dsound.dll

Question

bonjour!depuis quelques temps McAfee n'arrete pas de me signaler que dsound.dll est un cheval de troie.pourtant j'ai lu dans certains forum que ce dernier est indispensable au fonctionnement de certains programmes de xindows.n'etant pas tres callé sur ce point je souhaiterais savoir si je dois me debarasser du fichier ou ne rien faire. merci

Answer 1

et pour le fichier dsound32.dll:

Antivirus	Version	Last Update	Result
AhnLab-V3	2010.07.23.01	2010.07.23	Trojan/Win32.Pincav
AntiVir	8.2.4.26	2010.07.23	-
Antiy-AVL	2.0.3.7	2010.07.23	-
Authentium	5.2.0.5	2010.07.23	-
Avast	4.8.1351.0	2010.07.23	Win32:Dracur-C
Avast5	5.0.332.0	2010.07.23	Win32:Dracur-C
AVG	9.0.0.851	2010.07.23	Crypt.XUG
BitDefender	7.2	2010.07.23	-
CAT-QuickHeal	11.00	2010.07.23	-
ClamAV	0.96.0.3-git	2010.07.23	-
Comodo	5520	2010.07.23	-
DrWeb	5.0.2.03300	2010.07.23	Trojan.Bender.26
Emsisoft	5.0.0.34	2010.07.23	Trojan.Win32.Malagent!IK
eSafe	7.0.17.0	2010.07.22	-
eTrust-Vet	36.1.7732	2010.07.23	-
F-Prot	4.6.1.107	2010.07.23	-
F-Secure	9.0.15370.0	2010.07.23	-
Fortinet	4.1.143.0	2010.07.23	-
GData	21	2010.07.23	Win32:Dracur-C
Ikarus	T3.1.1.84.0	2010.07.23	Trojan.Win32.Malagent
Jiangmin	13.0.900	2010.07.23	-
Kaspersky	7.0.0.125	2010.07.23	Trojan.Win32.Pincav.adgi
McAfee	5.400.0.1158	2010.07.23	Artemis!6D35E68EE585
McAfee-GW-Edition	2010.1	2010.07.23	Artemis!6D35E68EE585
Microsoft	1.6004	2010.07.23	-
NOD32	5306	2010.07.23	a variant of Win32/Kryptik.FLA
Norman	6.05.11	2010.07.23	W32/Suspicious_Gen2.BQBYR
nProtect	2010-07-23.02	2010.07.23	-
Panda	10.0.2.7	2010.07.23	Trj/CI.A
PCTools	7.0.3.5	2010.07.23	Trojan.Gen
Prevx	3.0	2010.07.23	High Risk Fraudulent Security Program
Rising	22.57.03.08	2010.07.23	-
Sophos	4.55.0	2010.07.23	-
Sunbelt	6626	2010.07.23	Trojan.Win32.Generic!BT
SUPERAntiSpyware	4.40.0.1006	2010.07.23	-
Symantec	20101.1.1.7	2010.07.23	Trojan.Gen
TheHacker	6.5.2.1.324	2010.07.23	-
TrendMicro	9.120.0.1004	2010.07.23	TROJ_TRACUR.SMDI
TrendMicro-HouseCall	9.120.0.1004	2010.07.23	TROJ_TRACUR.SMDI
VBA32	3.12.12.6	2010.07.23	-
ViRobot	2010.7.23.3956	2010.07.23	-
VirusBuster	5.0.27.0	2010.07.23	-

