Defender 2 unable to disinfect Adware.Borlan (stdup.dll)

[Alpha]

Defender Beta 2 alerted a change in IE add-on by stdup.dll in my notebook at
work. When I searched Google, I got a link to Symantec and gave me the
info of an adware "Adware.Boland".

http://www.symantec.com/avcenter/venc/data/adware.borlan.html

Path:
C:\WINDOWS\SYSTEM32\stdup.dll

Launching the quick scan gave no findings, but Defender alert me for a
change in IE add-on by stdup.dll every now and then. Choosing to "Remove"
gave another alert within 1 minute. There is no option to REMEMBER this
"Remove" action, so that I need to choose "Remove" again and again, as
stdup.dll never die.

Before I can find a solution for that, I would be happy if Defender can
REMEMBER this action so that I do not need to choose "Remove" again and
again.

And Defender Beta 2 was unable to find it or remove it, but only able to
prompt alerts.

 

[Guest]

Hi Alpha,

Can you please submit the binary to us for analysis? There's instructions
on how to do this in the help. Then we can be sure we have your version of
the file.

Thanks for trying Windows Defender,
Joe

 

[Alpha]

Hello Joe,

Do you mean joining the SpyNet community? I have done so already.
Will it alert me for sending the file?

I can attach the file here for your analysis. I don't have any zipping
software at work, so that I attach the original file for your analysis.
Please let me know if it is not allowed to do so in this newsgroup.

Michael

 

[Guest]

Hi Alpha,

No, please don't post files here.
Spynet collects metadata on files, but you can get the file to us, too.

To do so go to the help topic:
Report suspicious software to Microsoft SpyNet
And follow the link to the online instructions.

Thanks!
Joe

 

[Bill Sanderson]

I'm getting to this thread late, and for various reasons can't analyze these
attachments easily at the moment.

If anyone else has found that they are not safe--via submission to
virustotal, say, or some other means, I'd appreciate hearing about it.