I recently scanned a friends computer with the most recent definitions at the time of this posting and found that there were 6 instances of Backdoor.Torr in what seems like valid Windows Update files located in C:\util\msupdate\*. The files are: WindowsXP-KB892050-v3-x86-ENU.exe WindowsXP-KB896256-v3-x86-ENU.exe WindowsXP-KB923232-v3-x86-ENU.exe WindowsXP-KB927891-v3-x86-ENU.exe WindowsXP-KB940275-v3-x86-ENU.exe I ran a scan on C:\util\msupdate\ on another computer and found the same result for KB896256 but the other computer doesn't have any of those other update files. Googling the KB article shows that these are valid KB articles with updates, but I'm not sure if this c:\util\msupdate\ folder should even exist, and if it does, why are updates being downloaded to there and not deleted after the update is installed. Can anyone else confirm if these files and locations are valid or if they are a threat? Thanks.
