AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

If BirdieSync 1.x constantly replaces your girlfriend's phone number with your mother's one, this forum is for you...
Post Reply
kati42
Posts: 3
Joined: Sat Oct 03, 2009 4:00 am

AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Post by kati42 »

Just went to start up Thunderbird, and Avira AntiVir Guard gives me a warning that the ExternalService.dll in the BirdieSync\Thunderbird Service\components\ directory is the TR/Dldr.Zlob.Gen2 Trojan.

I ran Malwarebytes fast scan and then Spybot S&D, and neither found a problem. So I'm guessing it's a false positive. But I'm denying access for now just to be safe...

Anyone else seen this? I only purchased BirdieSync a week or so ago, and did not have this error until today. I am assuming that Avira updated the definitions, but I wasn't paying attention.

rowi
Posts: 5
Joined: Wed Aug 26, 2009 9:17 am

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Post by rowi »

Same for me. I use BirdieSync for a while and never had such a problem.
I also deny access for the dll until it's clear what happened.

best regards
Rolf

tobra71
Posts: 1
Joined: Sat Oct 03, 2009 10:30 am

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Post by tobra71 »

Hi,

I also have the problem. I think it was by updating the virus definitions this morning.

Can I trust the DLL?

Regards,

Torsten

Blechzwerg
Posts: 1
Joined: Sat Oct 03, 2009 11:04 am

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Post by Blechzwerg »

Same here.

Anybody knows, how to get information from Avira / Birdie regarding this issue??

;-)
Bz.

Birdy
Site Admin
Posts: 3118
Joined: Tue Apr 18, 2006 11:43 am
Contact:

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Post by Birdy »

Hello,

This is not the first time a false positive is detected with BirdieSync:
http://www.birdiesync.com/forum/viewtopic.php?f=2&t=241
http://www.birdiesync.com/forum/viewtopic.php?f=2&t=114

I don't know which version of BirdieSync you were using. Is it the last one ? In such situations, it is recommended to use a service like:
http://www.virustotal.com
This service checks the uploaded file with a lof of anti-virus. If only one reports a problem, it is very likely a false positive.
Birdy

ingo
Posts: 2
Joined: Sun Oct 04, 2009 7:33 am

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Post by ingo »

Hello,

I have the same problem with Avira AntiVir since this morning and just tried the file on virustotal.com. There was one hit from 41 virus detectors, although not from avira, but from McAfee. The Avira virus definition was, however, from October 2, so it may be that it's just not recent enough.

The ExternalServices.dll is from April 16th, so I guess it hasn't changed and is probably not infected, but I am no expert on viruses. So I'd like to wait for an all-clear from BirdieSync before I set it to "ignore".

@Birdy: Could you run the original file yourself and check whether you get that warning, too? The setup file version was 1.7.1.1

Best regards

Ingo

Birdy
Site Admin
Posts: 3118
Joined: Tue Apr 18, 2006 11:43 am
Contact:

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Post by Birdy »

The file 1.7.1.3 ExternalService.dll was compiled again from the original sources (so considered as clean) and submitted to virustotal. Only MacAfee reported the detection of the trojan (the 40 other anti virus did not). So a mail was sent to Mc Afee and Avira to signal this problem of "false positive". I hope that they will update their virus definitions soon.
Birdy

ingo
Posts: 2
Joined: Sun Oct 04, 2009 7:33 am

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Post by ingo »

Hello Birdy,

thanks for your help. I installed the 1.7.1.3 version and set AntiVir to ignore this file permanently. That's rather dangerous, I admit, but I hope there's never ever going to be a real virus in it. :)

Ingo

Birdy
Site Admin
Posts: 3118
Joined: Tue Apr 18, 2006 11:43 am
Contact:

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Post by Birdy »

I got a response from Avira:
The file 'ExternalService.dll' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.
Birdy

rowi
Posts: 5
Joined: Wed Aug 26, 2009 9:17 am

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Post by rowi »

Thank you for this positive :) information. Good support!

best regards
Rolf

kati42
Posts: 3
Joined: Sat Oct 03, 2009 4:00 am

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Post by kati42 »

Thanks!

Of course, now I have to reinstall because one of the times Avira had a warning it decided to delete the dll.

kati42
Posts: 3
Joined: Sat Oct 03, 2009 4:00 am

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Post by kati42 »

Actually, is there a way I can just download that dll directly from the BirdieSync site? I left my phone at work, so the BirdieSync installer won't let me reinstall BirdieSync. Plus, I'd rather not redo the entire setup to replace the one file...

Birdy
Site Admin
Posts: 3118
Joined: Tue Apr 18, 2006 11:43 am
Contact:

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Post by Birdy »

I tested again ExternalService.dll with virustotal and it seems that Avira and McAfee updated their virus definitions (2009-10-06). No more false positive detected ! :)
So ensure to have the latest virus defintions before reinstalling Birdiesync.

@kati42: if you don't mind, I would prefer you to reinstall BirdieSync over your previous installation. If you use the same Setup file as you lastly did, it shouldn't change anything. You can even skip the installation on the mobile device. But in any case I would suggest you to BACKUP your data before doing anything as suggested in this FAQ topic.
Birdy

Birdy
Site Admin
Posts: 3118
Joined: Tue Apr 18, 2006 11:43 am
Contact:

Re: AntiVir Guard Avira: Dldr.Zlob.Gen2 Trojan in BirdieSync...

Post by Birdy »

If you have problems with BirdieSync (for instance Birdiesync menus no longer work in Thundebird) after AntiVir detected a false positive, it maybe because AntiVir removed the libray ExternalService.dll from C:\Program Files\BirdieSync\Thunderbird Service\components
In this case, reinstall BirdieSync to retrieve the library.

Before any operation, I suggest you to backup your data as mentioned in this FAQ topic.
Birdy

Post Reply