TDS found this on my backup drive. Should I submit the file?

Thanks,
hardyhar

Hi HardyHar,

There was a definition set a while back that gave a false positive on that one and that is seemingly the case again here but just to be certain I would submit it.

Thanks

I also found this qoute from Gavin

-{ Quote: "Gavin - DiamondCSMay 12th, 2002, 09:41 AM
Hi everyone,

MSNBOOT.EXE was detected with one of the new generic scans for one day, we updated the detection which removed this, however to make sure it doesn't get detected you must not only update the databases, and then close TDS and restart it (or reload)" }-

Just wondering if todays update picked this up. I believe I did a full scan yesterday, best I can remember and TDS didn't find anything.

Maybe Gavin can comment on this Monday.

Thanks Dan

I did submit the file and got a reply referring to the quote that I found and I'm still getting Positive Identification on (msnboot.exe).

Gavin says the same in my email....

Why all of a sudden am I getting this Positive Identification on (msnboot.exe) now. I do full scans regularly and have never got this before. I have todays reference file installed.

46861 references - 22725 primaries/11983 traces/12153 variants/other

Anyone got any ideas....

Fridays update did have a mistaken identify for that file and a couple of others

Mondays update cured it

did you do as Gavin said and installed new database then CLOSED tds then restart it and run a scan

Hello dvk01,

I sure did. I followed the directions here (http://www.wilderssecurity.com/showpost.php?p=717&postcount=6) ,same as the quote.

I was also told that this was not a false positive, rather a generic detection and not a trojan. It shouldn't be getting detected as it was fixed on this date: May 12th, 2002, 09:41 AM.

I also notice that the same file is in a restore volume that I made. It's picking up the same file. Wonder if I disable system restore and scan again. You suppose that might do the trick.

TDS does pick up the file in program files first and then the restore volume.
I just don't understand why it all of a sudden started this. It all happened when others started having problems too.

regards,
hardyhar

Is it fixed now for all of these Microsoft files ?

The reason it started happening - we added some more detection and it broke the webdownloader detection a little bit. Should be fixed though :)

Hello Gavin,

I'm still getting the same Possible Webdownloader for MSNBOOT.EXE. :'( Same as the pic.
Should I uninstall TDS and reinstall?

regards,
hardyhar

Hi,

Dont have a copy of it handy so can you just send it to submit(at)diamondcs.com.au ? We'll check it again just to make sure

I sure will. ;)

I sent my file by TDS. Sorry I sent an exe. the first time and then realized duh I need to send it in a zip which I did last night. I got todays updated database and closed TDS, restarted and still came up with the same Webdownloader for MSNBOOT.EXE.

It's really no big deal as long as the file is good which you did say in my email before. If messed up and need to send the file by email and not TDS let me know.

It's something that I can live with. ;D

Regards,
hardyhar

Yippie........ ;D

It's fixed now. Not real sure which database update did the job because I haven't did a full scan in the past few days. Must have been yesterdays or todays update......... 8)

Thanks,
Gavin