Positive Identification (msnboot.exe)

hardhead · #1 February 11th, 2005, 07:51 PM

TDS found this on my backup drive. Should I submit the file?

Thanks,
hardyhar

Dan Perez · #2 February 11th, 2005, 08:03 PM

Hi HardyHar,

There was a definition set a while back that gave a false positive on that one and that is seemingly the case again here but just to be certain I would submit it.

Thanks

hardhead · #3 February 11th, 2005, 08:03 PM

I also found this qoute from Gavin

Quote:

Gavin - DiamondCSMay 12th, 2002, 09:41 AM
Hi everyone,

MSNBOOT.EXE was detected with one of the new generic scans for one day, we updated the detection which removed this, however to make sure it doesn't get detected you must not only update the databases, and then close TDS and restart it (or reload)

hardhead · #4 February 11th, 2005, 08:12 PM

Just wondering if todays update picked this up. I believe I did a full scan yesterday, best I can remember and TDS didn't find anything.

Maybe Gavin can comment on this Monday.

Thanks Dan

hardhead · #5 February 14th, 2005, 09:07 PM

I did submit the file and got a reply referring to the quote that I found and I'm still getting Positive Identification on (msnboot.exe).

Gavin says the same in my email....

Why all of a sudden am I getting this Positive Identification on (msnboot.exe) now. I do full scans regularly and have never got this before. I have todays reference file installed.

46861 references - 22725 primaries/11983 traces/12153 variants/other

Anyone got any ideas....

dvk01 · #6 February 15th, 2005, 03:27 AM

Fridays update did have a mistaken identify for that file and a couple of others

Mondays update cured it

did you do as Gavin said and installed new database then CLOSED tds then restart it and run a scan

hardhead · #7 February 15th, 2005, 06:31 PM

Hello dvk01,

I sure did. I followed the directions here ,same as the quote.

I was also told that this was not a false positive, rather a generic detection and not a trojan. It shouldn't be getting detected as it was fixed on this date: May 12th, 2002, 09:41 AM.

I also notice that the same file is in a restore volume that I made. It's picking up the same file. Wonder if I disable system restore and scan again. You suppose that might do the trick.

TDS does pick up the file in program files first and then the restore volume.
I just don't understand why it all of a sudden started this. It all happened when others started having problems too.

regards,
hardyhar

Gavin - DiamondCS · #8 February 15th, 2005, 11:16 PM

Is it fixed now for all of these Microsoft files ?

The reason it started happening - we added some more detection and it broke the webdownloader detection a little bit. Should be fixed though

hardhead · #9 February 16th, 2005, 01:34 AM

Hello Gavin,

I'm still getting the same Possible Webdownloader for MSNBOOT.EXE.

Same as the pic.
Should I uninstall TDS and reinstall?

regards,
hardyhar

Gavin - DiamondCS · #10 February 16th, 2005, 01:49 AM

Hi,

Dont have a copy of it handy so can you just send it to submit(at)diamondcs.com.au ? We'll check it again just to make sure

hardhead · #11 February 16th, 2005, 01:55 AM

I sure will.

hardhead · #12 February 16th, 2005, 11:31 PM

I sent my file by TDS. Sorry I sent an exe. the first time and then realized duh I need to send it in a zip which I did last night. I got todays updated database and closed TDS, restarted and still came up with the same Webdownloader for MSNBOOT.EXE.

It's really no big deal as long as the file is good which you did say in my email before. If messed up and need to send the file by email and not TDS let me know.

It's something that I can live with.

Regards,
hardyhar

hardhead · #13 February 22nd, 2005, 05:57 PM

Yippie........

It's fixed now. Not real sure which database update did the job because I haven't did a full scan in the past few days. Must have been yesterdays or todays update.........

Thanks,
Gavin

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search