Jump to content

Recommended Posts

SHA256: bff381fda8aba83b25727845416ba4d471385cb61048e1929e56bbd425ee6128

SHA1: 74043288c9c2c698672748f18731db7305e1c38d

MD5: a3ab11b8b97ee6bbc604374e7d56693b

File size: 1.8 MB ( 1864440 bytes )

File name: FP40EXT.CAB

File type: CAB

Detection ratio: 1 / 51

Analysis date: 2014-03-22 07:42:37 UTC ( 0 minutes ago )

 

https://www.virustotal.com/en/file/bff381fda8aba83b25727845416ba4d471385cb61048e1929e56bbd425ee6128/analysis/1395474157/

 

FP40EXT.7z                                MBAM-log-2014-03-22 (11-07-51).txt

Link to post
Share on other sites

I have 2 machines (1 running Vista SP2 x86 Ultimate, 1 XP Pro x86 SP3) which have flagged that particular file in their latest weekly scans using the free MBAM version, but the XP machine also flagged a number of other items as "Trojan.FakeMS" which may or may not be related (on the Vista machine, that cabinet file was the only flagged item).  Not only was fp40ext.cab flagged in several directory locations (C:\Windows\i386, C:\Windows\ServicePackFiles\i386), but cfgwiz.exe was flagged in three locations (C:\Windows\ServicePackFiles\i386, C:\Windows\$NtServicePackUninstall$, and C:\Windows\system32\dllcache).

 

The two other 'Trojan.FakeMS' entries were more arcane and located at:

 

C:\System Volume Information\_restore{C7CD821B-CF90-41E4-913A-E25BDBD3B0DB}\RP812\A0117468.exe

C:\System Volume Information\_restore{C7CD821B-CF90-41E4-913A-E25BDBD3B0DB}\RP813\A0121342.exe

 

I took no action on any of them after confirming the validity of the fp40ext.cab and cfgwiz.exe files as legitimate Microsoft, and I inferred the more arcane false positives were the archived versions from the XP SP2 -> SP3 upgrade on that particular machine.  Sorry if this should have been posted as a separate thread.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.