Hello,

the drivers for my graphics card come with some extensions from MSI to allow automatic overclocking etc. One file is WinSys.exe, 2006/02/22, 200.704 bytes which gets automatically started by loaded by HKLM\SOFTWARE\Microsoft\Windows\Currentversion\Run\WinSys .

One can argue whether this is a reasonable function, but it is imho not spywarerelated - I could not find any malicious behaviour of this application and believe that it's a false positive.

Regards,

Top Gun

Hello Top Gun,

it seems that winsys.exe if often used by trojans and other malicious software. To check why your winsys.exe is flagged by our software it would be great if you could send us the file and the exactly name of the driver and his extansions .

I sent you a private message with my mail adress so you can contact me directly. :2thumb:

best regards
Markus
Team Spybot

Hello,

I can confirm that the file you sent me was part of MSI-graphic-driver. I adjusted our detections and the false positive will be fixed with the next update scheduled for the end of the week. :bigthumb:

But there is still malware outside that uses the same name as the MSI driver so please be very careful when you find such a file on your system ;)