Malware code found in window blinds

from WinCustomize Forums

I just ran a scan on my machine and was notified of this threat:

HeurEngine.Packed.Execryptor

The heuristics engine has identified unknown code that is found to be highly suspicious.  This file is packed with the same run-time compression that is commonly used by malware and thus, could be a potentially unknown threat.

Process

winlogon.exe (C:\program files\stardock\object destop\WindowBlinds\wbsrv.dll)

File

c:\program files\stardock\object desktop\windowblinds\wbsrv.dll

Startup

String is too long to type but it's in the registry...

 

Anybody know anything about this?

Thanks.

 

 

windowblinds
4,012 views 8 replies
Reply #1 from WinCustomize Forums Top

It is not malware.  The message is just saying that execryptor was used on the dll which is true, but execryptor is a perfectly legitimate tool.

What app produced that error message?

Reply #2 from WinCustomize Forums Top

I would imagine it's a false positive, and your AV is just picking up, as you said, a similar compression method as something in it's database.

I wouldn't worry too much about it, Stardock isn't out to get us.  *_*    :)

Galactic Civilizations III
Reply #3 from WinCustomize Forums Top

i havent had any similair virus error messeges..but i trust WB and its creators , the skinners.

Reply #4 from WinCustomize Forums Top

Listen to Neil ....;)

Reply #5 from WinCustomize Forums Top

Quoting Neil, reply 1
It is not malware.  The message is just saying that execryptor was used on the dll which is true, but execryptor is a perfectly legitimate tool.

What app produced that error message?
End of Neil's quote

It's PC Tools Spyware Doctor.

I wasn't worried but thought it was strange to have this type of warning over software I've been using for years.  Thanks to everyone who responded, I appreciate it!

Reply #6 from Stardock Forums Top

Jazzmin could you please send a copy of the Spy Doctor report to [email protected]? We would like to track these messges and work with the company to provide a more friendly enviroment. Thank you very much for the heads up!

Reply #7 from WinCustomize Forums Top

Quoting Seabass, reply 6
Jazzmin could you please send a copy of the Spy Doctor report to [email protected]? We would like to track these messges and work with the company to provide a more friendly enviroment. Thank you very much for the heads up!
End of Seabass's quote

Sure thing Seabass... just forwarded to the email you provided.

I have since allowed the software to run but had to reinstall window blinds to get it to work correctly again.

 

 

Reply #8 from WinCustomize Forums Top

Jazzmin could you please send a copy of the Spy Doctor report to [email protected]? We would like to track these messges and work with the company to provide a more friendly enviroment.
End of quote

My mistake....I should have requested that, too...;)

It's unfortunately not uncommon for similar issues to arise...as both the programs and the spyware/AV checkers are updated.

Once the 'false-positive' is flagged the company is contacted to amend their signature updates/exclusions...;)