dja2k

I deleted the file in syswow64 folder just to be sure on this test I ran. I extracted two different msconfig.exe files from 32 and 64 bit Windows 7 DVD's. Both files are attached and they have different signatures as shown in the attached image. Both files aren't flagged by MBAM while on the desktop via execution, right click scan, nor with a quick scan. It is a different story when put into the windows\system32 folder as they both get flagged on execution by MBAM, but don't get detected with a scan which is odd. dja2k MSCONFIG_FP.zip

Did your check.bat test and yeah there is an msconfig.exe in that folder. Didn't see it as my system files were hidden, but now I see it. File: msconfig.exe CRC-32: 00000000 MD4: 31d6cfe0d16ae931b73c59d7e0c089c0 MD5: d41d8cd98f00b204e9800998ecf8427e SHA-1: da39a3ee5e6b4b0d3255bfef95601890afd80709 dja2k

I don't think there has ever been an msconfig in sysWOW64 folder and no I don't have a version there. dja2k

Sorry for taking long in responding, but here is the file. Again the file with a right click scan will not say infected, but a quick\full scan via the GUI will. Also if you don't have it in the ignore list, eventually it MBAM will pop up saying msconfig is infected and what you want to do. dja2k msconfig.zip

Any word on this false positive and when its going to get fixed? dja2k

I did a restore of a clean msconfig from the Windows 7 DVD and still the same FP. It doesn't get flagged if I use the MBAM right click, but it does when running a quick or full system scan. Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3939 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 4/1/2010 4:26:08 PM mbam-log-2010-04-01 (16-26-08).txt Scan type: Quick scan Objects scanned: 105886 Time elapsed: 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Windows\System32\msconfig.exe (Backdoor.Bot) -> No action taken. [FAE5B45F4F285E839C4E6502576FEEBC] dja2k mbam_log_2010_04_01__16_26_08_.zip

Really, I thought it had been fixed with some updates since 1.44, guess not. Okay let me get those logs. dja2k

Ever since version 1.44 on Win7 x64, I've noticed that Msconfig is detected as a back-door trojan. I have been on and off using MBAM and now I've installed 1.45 and still see the same false positive. All updates are current. Is anyone else seeing this false positive. dja2k