When I run McAfee AV, it shows xmltok as malware in my Eudora folder.
However, Eudora runs fine. Also, I checked another PC with Eudora and
it also has xmltok.dll in the folder - but McAfee doesn't identify it
as malware. The two xmltok's are also the exact same size. Could
someone clarify this for me? Thank you

"Nisko" <rmo555@cox.netwrote in message
@4ax.com
When I run McAfee AV, it shows xmltok as malware in my Eudora folder.
However, Eudora runs fine. Also, I checked another PC with Eudora and
it also has xmltok.dll in the folder - but McAfee doesn't identify it
as malware. The two xmltok's are also the exact same size. Could
someone clarify this for me? Thank you

Here is some info I found simply by Googling the file name. It appears that
the opinions are mixed as to whether or not it is part of an adware program.
Perhaps it is a dll file used by more than one program, with at least one of
them being the "Shop-At-Home" adware.

pc doc

>Please submit a sample of the DLL to Virus Total --
>
>The submission will then be tested against many different AV vendor's scanners.
>That will give you an idea what it is and who recognizes it. In addition, unless told
>otherwise, Virus Total will provide the sample to all participating vendors.
>
>You can also submit a suspect, one at a time, via the following email URL
>mailto:scan@virustotal.com?subject=SCAN
>
>When you get the report, please post back the exact results.

Thanks, Dave - will do.

>
>Here is some info I found simply by Googling the file name. It appears that
>the opinions are mixed as to whether or not it is part of an adware program.
>Perhaps it is a dll file used by more than one program, with at least one of
>them being the "Shop-At-Home" adware.
>
>
>
>
>
>pc doc
>
Thank you

David H. Lipman wrote:
From: "Nisko" <rmo555@cox.net>

Here is some info I found simply by Googling the file name. It
appears that the opinions are mixed as to whether or not it is part
of an adware program. Perhaps it is a dll file used by more than
one program, with at least one of them being the "Shop-At-Home"
adware.

pc doc

>Thank you
>
Please realize that any file can be named anything. It is often the
case where malware will use the name of legitmate files names to
obfuscate their malicious intent.

That is why I asked to send it to Virus Total for analysis by
multiple AV scanners. This why we are not merely going by a name but
by actual analysis of the sample.

This could have easily been the file; SVCHST.EXE and if you just
Google it, you'll find many references saying it is legitimate.
However, I can provide *numerous* examples of malwarde using that
name or slight variations of it.

I mention all this because I did NT see a Virus Total report as
requested.

I agree. Especially since there are differing opinions in the Google search.
It would be wise to send in a sample to VirusTotal as David suggested.

pc doc

>>
>Please realize that any file can be named anything. It is often the
>case where malware will use the name of legitmate files names to
>obfuscate their malicious intent.
>>
>That is why I asked to send it to Virus Total for analysis by
>multiple AV scanners. This why we are not merely going by a name but
>by actual analysis of the sample.
>>
>This could have easily been the file; SVCHST.EXE and if you just
>Google it, you'll find many references saying it is legitimate.
>However, I can provide *numerous* examples of malwarde using that
>name or slight variations of it.
>>
>I mention all this because I did NT see a Virus Total report as
>requested.
>
>I agree. Especially since there are differing opinions in the Google search.
>It would be wise to send in a sample to VirusTotal as David suggested.
>
>pc doc
>
I intend to - haven't been feeling well last couple of days. Also,
when McAfee called out the file, it was on my wife's networked PC. I
placed a copy of the file on my PC and ran McAfee again on both her
version of xmltok and mine. This time, neither one was called out.
Very strange