Trend Micro reports virus

I am using Directory Opus 9.1.3.0.3449 on Windows XP and keep getting notices of a virus being quarantined.

Trend Micro Internet Security 2008 (v.16) tells me that "C:\Documents and Settings\user\Application Data\GPSoftware\Directory Opus\State Data\openlisters.oll" is infected and references this page on their site.

trendmicro.com/vinfo/virusen ... SEUDOSI.BG

Anyone else get reports of a virus?

This is most likely a "false positive".

Have a look at the contents of that file. It should be a very short, simple XML file listing which windows you have open. Clearly not a virus, unless there's something else inside it.

<?xml version="1.0" encoding="UTF-8"?> <lister_layout flags="1" />

Assuming the file is okay, please report it to Trend Micro so that they can fix their definitions.

Yes, I thought it must be false also. Just wanted to notify GPSoftware and get any feedback.

As suggested, I was going to submit it to Trend Micro, but I can't seem to locate the file. Never able to locate the "State Data" folder. I even disable Trend Micro and could not locate the folder, much less the "openlisters.oll" file.

Any further suggestions?

If you type %appdata% in your Dopus CLI, you can find it in -> GPsoftware -> Directory Opus -> Layouts.

[quote="kp96"]Yes, I thought it must be false also. Just wanted to notify GPSoftware and get any feedback.

As suggested, I was going to submit it to Trend Micro, but I can't seem to locate the file. Never able to locate the "State Data" folder. I even disable Trend Micro and could not locate the folder, much less the "openlisters.oll" file.

Any further suggestions?[/quote]

State Data is/below a hidden/system folder so you won't see it if those folders are hidden.

If you paste the full file path into Opus or Explorer then it should take you to the right place, even though parts of the path are marked as hidden/system.

I don't have any problem locating the other directories/folders (16 folders from Buttons to UserCommands) within "Application Data\GPSoftware\Directory Opus". Just not seeing any "State Data". Does everyone else see the State Data folder?

Trend Micro only pops up the notification when I exit Directory Opus. Also, I don't have Directory Opus set to save my layout when I exit. Could it just be a temporary file that is created and deleted by Directory Opus? If I disable Trend Micro, I don't get the notification, but I still don't see a "State Data" folder.

Try using the Find function to look for "openlisters.oll".

If you type /dopuslocaldata into the location field in Opus it should take you to where the State Data folder is.

Find found it - it is under "C:\Documents and Settings\user\Local Settings\Application Data\GPSoftware\Directory Opus\State Data".

Was my mistake - Trend Micro did indicate "Local Settings", which I had missed.

The contents of the file are:<?xml version="1.0" encoding="UTF-8"?> <lister_layout flags="1" />
I will proceed with submitting it to Trend Micro.

Thanks.

Out of interest I submitted the file to VirusTotal and Trend was the only one to mistake a tiny xml file for a virus.

virustotal.com/analisis/ca3e ... 1248274102

Got this as well.

On my work laptop I have Trend Micro Antivirus and today it detected that virus on the openlisters.oll file.

The file is located in C:\Documents and Settings\user\Local Settings\Application Data\GPSoftware\Directory Opus\State Data\openlisters.oll

My problem is, even if it's a false positive, my company's IT department will freak out, and might force me to uninstall it, and without Dopus, nothing will ever be the same .

Apparently, only Trend is detecting a virus in this file. Anyone else?

Surely you can show your IT dept. that it's just a tiny xml file and a false detection from Trend?

I would have thought your IT department should be freaking out at the fact that their anti-virus solution is so inept that it considers a text file to be a threat.

[quote="jon"]I would have thought your IT department should be freaking out at the fact that their anti-virus solution is so inept that it considers a text file to be a threat.[/quote]Yes jon, Trend Micro may not be great, but AV protection is a "must have". In the past Trend Micro has removed utilities (keyfinder, smitfraudfix, etc - clean AFAIK) that I had saved on my PC.

Do you have any suggestions for real-time virus protection and a firewall (don't have to be same product), that do not slow the system down too much?

I don't mean to go off-topic on my own thread, so if this has been discussed recently, let me know.

NOD32 works great. (Not sure if they have a firewall product as well. I use the Windows firewall plus the firewall in my router and only have NOD32 set to inspect HTTP / email traffic.)

Hi Guys,

We work with Dopus in a corporate environment using - yes - Trend Micro as our corp AV and we, too were bombarded with this particular issue.

Fortunately, we have a good relationship with them and made sure they knew what was going on and that it was a false positive.

Here was their reply:

From: AV Query [mailto:av_query@support.trendmicro.com]
Sent: Thursday, July 23, 2009 3:34 PM
To:
Subject: SOLUTION: Re: [TICK] -USA-P1-Case ID 1-234483163 - File to Verify

Greetings!

We have received your inquiry.

We would like to inform you that the pattern for TROJ_PSEUDOSI.BG has already been modified to address false detections using OPR 6.307.00 or latest

Trend Micro strongly encourages you to update your pattern files regularly. Latest pattern can be downloaded on the following link:
trendmicro.com/download/pattern.asp

Hope this helps.

Thanks.

We have not had the opportunity to test it yet - but this issue should be cleared. If it isn't, I'll post back again.

Update ... Got around to trying it this morning.

Trend Micro no longer sees the openlisters file as a threat. :slight_smile:

Thanks! (Both for using your TrendMicro contacts to get it fixed and for letting us know about the update.)

Yes, thanks darkuni :slight_smile: - I had also submitted the false positive a couple days ago to Trend Micro, but as just a standard retail user, they weren't rushing to fix.

Trend Micro Internet Security 2008 is no longer quarantining the "openlisters.oll" file on my system.

Thanks for everyone's help.