<<<
Monday, April 20, 2009
>>>
 
False Alarm with Backdoor.Win32.Agent.afqs Posted by Jose @ 05:15 GMT

In the last couple of hours, we had a false alarm on a Windows XP system file called wmiprvse.exe
(md5:798A9E6828997EEF4517ADA8A2259831).

This file was updated by Windows updates earlier this year. Though the executable is not signed by Microsoft, it is indeed a clean file.

The file may appear on your system in the following locations:

  •   C:\WINDOWS\system32\wbem\wmiprvse.exe
  •   C:\WINDOWS\system32\dllcache\wmiprvse.exe
  •   C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3_ctc\SP3GDR\wmiprvse.exe

We have fixed the false alarm and apologize for any inconvenience.

Fix is included in the database release 2009-04-20_02.






<<< Malware Analysis Course Materials Now Available
|
25,000 Bank Robbing Mobile Phones? >>>