Additional information<br><br><button id="show-metadata" class="submission-button ui-button ui-widget ui-state-default ui-corner-all ui-button-text-only" style="text-align: center; cursor: pointer; font-family: Helvetica, Arial, Verdana, sans-serif;<br> font-size: 11px; background-image: url(http://virustotal.hispasecsistemas.netdna-cdn.com/css/custom-theme/images/ui-bg\_glass\_75\_e6e6e6\_1x400.png); background-attachment: initial; background-origin: initial; background-clip: initial; background-color: #e6e6e6;<br> font-weight: bold; color: #555555; outline-style: none; outline-width: initial; outline-color: initial; border-top-left-radius: 4px 4px; border-top-right-radius: 4px 4px; border-bottom-right-radius: 4px 4px; border-bottom-left-radius: 4px 4px; background-position:<br> 50% 50%; background-repeat: repeat no-repeat; padding: 5px; border: 1px solid #d3d3d3;">Show all</button>
MD5   : 6d35e68ee585b3fbcb6fff6d8838cb06
SHA1  : 435906871b3a8c5eadc00c34a81ee41968e0116f
SHA256: 3e9f0ca230832a66f6291aa7453cef6b31d9ec3947e9ecbd1e9968bb363450d0
ssdeep: 3072:r8C2kfCH2nP6ZMfIyD4cTm8aaadns0pKrQa4ByuS9+cCocRY6xfxXc0KSLm49:Rj7iY5DT <br><br>m8amXraqOBV2SK
File size : 207360 bytes
First seen: 2010-07-20 05:12:35
Last seen : 2010-07-23 21:14:31
Magic: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
TrID:  <br><br>Win32 Executable Generic (42.3%) <br><br>Win32 Dynamic Link Library (generic) (37.6%) <br><br>Generic Win/DOS Executable (9.9%) <br><br>DOS Executable Generic (9.9%) <br><br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:  <br><br>publisher....: n/a <br><br>copyright....: n/a <br><br>product......: n/a <br><br>description..: n/a <br><br>original name: n/a <br><br>internal name: n/a <br><br>file version.: n/a <br><br>comments.....: n/a <br><br>signers......: - <br><br>signing date.: - <br><br>verified.....: Unsigned
PEiD: -
PEInfo: PE structure information <br><br> <br><br>[[ basic data ]] <br><br>entrypointaddress: 0x2E542 <br><br>timedatestamp....: 0x49E09AC6 (Sat Apr 11 13:27:34 2009) <br><br>machinetype......: 0x14C (Intel I386) <br><br> <br><br>[[ 6 section(s) ]] <br><br>name, viradd, virsiz, rawdsiz, ntropy, md5 <br><br>CODE, 0x1000, 0x2D5CF, 0x2D600, 6.67, 90373765a97b33ecd1b2a894c51adf0d <br><br>DATA, 0x2F000, 0xEF3, 0x600, 3.93, ef9968aac6b05eea457b4e37007b23cb <br><br>BSS, 0x30000, 0xF9F, 0x0, 0.0, d41d8cd98f00b204e9800998ecf8427e <br><br>.idata, 0x31000, 0xB98, 0xC00, 4.63, 12ccc986b077160a194a96c8cf781d13 <br><br>.reloc, 0x32000, 0x1BEE, 0x1C00, 6.76, d00b38d9851d1d896b5f312a40ee8ab9 <br><br>.rsrc, 0x34000, 0x3000, 0x2200, 3.93, 65ae3672f8624a8573e70fbfa81cd8d3 <br><br> <br><br>[[ 6 import(s) ]] <br><br>advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey <br><br>dsound.dll: DirectSoundCaptureEnumerateW, DirectSoundCreate <br><br>kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement,<br> InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA,<br> FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, LocalFree, LocalAlloc, WriteFile, WaitForSingleObject, VirtualQuery, SetFilePointer, SetEvent, SetEndOfFile,<br> ResetEvent, ReadFile, MultiByteToWideChar, LeaveCriticalSection, InitializeCriticalSection, GetVersionExA, GetThreadLocale, GetStringTypeExA, GetStdHandle, GetProcAddress, GetOEMCP, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError,<br> GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCPInfo, GetACP, FreeLibrary, FormatMessageA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateFileA, CreateEventA, CompareStringA, CloseHandle, Sleep <br><br>ole32.dll: CoUninitialize, CoInitialize <br><br>oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen, SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound,<br> SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit, GetErrorInfo, SysFreeString <br><br>user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA, MessageBoxA, LoadStringA, GetSystemMetrics, CharNextA, CharUpperBuffA, CharToOemA
Prevx Info:  <br><br>http://info.prevx.com/aboutprogramtext.asp?PX5=2DAD37CB00BCDBA92A61039E204AD500C95F8D04
Symantec reputation:Suspicious.Insight<br><br><br> <br><br><br>ça fait un peu long a lire je pense..merci d'avance!

