Positive Identification (msnboot.exe)

Discussion in 'Trojan Defence Suite' started by hardhead, Feb 11, 2005.

Thread Status:
Not open for further replies.
  1. hardhead

    hardhead Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    292
    Location:
    Blue Ridge, Va
    TDS found this on my backup drive. Should I submit the file?

    Thanks,
    hardyhar
     

    Attached Files:

    • TDS1.JPG
      TDS1.JPG
      File size:
      79.2 KB
      Views:
      243
  2. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi HardyHar,

    There was a definition set a while back that gave a false positive on that one and that is seemingly the case again here but just to be certain I would submit it.

    Thanks
     
  3. hardhead

    hardhead Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    292
    Location:
    Blue Ridge, Va
    I also found this qoute from Gavin

     
  4. hardhead

    hardhead Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    292
    Location:
    Blue Ridge, Va
    Just wondering if todays update picked this up. I believe I did a full scan yesterday, best I can remember and TDS didn't find anything.

    Maybe Gavin can comment on this Monday.

    Thanks Dan
     
  5. hardhead

    hardhead Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    292
    Location:
    Blue Ridge, Va
    I did submit the file and got a reply referring to the quote that I found and I'm still getting Positive Identification on (msnboot.exe).

    Gavin says the same in my email....

    Why all of a sudden am I getting this Positive Identification on (msnboot.exe) now. I do full scans regularly and have never got this before. I have todays reference file installed.

    46861 references - 22725 primaries/11983 traces/12153 variants/other

    Anyone got any ideas....
     
  6. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Fridays update did have a mistaken identify for that file and a couple of others

    Mondays update cured it

    did you do as Gavin said and installed new database then CLOSED tds then restart it and run a scan
     
  7. hardhead

    hardhead Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    292
    Location:
    Blue Ridge, Va
    Hello dvk01,

    I sure did. I followed the directions here ,same as the quote.

    I was also told that this was not a false positive, rather a generic detection and not a trojan. It shouldn't be getting detected as it was fixed on this date: May 12th, 2002, 09:41 AM.

    I also notice that the same file is in a restore volume that I made. It's picking up the same file. Wonder if I disable system restore and scan again. You suppose that might do the trick.

    TDS does pick up the file in program files first and then the restore volume.
    I just don't understand why it all of a sudden started this. It all happened when others started having problems too.

    regards,
    hardyhar
     
  8. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Is it fixed now for all of these Microsoft files ?

    The reason it started happening - we added some more detection and it broke the webdownloader detection a little bit. Should be fixed though :)
     
  9. hardhead

    hardhead Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    292
    Location:
    Blue Ridge, Va
    Hello Gavin,

    I'm still getting the same Possible Webdownloader for MSNBOOT.EXE. :'( Same as the pic.
    Should I uninstall TDS and reinstall?

    regards,
    hardyhar
     
  10. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi,

    Dont have a copy of it handy so can you just send it to submit(at)diamondcs.com.au ? We'll check it again just to make sure
     
  11. hardhead

    hardhead Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    292
    Location:
    Blue Ridge, Va
    I sure will. ;)
     
  12. hardhead

    hardhead Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    292
    Location:
    Blue Ridge, Va
    I sent my file by TDS. Sorry I sent an exe. the first time and then realized duh I need to send it in a zip which I did last night. I got todays updated database and closed TDS, restarted and still came up with the same Webdownloader for MSNBOOT.EXE.

    It's really no big deal as long as the file is good which you did say in my email before. If messed up and need to send the file by email and not TDS let me know.

    It's something that I can live with. :D

    Regards,
    hardyhar
     
  13. hardhead

    hardhead Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    292
    Location:
    Blue Ridge, Va
    Yippie........ :D

    It's fixed now. Not real sure which database update did the job because I haven't did a full scan in the past few days. Must have been yesterdays or todays update......... :cool:

    Thanks,
    Gavin
     
Thread Status:
Not open for further replies.