Trojan or valid MS file?

Topic

New Reply

I bought several MS Office Prof 2007 via ebay from different vendors – they
came boxed with all the expected labels, security flags, holograms and
imprints. When trying to install one, my Hips popped up alerting me to a
file.
Uploading this file lph.dll to virustotal shows that 7 out 41 AV consider
the file a trojan/malware.
I contacted MS support re the first file I received and was told that the
license number was legit but did not get any answer re the lph.dll issue.

Does anyone know what this file does, why some AV consider it malware (could
be a FP) and in particular if it is part of the official installation file
for MS office Prof 2007?

Reply | Quote

Replies

Uploading this file lph.dll to virustotal shows that 7 out 41 AV consider
the file a trojan/malware.

Does VirusTotal give you the detailed diagnosis from those 7 vendors? It probably isn’t the usual kind of malware if only 15% identify it as such; perhaps it was deemed objectionable on some other grounds?

Reply | Quote

Virustotal does not but threatexpert did though I don’t understand this:

Threatexpert

When I uploaded it to Avira, the onscreen result said “malware – threat Tr/Crypt.FKM.Gen. The term “Tr/” denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system. This file is detected by a special detection routine from the engine module”. I have not yet received the email finalising my submission – though I am not sure if this is their last word. Strangely enough, their installed AV did not make a peep when installing the software or scanning the pc.

I went through the online registration with MS too and everything works fine. I am starting to believe that this is a microsoft file for validation or phoning home that has perhaps characteristics of malware and due to this fact it gets flagged by some AV.

Reply | Quote

Virustotal does not but threatexpert did though I don’t understand this:

I think this is the most illuminating part of that report: “Office Genuine Advantage Validation Tool”. Unless the file is infected with something else, I think you just have to live with it.

Reply | Quote

If that is the only issue, I have no problem with it. Just am surprised that some AV will flag this coming from MS as malware.

Reply | Quote