Answer 2

le second fichier se nomme dsound32.dll se situant dans C:\Windows\System32 aussi.j'ai fait le scan et voila ce que ça a a donné:

pour le fichier dsound.dll:

Antivirus	Version	Last Update	Result
a-squared	4.5.0.50	2010.01.26	-
AhnLab-V3	5.0.0.2	2010.01.26	-
AntiVir	7.9.1.150	2010.01.26	-
Antiy-AVL	2.0.3.7	2010.01.26	-
Authentium	5.2.0.5	2010.01.26	-
Avast	4.8.1351.0	2010.01.26	-
AVG	9.0.0.730	2010.01.26	-
BitDefender	7.2	2010.01.26	-
CAT-QuickHeal	10.00	2010.01.25	-
ClamAV	0.94.1	2010.01.26	-
Comodo	3717	2010.01.26	-
DrWeb	5.0.1.12222	2010.01.26	-
eSafe	7.0.17.0	2010.01.26	-
eTrust-Vet	35.2.7260	2010.01.26	-
F-Prot	4.5.1.85	2010.01.26	-
F-Secure	9.0.15370.0	2010.01.26	-
Fortinet	4.0.14.0	2010.01.26	-
GData	19	2010.01.26	-
Ikarus	T3.1.1.80.0	2010.01.26	-
Jiangmin	13.0.900	2010.01.26	-
K7AntiVirus	7.10.957	2010.01.26	-
Kaspersky	7.0.0.125	2010.01.26	-
McAfee	5873	2010.01.26	-
McAfee+Artemis	5873	2010.01.26	-
McAfee-GW-Edition	6.8.5	2010.01.26	-
Microsoft	1.5405	2010.01.26	-
NOD32	4807	2010.01.26	-
Norman	6.04.03	2010.01.26	-
nProtect	2009.1.8.0	2010.01.26	-
Panda	10.0.2.2	2010.01.25	-
PCTools	7.0.3.5	2010.01.26	-
Prevx	3.0	2010.01.26	-
Rising	22.32.01.04	2010.01.26	-
Sophos	4.50.0	2010.01.26	-
Sunbelt	3.2.1858.2	2010.01.26	-
Symantec	20091.2.0.41	2010.01.26	-
TheHacker	6.5.0.9.163	2010.01.26	-
TrendMicro	9.120.0.1004	2010.01.26	-
VBA32	3.12.12.1	2010.01.26	-
ViRobot	2010.1.26.2156	2010.01.26	-
VirusBuster	5.0.21.0	2010.01.26	-

