Results 1 to 5 of 5
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Down Under
    Posts
    22
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I bought several MS Office Prof 2007 via ebay from different vendors - they
    came boxed with all the expected labels, security flags, holograms and
    imprints. When trying to install one, my Hips popped up alerting me to a
    file.
    Uploading this file lph.dll to virustotal shows that 7 out 41 AV consider
    the file a trojan/malware.
    I contacted MS support re the first file I received and was told that the
    license number was legit but did not get any answer re the lph.dll issue.

    Does anyone know what this file does, why some AV consider it malware (could
    be a FP) and in particular if it is part of the official installation file
    for MS office Prof 2007?

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    Quote Originally Posted by Beethoven View Post
    Uploading this file lph.dll to virustotal shows that 7 out 41 AV consider
    the file a trojan/malware.
    Does VirusTotal give you the detailed diagnosis from those 7 vendors? It probably isn't the usual kind of malware if only 15% identify it as such; perhaps it was deemed objectionable on some other grounds?

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    Down Under
    Posts
    22
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Virustotal does not but threatexpert did though I don't understand this:

    Threatexpert

    When I uploaded it to Avira, the onscreen result said "malware - threat Tr/Crypt.FKM.Gen. The term "Tr/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system. This file is detected by a special detection routine from the engine module". I have not yet received the email finalising my submission - though I am not sure if this is their last word. Strangely enough, their installed AV did not make a peep when installing the software or scanning the pc.

    I went through the online registration with MS too and everything works fine. I am starting to believe that this is a microsoft file for validation or phoning home that has perhaps characteristics of malware and due to this fact it gets flagged by some AV.

  4. #4
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    Quote Originally Posted by Beethoven View Post
    Virustotal does not but threatexpert did though I don't understand this:
    I think this is the most illuminating part of that report: "Office Genuine Advantage Validation Tool". Unless the file is infected with something else, I think you just have to live with it.

  5. #5
    New Lounger
    Join Date
    Dec 2009
    Location
    Down Under
    Posts
    22
    Thanks
    0
    Thanked 0 Times in 0 Posts
    If that is the only issue, I have no problem with it. Just am surprised that some AV will flag this coming from MS as malware.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •