I have noticed increasing instances of reports of spyware doctor detecting various portable programs as being a high level problem (Trojan Startpage ie. an internet browser startpage changer). The files detected are Registry.dll and FindProcDLL.dll which are left running in the %temp% folder until the portable program is stopped. I think that their function is to undo everything that the portable program put into the computer when the program shuts down. These files can be downloaded here for examination:
http://rapidshare.com/files/66425023/portfiles.rar
Symantec Antivirus 10.1.6.6000 can find no problem with these files.
One of the sources of a portable program maker can be found at
http://www.mediafire.com/?eq2ybyvgiem
There may be many other versions of portable program makers out there as well.
Of course the first remark to be expected is that the program is illegal or not recognized retail.
Regardless of the legalities, I believe that if people find these programs handy, then they will spread and any good antivirus program should be able to tell the difference between malware and a harmless homemade program. Symantec seem to know the difference. Perhaps it is time for PCtools to catch up.

Hi Kentroup,

Thanks for the info. We'll investigate this further and I will update you on this.
__________________
Thanks,


PC Tools - Essential tools for your PC

I have noticed increasing instances of reports of spyware doctor detecting various portable programs as being a high level problem (Trojan Startpage ie. an internet browser startpage changer). The files detected are Registry.dll and FindProcDLL.dll which are left running in the %temp% folder until the portable program is stopped. I think that their function is to undo everything that the portable program put into the computer when the program shuts down. These files can be downloaded here for examination:
http://rapidshare.com/files/66425023/portfiles.rar
Symantec Antivirus 10.1.6.6000 can find no problem with these files.
One of the sources of a portable program maker can be found at
http://www.mediafire.com/?eq2ybyvgiem
There may be many other versions of portable program makers out there as well.
Of course the first remark to be expected is that the program is illegal or not recognized retail.
Regardless of the legalities, I believe that if people find these programs handy, then they will spread and any good antivirus program should be able to tell the difference between malware and a harmless homemade program. Symantec seem to know the difference. Perhaps it is time for PCtools to catch up.

Hi Kentroup,

This is a FP - Trojan.Startpage (registry.dll) and a fix will be released in the next update :) However, findprocdll.dll is not related to this FP and if you want us to investigate the detection with Adware.Cinmus because you believe its a FP, could you please send us this file and we'll look into it :)

Hi Kentroup,

This is a FP - Trojan.Startpage (registry.dll) and a fix will be released in the next update :) However, findprocdll.dll is not related to this FP and if you want us to investigate the detection with Adware.Cinmus because you believe its a FP, could you please send us this file and we'll look into it :)

Thanks AChen, that's good news. findprocdll.dll seems to be ok ie. spyware doctor is not picking it up as being a problem. (I was just being too enthusiastic in tracking down the working files).