Additional information<br><br><button id="show-metadata" class="submission-button ui-button ui-widget ui-state-default ui-corner-all ui-button-text-only" style="text-align: center; cursor: pointer; font-family: Helvetica, Arial, Verdana, sans-serif;<br> font-size: 11px; background-image: url(http://virustotal.hispasecsistemas.netdna-cdn.com/css/custom-theme/images/ui-bg\_glass\_75\_e6e6e6\_1x400.png); background-attachment: initial; background-origin: initial; background-clip: initial; background-color: #e6e6e6;<br> font-weight: bold; color: #555555; outline-style: none; outline-width: initial; outline-color: initial; border-top-left-radius: 4px 4px; border-top-right-radius: 4px 4px; border-bottom-right-radius: 4px 4px; border-bottom-left-radius: 4px 4px; background-position:<br> 50% 50%; background-repeat: repeat no-repeat; padding: 5px; border: 1px solid #d3d3d3;">Show all</button>
MD5   : 84b8827562b005c118cadba0f25db2c6
SHA1  : dc15d11fd09f4b347421d98f70c3494c37c9cf51
SHA256: 3aa79e62edcfb994200b29a89c267e5391bbf4da6e5508814da52db801c80fe2
ssdeep: 6144:uRidYTP11RFgEcnI8WmRe+paMYaceYXbLZ7XK9yV2eBIEZK8GWlvJ1xBFa3D2Au8:u7TPN <br><br>FgEIQMYaceiNKQPZ//azNQO15s
File size : 444416 bytes
First seen: 2009-07-03 23:51:47
Last seen : 2010-01-26 19:49:55
Magic: PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit
TrID:  <br><br>DirectShow filter (58.4%) <br><br>Win64 Executable Generic (24.8%) <br><br>Win32 Executable MS Visual C++ (generic) (10.9%) <br><br>Win32 Executable Generic (2.4%) <br><br>Win32 Dynamic Link Library (generic) (2.1%)
PEiD: -
PEInfo: PE structure information <br><br> <br><br>[[ basic data ]] <br><br>entrypointaddress: 0x15A2 <br><br>timedatestamp....: 0x49E0375C (Sat Apr 11 06:23:24 2009) <br><br>machinetype......: 0x14C (Intel I386) <br><br> <br><br>[[ 5 section(s) ]] <br><br>name, viradd, virsiz, rawdsiz, ntropy, md5 <br><br>.text, 0x1000, 0x43EE7, 0x44000, 6.71, 1a05024e1688fc72c7714c5db59fd680 <br><br>RT_CODE, 0x45000, 0x11F, 0x200, 3.5, 4b14c1e49ae7128b2fbbc2e76f74dd5c <br><br>.data, 0x46000, 0x2523C, 0x25400, 7.02, 44f7004a8912fb96e6df02901e9599f0 <br><br>.rsrc, 0x6C000, 0x4F8, 0x600, 2.91, 0a13651c859a035719f8820625d1bb53 <br><br>.reloc, 0x6D000, 0x26D8, 0x2800, 6.57, efb765ce2ac4420cfbafcf8b708a3859 <br><br> <br><br>[[ 7 import(s) ]] <br><br>advapi32.dll: RegSetValueExW, RegOpenKeyExA, RegCreateKeyW, RegOpenKeyExW, RegQueryValueExA, RegCloseKey, RegCreateKeyA, RegSetValueExA, RegQueryValueExW <br><br>kernel32.dll: GetProcessHeap, GetSystemInfo, CreateThread, InterlockedCompareExchange, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, IsProcessorFeaturePresent,<br> InterlockedCompareExchange64, OutputDebugStringA, GetThreadTimes, GetProcessTimes, WaitForSingleObject, QueryPerformanceCounter, GetTickCount, ReleaseSemaphore, CreateSemaphoreW, CloseHandle, GetFullPathNameW, GetModuleFileNameW, GetModuleHandleW, lstrcmpiW,<br> GetFileSize, SetFilePointer, ReadFile, CreateFileW, HeapCreate, HeapDestroy, HeapAlloc, HeapFree, DuplicateHandle, GetCurrentProcess, GetLastError, MultiByteToWideChar, WideCharToMultiByte, FreeLibrary, GetProcAddress, LoadLibraryA, lstrlenA, lstrlenW, lstrcmpW,<br> LoadLibraryW, ReleaseMutex, QueryPerformanceFrequency, DisableThreadLibraryCalls, CreateMutexW, GetCurrentThreadId, GetCurrentProcessId, LocalFree, GetSystemPowerStatus, InitializeCriticalSection, LeaveCriticalSection, SetEvent, EnterCriticalSection, InterlockedIncrement,<br> DeleteCriticalSection, InterlockedDecrement, SetThreadPriority, GetCurrentThread, SwitchToThread, CreateEventW, WaitForMultipleObjects, Sleep, ResetEvent, OpenProcess, GetExitCodeThread, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, OpenFileMappingW,<br> MulDiv, InterlockedExchange, HeapSize <br><br>msvcrt.dll: _CIlog, _vsnprintf, ___U@YAPAXI@Z, ___V@YAXPAX@Z, ceil, _controlfp, floor, _CIsin, free, malloc, _XcptFilter, _initterm, _aligned_free, _aligned_malloc, memmove, _CIlog10, memcpy, _isnan, _CItan, _CIpow,<br> _CIcos, _ftol2, __CxxFrameHandler3, memset, _ftol2_sse, _CIsqrt, _CIatan2, _amsg_exit, _adjust_fdiv, _unlock, __dllonexit, _lock, _onexit, _except_handler4_common, _vsnwprintf <br><br>ole32.dll: CoTaskMemAlloc, CoUninitialize, CoInitializeEx, CoCreateInstance, CLSIDFromString, PropVariantClear, CoTaskMemFree <br><br>powrprof.dll: PowerReadACValue, PowerGetActiveScheme, CallNtPowerInformation, PowerReadDCValue <br><br>user32.dll: GetWindowThreadProcessId, GetParent, GetForegroundWindow, GetWindowPlacement, IsWindow, LoadStringW, CharUpperW <br><br>winmm.dll: timeBeginPeriod, timeEndPeriod, waveInGetNumDevs, timeGetTime, waveOutGetDevCapsW, waveOutGetNumDevs, waveInGetDevCapsW <br><br> <br><br>[[ 12 export(s) ]] <br><br>DirectSoundCaptureCreate, DirectSoundCaptureCreate8, DirectSoundCaptureEnumerateA, DirectSoundCaptureEnumerateW, DirectSoundCreate, DirectSoundCreate8, DirectSoundEnumerateA, DirectSoundEnumerateW, DirectSoundFullDuplexCreate, DllCanUnloadNow, DllGetClassObject,<br> GetDeviceID

