WSA blocking install of latest NullDC emulator. Any advice?

  • 13 October 2013
  • 1 reply
  • 43 views

Userlevel 1
Ive tired to install the above (I have an older version of NullDC 1.04 on my PC which runs without any problems). I downloaded the latest version 1.0.4.136 which I then  extracted with 7Zip. When I tried to run it, WSA blocked two files as bad and removed them. NullDC refuses to launch without them. The files are:

nulldc_gui_win32.dll

 

nulldc_104_r136emitter_win32.dll

 

Why has it done this? Are these files malicious, or are they false positives? A copy of the scan log is below:

 

Sun 13-10-2013 11:07:35.0351 >>> Service started [v8.0.4.17]

Sun 13-10-2013 11:07:58.0974 User process connected successfully from PID 768, Session 1

Sun 13-10-2013 11:08:07.0247 Connecting to 45 - 45

Sun 13-10-2013 11:21:49.0938 Begin passive write scan (14 file(s))

Sun 13-10-2013 11:21:50.0765 Infection detected: c:usersgeorgedownloadsulldc_104_r136ulldc_gui_win32.dll [MD5: E861A37876E3F9FD114AF07A149EA494] [3/00000000] [Win32.Gabpath]

Sun 13-10-2013 11:21:50.0765 File blocked in realtime: c:usersgeorgedownloadsulldc_104_r136ulldc_gui_win32.dll [MD5: E861A37876E3F9FD114AF07A149EA494, Size: 303616 bytes] [0/00000003] [Win32.Gabpath]

Sun 13-10-2013 11:21:50.0765 Determination flags modified: c:usersgeorgedownloadsulldc_104_r136ulldc_gui_win32.dll - MD5: E861A37876E3F9FD114AF07A149EA494, Size: 303616 bytes, Flags: 00000020

Sun 13-10-2013 11:21:50.0765 Infection detected: c:usersgeorgedownloadsulldc_104_r136emitter_win32.dll [MD5: 619CBE160C6C5DD11B7C9E3DA6611B5D] [3/00000000] [Win32.Gabpath]

Sun 13-10-2013 11:21:50.0765 File blocked in realtime: c:usersgeorgedownloadsulldc_104_r136emitter_win32.dll [MD5: 619CBE160C6C5DD11B7C9E3DA6611B5D, Size: 72704 bytes] [0/00000003] [Win32.Gabpath]

Sun 13-10-2013 11:21:50.0765 Performing cleanup entry: 1

Sun 13-10-2013 11:21:50.0765 Determination flags modified: c:usersgeorgedownloadsulldc_104_r136emitter_win32.dll - MD5: 619CBE160C6C5DD11B7C9E3DA6611B5D, Size: 72704 bytes, Flags: 00000020

Sun 13-10-2013 11:21:50.0874 Performing cleanup entry: 2

Sun 13-10-2013 11:21:51.0061 End passive write scan (14 file(s))

Sun 13-10-2013 11:21:52.0886 Scan Started:  [ID: 3 - Flags: 1025/0]

Sun 13-10-2013 11:21:55.0211 Connected to C1

Sun 13-10-2013 11:21:56.0537 Scan Results: Files Scanned: 476, Duration: 3s, Malicious Files: 0

Sun 13-10-2013 11:21:56.0537 Scan Finished: [ID: 3 - Seq: 80043716]

Sun 13-10-2013 11:24:05.0616 Saved the product log to C:UsersGeorgeDocumentsscan.log

 

Automated Cleanup Engine Starting Cleanup at 13/10/2013 - 10:21:50 GMT

Starting Routine> Removing c:usersgeorgedownloadsulldc_104_r136ulldc_gui_win32.dll...#(PX5: DF3555E90051619DA24804E371B426001C0E533F - MD5: E861A37876E3F9FD114AF07A149EA494)... Deleting File> c:usersgeorgedownloadsulldc_104_r136ulldc_gui_win32.dll

Automated Cleanup Engine Starting Cleanup at 13/10/2013 - 10:21:50 GMT

Starting Routine> Removing c:usersgeorgedownloadsulldc_104_r136emitter_win32.dll...#(PX5: 7422EF010007B6501C230128D484D70029368796 - MD5: 619CBE160C6C5DD11B7C9E3DA6611B5D)... Deleting File> c:usersgeorgedownloadsulldc_104_r136emitter_win32.dll

 

 

Ive submitted a report, but wondered has anyone else had the same problem? If so, what`s the solution?

Kind Regards

George

1 reply

Userlevel 7
Badge +13
It looks like a simple false positive at first glance,but never hurts to err on the side of caution.You have already submitted a report,so if it's a fp, most likely it's just getting the aforementioned files whitelisted in the cloud database.Response time is usally quite quick.

Reply