• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Malware in IPSEng32.dll?

Hello. I have 3 PCs, a desktop and 2 laptops. All 3 run Windows 7 SP1 and one laptop is 32-bit, the others unsurprisingly are 64-bit. On all 3 I have NIS 2014 v21.6..32 which is fully up to date. On the desktop, I also have Emsisoft Anti-Malware (but not on the laptops) and this morning it flagged up IPSEng32.dll as containing malware. I know there has been an issue with this in the past on XP, but I thought it had been resolved. I have checked this file on all 3 PCs with both Jotti and VirusTotal and get the same result in all cases. http://virusscan.jotti.org/en/scanresult/d1d950be58135f4f79d3a3f41a7601f... and https://www.virustotal.com/en/file/dfc2f8f94001abf5ae18e9db2a9c497ba67ff... What exactly is going on? Why is this file showing up anywhere as malware? I have no idea if the links will work, but I hope they do! Thanks for any info you can give me.
2 x Windows 7 Home Premium SP1 - 64bit, 1 x Windows 7 Home Premium SP1 - 32bit, NIS v22.7.0.76

Replies

Kudos0

Re: Malware in IPSEng32.dll?

....your links work...you may test and edit after posting....
 

Kudos1 Stats

Re: Malware in IPSEng32.dll?

Hi Madeline:

I suspect that Emsisoft Anti-Malware is generating a false positive detection for IPSEng32.dll (Symantec's Intrusion Prevention engine).  Are you running both anti-virus programs in real-time protection mode on your desktop?  Most security software manufacturers advise against doing this - see the Symantec support article Should you run more than one security product on your computer?

The bleepingcomputer FAQ titled Answers to Common Security Questions - Best Practices by forum mod and malware removal specialist quietman7 also states:

Choosing an Anti-Virus Program (Section 2):

"Using more than one anti-virus program is not advisable. Why? The primary concern with doing so is due to Windows resource management and significant conflicts that can arise especially when they are running in real-time protection mode simultaneously. Even if one of them is disabled for use as a stand-alone on demand scanner, it can affect the other and cause conflicts. Anti-virus software components insert themselves deep into the operating systems core where they install kernel mode drivers that load at boot-up regardless of whether real-time protection is enabled or not. Thus, using multiple anti-virus solutions can result in kernel mode conflicts causing system instability, catastrophic crashes, slow performance and waste vital system resources."

Let us know if you would prefer to keep Emsisoft AM or Norton IS on your desktop.  The security software you choose to remove should be wiped off your system with the manufacturer's removal tool to ensure that any orphaned files or registry entries left behind by the uninstall are removed from your system.

EDIT:

I just found a recent thread Run EAM and NIS on the Emsisoft forum and assume you are the OP.  If Emsisoft contends that you can run both products in real-time protection mode, then you should contact Emsisoft to ask them how to submit a false positive report for IPSEng32.dll and create exclusions in EAM to prevent conflicts with NIS.
-------------
32-bit Vista Home Premium SP2 * Firefox 35.0.1 * NIS 2014 v. 21.6.0.32 * MBAM Premium 2.0.4
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Kudos2 Stats

Re: Malware in IPSEng32.dll?

Don't know about the top one listed in the detected listings

But for these

BitDefender  Gen:Variant.Kazy.549050

Emsisoft  Gen:Variant.Kazy.549050 (B)

GData   Gen:Variant.Kazy.549050

MicroWorld-eScan  Gen:Variant.Kazy.549050 

All use BitDefender as their AV engine (or one of their engines)

Quads

Kudos0

Re: Malware in IPSEng32.dll?

Thanks for your replies. After all that, later in the day - after I'd originally posted here - Emsisoft Anti-Malware gave a notification  that the  file had been re-scanned and was found to be clean! I don't intend to deal with 'mutual exclusions' as this is the first time I've had any trouble with EAM. The apparent 'malware' warning arose only if I opened either Firefox or Internet Explorer 11; when using my default browser, Pale Moon, nothing like that happened.

As far as I'm concerned, this query can be counted as resolved. Many thanks to all of you.

By the way, I do know about not running 2 AVs, but I found Emsisoft's statement encouraging, so I thought I'd try it out! I quoted what they said in the thread there which Imacri gave a link to above. I'd like to keep both programs but whatever happens, I won't be getting rid of Norton.

Madeline

2 x Windows 7 Home Premium SP1 - 64bit, 1 x Windows 7 Home Premium SP1 - 32bit, NIS v22.7.0.76
Kudos1 Stats

Re: Malware in IPSEng32.dll?

Madeline:

Emsisoft Anti-Malware gave a notification  that the  file had been re-scanned and was found to be clean! I don't intend to deal with 'mutual exclusions' as this is the first time I've had any trouble with EAM. The apparent 'malware' warning arose only if I opened either Firefox or Internet Explorer 11; when using my default browser, Pale Moon, nothing like that happened.

Hi Madeline:

Thanks for letting us know this was a false positive, and kudos to Quads for pointing out link between the BitDefender AV engine and the suspected detections for Symantec's IPSEng32.dll file.

Since Symantec's Intrusion Prevention System (IPS) is responsible for scanning network traffic that enters and exits your computer for suspicious activity, it's possible that the IPSEng32.dll (IPS Script Engine) was not accessed while you were using Pale Moon because Norton does not support this browser.  See the list of supported browsers in the System Requirements for Norton Internet Security.
-------------
32-bit Vista Home Premium SP2 * Firefox 35.0.1 * NIS 2014 v. 21.6.0.32 * MBAM Premium 2.0.4
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Kudos0

Re: Malware in IPSEng32.dll?

Hi Imacri

I thought that what you said about Symantec's IPS was probably the reason why I had the problem only in supported browsers such as Firefox and IE 11, but it's nice to have it confirmed!

I'm not in the habit of watching when programs are downloading updates - not very interesting, but I remember once seeing something like 're-scanning quarantined items' on EAM just after it had downloaded and installed updates, so it seems that it re-scans anything in quarantine every time updates are installed and lets the user know when an FP has been found.

Anyway, everything's back to normal today thank goodness! Thanks to all of you - to Quads for the info about the AV engine, to bjm_ for confirming that my links work and to you for your help and advice!

Madeline 

2 x Windows 7 Home Premium SP1 - 64bit, 1 x Windows 7 Home Premium SP1 - 32bit, NIS v22.7.0.76

This thread is closed from further comment. Please visit the forum to start a new thread.