Jump to content

jhvance

Members
  • Content Count

    2
  • Joined

  • Last visited

Posts posted by jhvance


  1. I have 2 machines (1 running Vista SP2 x86 Ultimate, 1 XP Pro x86 SP3) which have flagged that particular file in their latest weekly scans using the free MBAM version, but the XP machine also flagged a number of other items as "Trojan.FakeMS" which may or may not be related (on the Vista machine, that cabinet file was the only flagged item).  Not only was fp40ext.cab flagged in several directory locations (C:\Windows\i386, C:\Windows\ServicePackFiles\i386), but cfgwiz.exe was flagged in three locations (C:\Windows\ServicePackFiles\i386, C:\Windows\$NtServicePackUninstall$, and C:\Windows\system32\dllcache).

     

    The two other 'Trojan.FakeMS' entries were more arcane and located at:

     

    C:\System Volume Information\_restore{C7CD821B-CF90-41E4-913A-E25BDBD3B0DB}\RP812\A0117468.exe

    C:\System Volume Information\_restore{C7CD821B-CF90-41E4-913A-E25BDBD3B0DB}\RP813\A0121342.exe

     

    I took no action on any of them after confirming the validity of the fp40ext.cab and cfgwiz.exe files as legitimate Microsoft, and I inferred the more arcane false positives were the archived versions from the XP SP2 -> SP3 upgrade on that particular machine.  Sorry if this should have been posted as a separate thread.


  2. I'll see if another MBAM flag occurs when I run next week's round of scans, but the new v1.75 and latest updates identified a number of instances of _ISDel.exe as Spyware.Zbot on two older Toshiba laptops in my office, in each case pointing to that executable associated with official Toshiba application update patches and residing in temporary directories affiliated with their installation which have been present for years with no previous flag raised by MBAM or any of the other malware scanners run in residence (MSE) or in manual weekly scans (MBAM, Super Antispyware, TDSS Killer, Panda Cloud AV).

    If the flags are presented again next week, I'll monitor any followup messages in this thread and submit the developer log file then.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.