Dell's DSUPDATE.exe from http://dds1.ddsupdate1.com/ identified as a Trojan virus by Norton

Hi scuba-geek,

Is the DELL site distributing infected files?

Is Norton wrong?

Yes, it seems that many people are having issues with Norton finding that.
It might be helpful to upload the file for some opinions from other vendors.
Please submit a sample of this file:
c:\program files (x86)\alienrespawn\components\dsupdate\dsupdate.exe

to Virus Total –  http://www.virustotal.com/


At the top of the page you will see:
Select file>Browse>Send
Just follow the prompts.
The submission will then be tested against many different AV vendors’ scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

Feel free to post your Virus Total report here if you like.

Hi Bugbatter,

I cannot upload the file from my disk because Norton keeps deleting it.

I was able to submit the URL to Virus Total. Here is the report.

I'll ask one of the Dell Liaison's to look into this and reply in this topic.

Please take the file out of quarantine. Disable Norton and go directly to HERE. Submit that file and follow the prompts. Please post your report. Thanks.

Don't forget to enable Norton when you are finished.

Please take the file out of quarantine. Disable Norton and go directly to HERE. Submit that file and follow the prompts. Please post your report. Thanks. Don't forget to enable Norton when you are finished.

Hi Bugbatter,

I performed the steps above. Here is the report;

VirSCAN.org Scanned Report :
Scanned time   : 2011/01/17 13:41:31 (PST)
Scanner results: 43% Scanner(s) (15/35) found malware!
File Name      : dsupdate.exe
File Size      : 750592 byte
File Type      : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5            : 965827fe54a3a0cd7d53713f670ace0a
SHA1           : 041dbac84678150904716ff8f2578d9a73ea9284
Online report  : http://virscan.org/report/9e48bad8bb8301f07a88f4ec7e05c662.html

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared      5.1.0.2         20110118002000    2011-01-18  5.19   Trojan.Win32.Inject!IK
AhnLab V3      2011.01.11.00   2011.01.11        2011-01-11  1.54   -
AntiVir        8.2.4.134       7.11.0.248        2010-12-31  0.31   -
Antiy          2.0.18          20101228.6954489  2010-12-28  0.02   -
Arcavir        2010            201101180506      2011-01-18  0.39   -
Authentium     5.1.1           201101171726      2011-01-17  1.69   -
AVAST!         4.7.4           110117-1          2011-01-17  0.19   -
AVG            8.5.850         271.1.1/3386      2011-01-17  1.64   -
BitDefender    7.90123.6659484 7.35758           2011-01-18  6.07   Trojan.Generic.KDV.48624
ClamAV         0.96.5          12535             2011-01-18  0.67   -
Comodo         4.0             7422              2011-01-17  2.52   -
CP Secure      1.3.0.5         2011.01.17        2011-01-17  0.56   -
Dr.Web         5.0.2.3300      2011.01.18        2011-01-18  11.47  -
F-Prot         4.4.4.56        20110117          2011-01-17  1.66   -
F-Secure       7.02.73807      2011.01.17.06     2011-01-17  5.03   Trojan.Win32.Inject.avng [AVP]
Fortinet       4.2.254         12.805            2011-01-17  0.18   W32/Inject.AVNG!tr
GData          21.1582/21.624  20110117          2011-01-17  8.28   Trojan.Win32.Inject.avng [Engine:A]
ViRobot        20110117        2011.01.17        2011-01-17  0.36   -
Ikarus         T3.1.32.15.0    2011.01.17.77548  2011-01-17  5.00   Trojan.Win32.Inject
JiangMin       13.0.900        2011.01.17        2011-01-17  1.61   Trojan/Inject.mnm
Kaspersky      5.5.10          2011.01.17        2011-01-17  0.12   Trojan.Win32.Inject.avng
KingSoft       2009.2.5.15     2011.1.17.18      2011-01-17  0.86   -
McAfee         5400.1158       6229              2011-01-17  18.54  Generic.dx!vdf
Microsoft      1.6402          2011.01.17        2011-01-17  7.28   -
Norman         6.06.12         6.06.00           2011-01-16  16.01  -
Panda          9.05.01         2011.01.17        2011-01-17  1.89   -
Trend Micro    9.200-1012      7.774.13          2011-01-17  0.71   -
Quick Heal     11.00           2011.01.17        2011-01-17  0.90   Trojan.Inject.avng
Rising         20.0            22.83.00.03       2011-01-17  2.96   -
Sophos         3.15.0          4.61              2011-01-18  3.53   -
Sunbelt        3.9.2464.2      8103              2011-01-17  0.72   Trojan.Win32.Generic!BT
Symantec       1.3.0.24        20110116.003      2011-01-16  0.07   Trojan.Gen
nProtect       20110116.01     9619968           2011-01-16  16.14  Trojan/W32.Inject_Packed.750592
The Hacker     6.7.0.1         v00115            2011-01-14  0.56   Trojan/Inject.avng
VBA32          3.12.14.2       20110116.1511     2011-01-16  3.32   Trojan.Inject.avng

Thanks. I'm looking into it.

I have submitted this file to Norton....Symantec Endpoint Protection finally after uninstalling AlienRespawn and reinstalling it so I could get the file out of Quarantine.  I did the false positive report and submitted the file and I finally received and email back tonight saying that the file is safe and they will update their virus definitions to leave it out in an upcoming update.  At first it was quarantining DSUpdate.exe, but now its quarantining DSUpdate.ts3.  This all started from updated virus definitions from Friday the 14th, had no issues before then.  I did get an updated virus definition about an hour after I received the email, and that is when it left the .exe file alone and went for the ts3.  Hopefully that is not Norton/Symantecs fix.

Thanks for the info.

Thanks Ravenwjf,

Norton appears to have corrected the problem.  As you pointed out, the DSUpdate,exe is no longer in quarantine.

Bugbatter, thanks for your patience and your kind assitance.

It is not only Norton that is flagging this file.  I use AVG Internet Security at it's most recent update level and it flagged this file as containing a trojan yesterday.