mcdv_pro.dll from ClipBrowser Reports as Virus

[Steve Kalle]

For whatever reason, my Kaspersky anti-virus just reported that this file from the XDCAM EX Clipbrowser is a Trojan called "Backdoor.Win32.Sinowal.ojj".

Nothing has changed recently so I don't know why Kaspersky doesn't like this file. I assume it is just a false positive, but I wanted to see if anyone has seen something similar with Sony's software.

Thanks

[Markus Klatt]

I have the same - suddenly (yesterday) my Kaspersky 2012 IS package reports

mcdv_pro.dll
mcdvd_32.dll

from MainConcept encoder in ClipBrowser 2.6.0 to be infected by a Backdoor.Win32.Sinowal.ojj trojan malware. The Sinowal would be a real pain, so we should be sure that it is not (=false positive).

I checked the original zip (got it from an official Sony site, I don't remember if it was the European or US/Canadian website) and the included setup.exe and yes: even the original files within the zip would be infected, if it is true. Kaspersky claimed, that the two dlls within the original zip files of CB 2.5 and 2.5.1 (I had them not deleted) would be infected too. This sounds like false positive, since even when it happened one time within 2.6.0, the internet would be full of messages on this topic. But the only hit in Google for "Sinowal Clip Browser" was this thread and no hits for "Sinowal mcdv_pro.dll mcdvd_32.dll".

Further a check of the whole system signaled, that a cab/msi file within c:/windows/installer/ is infected too. I think, these are the temporary files from the setup of the ClipBrowser (after deleting the mcdv_pro.dll and mcdvd_32.dll yesterday I've installed CB 2.6 again).

The software log of hijackthis does not mention any real problems, no Ukranian nameserver or something like that is set in my machine (Win7 64bit).

So, I am not 100% sure, but 95%, that we are not infected.
I will send Kaspersky the dlls for checking...