Page 1 of 1

AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Posted: Sat Oct 03, 2009 4:06 am
by kati42
Just went to start up Thunderbird, and Avira AntiVir Guard gives me a warning that the ExternalService.dll in the BirdieSync\Thunderbird Service\components\ directory is the TR/Dldr.Zlob.Gen2 Trojan.

I ran Malwarebytes fast scan and then Spybot S&D, and neither found a problem. So I'm guessing it's a false positive. But I'm denying access for now just to be safe...

Anyone else seen this? I only purchased BirdieSync a week or so ago, and did not have this error until today. I am assuming that Avira updated the definitions, but I wasn't paying attention.

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Posted: Sat Oct 03, 2009 9:15 am
by rowi
Same for me. I use BirdieSync for a while and never had such a problem.
I also deny access for the dll until it's clear what happened.

best regards
Rolf

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Posted: Sat Oct 03, 2009 10:32 am
by tobra71
Hi,

I also have the problem. I think it was by updating the virus definitions this morning.

Can I trust the DLL?

Regards,

Torsten

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Posted: Sat Oct 03, 2009 11:06 am
by Blechzwerg
Same here.

Anybody knows, how to get information from Avira / Birdie regarding this issue??

;-)
Bz.

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Posted: Sat Oct 03, 2009 8:29 pm
by Birdy
Hello,

This is not the first time a false positive is detected with BirdieSync:
http://www.birdiesync.com/forum/viewtopic.php?f=2&t=241
http://www.birdiesync.com/forum/viewtopic.php?f=2&t=114

I don't know which version of BirdieSync you were using. Is it the last one ? In such situations, it is recommended to use a service like:
http://www.virustotal.com
This service checks the uploaded file with a lof of anti-virus. If only one reports a problem, it is very likely a false positive.

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Posted: Sun Oct 04, 2009 7:44 am
by ingo
Hello,

I have the same problem with Avira AntiVir since this morning and just tried the file on virustotal.com. There was one hit from 41 virus detectors, although not from avira, but from McAfee. The Avira virus definition was, however, from October 2, so it may be that it's just not recent enough.

The ExternalServices.dll is from April 16th, so I guess it hasn't changed and is probably not infected, but I am no expert on viruses. So I'd like to wait for an all-clear from BirdieSync before I set it to "ignore".

@Birdy: Could you run the original file yourself and check whether you get that warning, too? The setup file version was 1.7.1.1

Best regards

Ingo

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Posted: Sun Oct 04, 2009 9:37 am
by Birdy
The file 1.7.1.3 ExternalService.dll was compiled again from the original sources (so considered as clean) and submitted to virustotal. Only MacAfee reported the detection of the trojan (the 40 other anti virus did not). So a mail was sent to Mc Afee and Avira to signal this problem of "false positive". I hope that they will update their virus definitions soon.

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Posted: Sun Oct 04, 2009 6:57 pm
by ingo
Hello Birdy,

thanks for your help. I installed the 1.7.1.3 version and set AntiVir to ignore this file permanently. That's rather dangerous, I admit, but I hope there's never ever going to be a real virus in it. :)

Ingo

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Posted: Mon Oct 05, 2009 8:06 am
by Birdy
I got a response from Avira:
The file 'ExternalService.dll' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Posted: Mon Oct 05, 2009 8:44 am
by rowi
Thank you for this positive :) information. Good support!

best regards
Rolf

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Posted: Tue Oct 06, 2009 1:59 am
by kati42
Thanks!

Of course, now I have to reinstall because one of the times Avira had a warning it decided to delete the dll.

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Posted: Tue Oct 06, 2009 2:02 am
by kati42
Actually, is there a way I can just download that dll directly from the BirdieSync site? I left my phone at work, so the BirdieSync installer won't let me reinstall BirdieSync. Plus, I'd rather not redo the entire setup to replace the one file...

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Posted: Tue Oct 06, 2009 9:18 am
by Birdy
I tested again ExternalService.dll with virustotal and it seems that Avira and McAfee updated their virus definitions (2009-10-06). No more false positive detected ! :)
So ensure to have the latest virus defintions before reinstalling Birdiesync.

@kati42: if you don't mind, I would prefer you to reinstall BirdieSync over your previous installation. If you use the same Setup file as you lastly did, it shouldn't change anything. You can even skip the installation on the mobile device. But in any case I would suggest you to BACKUP your data before doing anything as suggested in this FAQ topic.

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Posted: Tue Oct 20, 2009 5:43 pm
by Birdy
If you have problems with BirdieSync (for instance Birdiesync menus no longer work in Thundebird) after AntiVir detected a false positive, it maybe because AntiVir removed the libray ExternalService.dll from C:\Program Files\BirdieSync\Thunderbird Service\components
In this case, reinstall BirdieSync to retrieve the library.

Before any operation, I suggest you to backup your data as mentioned in this FAQ topic.