started up, ILLEGAL.EXE,
which contains the worm's code, MMAILS.DLL, which stores
the e-mail addresses the worm obtains from the system, and
SMTP.OCX, an application used to mail messages.

False Positive.

Regards, Alan.

>-----Original Message-----
>We have some software that uses a "smtp.ocx" control,
which I downloaded as
>freeware a few years ago from the web (the file is dated
Feb 23, 2001, size
>73,728 bytes).
>
>This is being reported (on multiple systems here, as we
all have it
>installed, as do our customers) as the Holar.G trojan.
>
>
>.
>

If you still have contact with the original vendor I've posted later in this
group a form for vendor dispute of listing.

Worst case, however, is that the malware your other reply mentions has taken
the original OCX and used it directly, in which case it will be hard for the
app to distinguish!

"JJ" <jjj@nospam.com> wrote in message
news:OjnGA2A9EHA.2284@cpmsftngsa05.privatenews.microsoft.com...
> We have some software that uses a "smtp.ocx" control, which I downloaded
> as freeware a few years ago from the web (the file is dated Feb 23, 2001,
> size 73,728 bytes).
>
> This is being reported (on multiple systems here, as we all have it
> installed, as do our customers) as the Holar.G trojan.
>
>

Some of the latest variants are known to infest legit files. One must
then depend on the AV or spyware app vendors to discern what is legit
and what is not.
Wish I could tell you definitively that it's a false positive or not.
Kapersky's online scanner, limited to one file of 1MB or less, is very
useful for this determination.

Steve Wechsler (akaMowGreen)
MVP Windows Server
AumHa VSOP

Bill Sanderson wrote:

> If you still have contact with the original vendor I've posted later in this
> group a form for vendor dispute of listing.
>
> Worst case, however, is that the malware your other reply mentions has taken
> the original OCX and used it directly, in which case it will be hard for the
> app to distinguish!
>
> "JJ" <jjj@nospam.com> wrote in message
> news:OjnGA2A9EHA.2284@cpmsftngsa05.privatenews.microsoft.com...
>
>>We have some software that uses a "smtp.ocx" control, which I downloaded
>>as freeware a few years ago from the web (the file is dated Feb 23, 2001,
>>size 73,728 bytes).
>>
>>This is being reported (on multiple systems here, as we all have it
>>installed, as do our customers) as the Holar.G trojan.
>>
>>
>
>
>

I believe that's why there's an MD5 hash generated by the Advanced File
Analyzer. They are generating hashes which ought to distinguish the legit
files from ones infected by a virus, or simply the same name and size.

"Steve Wechsler [MVP]" <mowgreen@mvps.org> wrote in message
news:FLNi7gB9EHA.1696@cpmsftngsa06.privatenews.microsoft.com...
> Some of the latest variants are known to infest legit files. One must then
> depend on the AV or spyware app vendors to discern what is legit and what
> is not.
> Wish I could tell you definitively that it's a false positive or not.
> Kapersky's online scanner, limited to one file of 1MB or less, is very
> useful for this determination.
>
> Steve Wechsler (akaMowGreen)
> MVP Windows Server
> AumHa VSOP
>
> Bill Sanderson wrote:
>
>> If you still have contact with the original vendor I've posted later in
>> this group a form for vendor dispute of listing.
>>
>> Worst case, however, is that the malware your other reply mentions has
>> taken the original OCX and used it directly, in which case it will be
>> hard for the app to distinguish!
>>
>> "JJ" <jjj@nospam.com> wrote in message
>> news:OjnGA2A9EHA.2284@cpmsftngsa05.privatenews.microsoft.com...
>>
>>>We have some software that uses a "smtp.ocx" control, which I downloaded
>>>as freeware a few years ago from the web (the file is dated Feb 23, 2001,
>>>size 73,728 bytes).
>>>
>>>This is being reported (on multiple systems here, as we all have it
>>>installed, as do our customers) as the Holar.G trojan.
>>>
>>>
>>
>>