Why is service.cfg flagged?

[jimsokol]

I am curious why service.cfg is flagged as Heuristics.Reserved.Word.Exploit. It it the only thing found in a full scan, and is reported in two area, file and registry. I am not concerned about it, as nothing else was found, but was curios as to why this was flagged on its own.

Log output appears below. Thanks. ...jim

Malwarebytes' Anti-Malware 1.33

Database version: 1668

Windows 5.1.2600 Service Pack 2

1/20/2009 7:19:18 AM

mbam-log-2009-01-20 (07-19-06).txt

Scan type: Full Scan (C:\|)

Objects scanned: 157530

Time elapsed: 59 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\Services.cfg (Heuristics.Reserved.Word.Exploit) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\Services.cfg (Heuristics.Reserved.Word.Exploit) -> No action taken.

[GT500]

That's because of one of the many ways our heuristics work.

I don't see how that file could ever be legit, but if it is then add it to your ignore list or file a False Positive report in our False Positives forum.

[jimsokol]

That's because of one of the many ways our heuristics work.

I don't see how that file could ever be legit, but if it is then add it to your ignore list or file a False Positive report in our False Positives forum.

Thanks for the reply. I have no clue whether it is legit. I was just curious because nothing else was found in the full scan.

...jim