Answer 3

Re,

Pourrais tu nous donner l’emplacement du deuxième fichier ?

Celui dans System32 doit bien être celui de Windows.

Dans tous les cas je te conseils d’aller faire un scan de ces deux fichiers sur un antivirus en ligne comme Virus Total (http://www.virustotal.com/index.html) puis de nous poster les resultats des analyses ici pour savoir si il s’agit d’un faux positif (un fichier qui est detecté comme un virus alors qu’il est sain).

-- Cordialement,

Mickael Puyfagès

http://www.micka39.info

"Anjara" a écrit dans le message de groupe de discussion : 216347f9-d658-45e1-91e7-081cf4ac2045...

deja merci d'avoir repondu aussi rapidement^^..le fichier se situe dans C:\Windows\System32 et il y a en a deux d'ailleurs et McAfee les signale tous les deux comme cheval de troie.

---

Mickael Puyfages - http://www.micka39.info

Answer 4

deja merci d'avoir repondu aussi rapidement^^..le fichier se situe dans C:\Windows\System32 et il y a en a deux d'ailleurs et McAfee les signale tous les deux comme cheval de troie.

Answer 5

Bonjour,

Il ne faut pas supprimer cette DLL si elle est située dans le répertoire système de Windows car elle est bel et bien necessaire au bon fonctionnement de la partie audio de Windows et elle est aussi sans risque.

Pourrais-tu nous indiquer l’emplacement du fichier que McAfee te signale comme étant un cheval de troie ?

-- Cordialement,

Mickael Puyfagès

http://www.micka39.info

"Anjara" a écrit dans le message de groupe de discussion : 906d896e-95bc-49ea-aa1a-7520f4d05fec...

bonjour!depuis quelques temps McAfee n'arrete pas de me signaler que dsound.dll est un cheval de troie.pourtant j'ai lu dans certains forum que ce dernier est indispensable au fonctionnement de certains programmes de xindows.n'etant pas tres callé sur ce point je souhaiterais savoir si je dois me debarasser du fichier ou ne rien faire. merci

---

Mickael Puyfages - http://www.micka39.info