Jump to content
ColdlyIndifferent

Outlook Express - MB Reports msinm.exe as Trojan.Patched

Recommended Posts

As requested by nasdaq I'm starting a new topic here about this.

Refer to the original thread for more information but essentially: a MB scan after the most recent definitions update on a Windows XP virtual machine is reporting MS Outlook Express email client's main .EXE as a "Trojan Agent.Patched". 

1427513303_MBmsinm.exeScanReport.png.7bf4d10ed3ecb58c1e940482f210c7a4.png

Here is a copy of the (zipped) msimn.exe file:-

msimn.zip

Look forward to knowing the result.

 

 

 

 

 

Share this post


Link to post
Share on other sites

Do you have the scan log? I do not see this detected here and has been whitelisted for some time on mbam 3 and 4.

 

Share this post


Link to post
Share on other sites

This should be fixed now.

What version of mbam are you running?  The older versions simply don't have the robust fp protection and the newer engines to detect more recent malware.

Share this post


Link to post
Share on other sites

Thanks for the very quick replies.

I am using an older version of MB v1.75.0.1300 on the Windows XPMode OS VM.

Running MB 2.0 or higher on that, at least as I want to use it, I found very early on when trialing v2.0 that it would take up to 2 minutes to do an an on demand scan against often less than 15 secs using that earlier version. It would probably be different if it was auto-running all the time but with only 1GB of dedicated RAM on the VM I do not want anything else slowing it down.

I was forced to change the anti-virus I was using with on that particular OS earlier this year and the slow down impact, particularly when launching or shutting down the VM, is significant. It pretty much doubled the time and often won't allow you to launch any system tool until it has updated its definitions. A real pain; I can't have MB adding to that as well. 

But it seems as if you're both saying it is a false positive which has already been white-listed in later MB versions definitions. As I expected then but it does prompt some questions:-

Why is that not part of the MB general definition updates package? To have been specifically white-listed in v3.0 and v4.0 MB versions suggests it has been reported before as a false positive.

Why has my version of MB suddenly started reporting it as problem ie. something must have been changed in or by the latest definitions update?

As explained I've never used Outlook Express, I've never even launched it on any machine I've ever had and the only time I go online with the XP VM is to update my security software and that includes MB. As described none of the other security tools I use from inside or outside the VM are reporting a problem with that msimn.exe file. 

   

 

Share this post


Link to post
Share on other sites

Test scanned the file on another PC this morning with the same older MB version installed and the same 30th November definitions too.

Threat detected.

Just installed this afternoon the latest v4 version of Malwarebytes free on my primary system and used that to check the file copy I'd extracted.

No threat detected.

Launched  the XP VM and updated the (older) MB to latest 2nd December definitions and scanned the Outlook Express folder.

No threat detected.

Hmmm, did somebody add the Outlook Express msimn.exe to the white-list earlier today?

Share this post


Link to post
Share on other sites

The offending def was removed. Being its a microsoft trusted file it would of been prevented from detection on mbam 3 and 4 at all.

2 doesn't have the cloud built in thus mbam 3 and 4 are more robust in detection's and fp preventions because of the cloud components of it.

Edited by shadowwar

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.