Kaspersky flags dmocy.exe as trojan?

[steverossiter]

Hi,

I am using Kaspersky Anti-Virus and it has flagged dmocy.exe as
TrojanDownloader.Win32.Small.cse.

Kaspersky reccommends I delete the file. It is located at
C:\WINDOWS\SYSTEM32\dmocy.exe, has a size of 51Kb and the same Date
Modified of 8/4/2004 00:56 as a lot of files around it alphabetically
that are Microsoft's, some involved with disk management. I can find no
mention of dmocy.exe on the web nor in Microsoft's Knowledge Base.
Deleting something having to do with disk management is not my idea of
fun.

Has Kaspersky detected the Win32.Small trojan inside dmocy.exe or is
there a way to determine if this is a false alarm? Where could I find
more information given no luck in searching across the web?

Thanks kindly, Steve

 

[Ron Lopshire]

I am using Kaspersky Anti-Virus and it has flagged dmocy.exe as
TrojanDownloader.Win32.Small.cse.

Kaspersky reccommends I delete the file. It is located at
C:\WINDOWS\SYSTEM32\dmocy.exe, has a size of 51Kb and the same Date
Modified of 8/4/2004 00:56 as a lot of files around it alphabetically
that are Microsoft's, some involved with disk management. I can find no
mention of dmocy.exe on the web nor in Microsoft's Knowledge Base.
Deleting something having to do with disk management is not my idea of
fun.

Has Kaspersky detected the Win32.Small trojan inside dmocy.exe or is
there a way to determine if this is a false alarm? Where could I find
more information given no luck in searching across the web?

Steve,

Submit the file to VT and/or Jotti for analysis. If Kaspersky is the
only AV flagging your file as malicious, then either KL is ahead of
the others or it is a FP.

Virus Total Online Scan
(http://www.virustotal.com/flash/index_en.html)
Jotti's Online Malware Scan
(http://virusscan.jotti.org/)

If this is a new exploit, it will be submitted to all vendors who flag
it. Anytime KAV flags a file, submit it to KL through your KAV GUI for
analysis. If it is a FP, it will be removed in subsequent DB updates.

Ron

 

[Ian Kenefick]

Has Kaspersky detected the Win32.Small trojan inside dmocy.exe or is
there a way to determine if this is a false alarm? Where could I find
more information given no luck in searching across the web?

Fastest way around this.

Label the Subject as 'False Positive?' and send the file in a password
protected zip to (e-mail address removed) They will tell you - besides
us guessing here.

 

[jen]

Hi,

I am using Kaspersky Anti-Virus and it has flagged dmocy.exe as
TrojanDownloader.Win32.Small.cse.

Kaspersky reccommends I delete the file. It is located at
C:\WINDOWS\SYSTEM32\dmocy.exe, has a size of 51Kb and the same Date
Modified of 8/4/2004 00:56 as a lot of files around it alphabetically
that are Microsoft's, some involved with disk management. I can find no
mention of dmocy.exe on the web nor in Microsoft's Knowledge Base.
Deleting something having to do with disk management is not my idea of
fun.

Has Kaspersky detected the Win32.Small trojan inside dmocy.exe or is
there a way to determine if this is a false alarm? Where could I find
more information given no luck in searching across the web?

From Kaspersky's site:
Trojan-Downloader.Win32.Small.cse
Detection added Apr 20 2006 18:25 GMT
Update released Apr 20 2006 19:48 GMT
Behavior TrojanDownloader


Currently there is no description available for this program.

As many viruses and worms are modifications of earlier versions, it may help
you to check the descriptions of similar programs. If such descriptions are
available, they will be listed at the top of the page.

Our virus analysts work hard to ensure that descriptions of the commonest
and most potentially dangerous software are available to users. The Virus
Encyclopedia is updated on a regular basis.

If you cannot find the description you need, please check back later, or
contact us on (e-mail address removed).

http://www.viruslist.com/en/viruses/encyclopedia?virusid=118839

 

[steverossiter]

Thank you everyone. You have been very helpful, Steve.

 

[the2av]

does the file has try to autorun?

the filetime is these days?

the file description is ?
some sample way to analyzed is it false alarm or correctly deleted.

some viruses,trojans also will write the file datatime like system some
file datatime.