wbload.dll

PS sorry forgot to say my thanks

not yet, but TrendMicro just picked up JPGUtils.dll as a keylogger

It sounds like ZoneAlarm need to work on their AV part a little more.

wbload.dll is not a trojan.

Maybe not, but my installation of Kaspersky 7.0 just reported the same thing. Have been forced to uninstall WindowBlinds just to get the system to boot up properly!

Which version of Windows and what trojan do they think it is?

Windows XP Professional SP2 with all subsequent fixes/patches
Trojan reported as: Trojan.Win32.Agent.es (aka Vernet by McAfee)

Are you 100% sure it was wbload.dll it complained about and not one of the other WB dlls?

wbload.dll is not used on Windows XP, only later versions of Windows.

ZA uses Kaspersky. It's a false positive. Update your definitions.

If it still comes up positive on a scan then scan it here: WWW Link
If it shows nothing, exclude it.

Yes it does - but only from Version 7 onwards (which has only been released in the last 2-3 months. The original post did not specify the version used.

Definitions ARE up to date!

You're both using the same main kernel driver: V7 (e.g. Klif.sys)

I have also got a trojan (Generic5.AJZ) warning using AVG antivirus on C:\windows\system32\wbload.dll.

So for now it is quarantined.

I too have recieved the Trojan Horse Generic5.ajz from AVG antivirus warning from wbload.dll. My antivirus already deleted it. Mine is also quarantined. I have the latest defintions from AVG also.
Strange the Stardock Central updated Windowblinds this evening and then this popped up an hour later.

Ditto the above - anyone filed the issue with support or heard anything yet?

It's probably a false positive - but theres no point in updating your antivirus and then ignoring what it says!

It seems that the latest virus definitions from a few companies all have the same false positive in them.  This suggests they all share data, either that or one of them has some explaining to do!

We will be contacting the companies & requesting they correct their definitions as a matter of some urgency.  Perhaps in the future they will do a better job of checking their definitions....

Testing here seems to suggest it is only triggering on a 20K version of wbload.dll which is included with some of the XP versions of WB.  This file dates from 2005 and I suspect its size (it contains almost no code) has resulted in a signature clash where it looks like a different file to the AV apps.

If you are running XP 32 bit it is perfectly safe to allow it to quarantine that file.  If the same file gets detected on Vista then the removal of that file will stop WB from functioning correctly, but the Vista file is much larger and AVG seems happy with it.

If anyone has a problem with any other AV packages and wbload.dll please post here so we can contact them and get them to correct their definitions.  I suspect Norton AV etc all use their own definitions and so are unlikely to make the same mistake.

 

Hang on a minute.....

AVG tells me that not only is my latest wbload.dll infected - but also the ten or so archived copies that were auto backed-up at the time of previous updates (I forgot to delete them)..

so it MUST be a virus signature false positive and therefore ok to ignore

I did some searching and it seems AVG uses definitions from Kaspersky and Kaspersky seem to have had a number of false positive issues in the last week.

Not concerned, but one of my XP machines using AVG just recognized this file as a trojan as well.

Interestingly, it didn't on the other XP machine ...and they both have the same version of WindowBlinds on them, and are both running the AVG free latest version, on the same [year] build of XP Pro. All my machines updated to the latest signatures on bootup this afternoon.

Wierd....

The one that detected wbload.dll as a virus, auto deleted the file. Never gave me the option to quarantine.

No false positive or detection as a virus/trojan on Vista Ultimate machine though.

Thanks for the research, Neil. Appreciate it.

I have the same problem on my XP machine using AVG. Is it a False Positive? Now my Start Menu background won't skin but The Program Menu's will skin. Is there a work around for that problem?

Thanks

I have informed Kaspersky of the problem, and have just received an E-Mail from them confirming that the false positive will be fixed in the next updates.

Given the high rate of updates issued, I suspect the problem will be eliminated within hours.

Trust comments #14 and #16 as accurate and correct. [oh, and #10]...

It's a false positive....

Good to know that it is a false positive.
I anxiously await the new update from AVG.
My AVG also auto deleted the file instead of giving me the option, but I don't know if it really did, because WB seems to working fine for me so far.

Thank you for keeping us informed.   

I just got the same results from AVG, which scans every day. In my case, however, the suspect files were on Drive D, which has recently been demoted from being my main hard drive--because there seemed to be a virus that no one could isolate. Oddly enough, the original symptoms were these: When I went online, a virus warning would pop up, window blinds would unload, and the internet would be disconnected.

WB seems to be working fine on the new drive, and that pesky "trojan" was not detected there.

AVG has the new dat file for the day. I am updating and rescanning my computer now to see if it picks it up.

As of the 269.9.6/863 6/23/2007 11:08 am AVG update, it was still incorrectly detecting it. I've emailed them again this afternoon. And F-Secure for good measure. The latest Kaspersky updates seem sorted.

I used that update and it did not detect it this time.   

Ummm....seems like my computer cannot find that file. It is strange that Windowblinds is still working for me. Any suggestions on what I should do?
PS...I do have the file wbload64.dll