False Positive - InpOut32.dll

InpOut32.dll is not Frame4 Password Hijacker. It's a
Visual Basic 3rd party tool for programmatic control of
the LPT port. It's been available from
http://www.lvr.com/parport.htm in various forms since
Windows 98, at least. Search on that page for all
occcurances of InpOut32.dll for validation of this being
a false positive report by Microsft Antispyware Beta.

From what I've read today in these related forums, I'm
getting a bad feeling that this Beta is doing very little
beyond looking at filename lists or a database of
filenames, rather than looking at known malware file
property signatures such as file structure, checksum, and
so on. If that is a fair assumption, then and only then
I'd think this is a very dangerous tool perhaps not safe
even for beta test purposes except for a very select few
test personel.

Look a little deeper. It isn't perfect by any means, but it isn't nearly as
shallow as you suggest. It is definitely doing checksums--that is one of
the differences between a quickscan and a full system scan.

"EarlyUser" <anonymous@discussions.microsoft.com> wrote in message
news:093201c4f513$6f2cd790$a501280a@phx.gbl...
> InpOut32.dll is not Frame4 Password Hijacker. It's a
> Visual Basic 3rd party tool for programmatic control of
> the LPT port. It's been available from
> http://www.lvr.com/parport.htm in various forms since
> Windows 98, at least. Search on that page for all
> occcurances of InpOut32.dll for validation of this being
> a false positive report by Microsft Antispyware Beta.
>
> From what I've read today in these related forums, I'm
> getting a bad feeling that this Beta is doing very little
> beyond looking at filename lists or a database of
> filenames, rather than looking at known malware file
> property signatures such as file structure, checksum, and
> so on. If that is a fair assumption, then and only then
> I'd think this is a very dangerous tool perhaps not safe
> even for beta test purposes except for a very select few
> test personel.

>-----Original Message-----
>Look a little deeper. It isn't perfect by any means,
but it isn't nearly as
>shallow as you suggest. It is definitely doing
checksums--that is one of
>the differences between a quickscan and a full system
scan.
>
>"EarlyUser" <anonymous@discussions.microsoft.com> wrote
in message
>news:093201c4f513$6f2cd790$a501280a@phx.gbl...
>> InpOut32.dll is not Frame4 Password Hijacker. It's a
>> Visual Basic 3rd party tool for programmatic control of
>> the LPT port. It's been available from
>> http://www.lvr.com/parport.htm in various forms since
>> Windows 98, at least. Search on that page for all
>> occcurances of InpOut32.dll for validation of this
being
>> a false positive report by Microsft Antispyware Beta.
>>
>> From what I've read today in these related forums, I'm
>> getting a bad feeling that this Beta is doing very
little
>> beyond looking at filename lists or a database of
>> filenames, rather than looking at known malware file
>> property signatures such as file structure, checksum,
and
>> so on. If that is a fair assumption, then and only then
>> I'd think this is a very dangerous tool perhaps not
safe
>> even for beta test purposes except for a very select
few
>> test personel.

Ok. And here's another false positive that can be
obtained direct off the old Microsoft Internet Clent SDK:
inetclientsdk\bin\chktrust.exe is not eXact.BargainBuddy

That file is unaltered on my computer from the MS SDK.