Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: MPSigStub.exe

  1. #1
    Junior Member
    Join Date
    Aug 2006
    Posts
    2

    Default MPSigStub.exe

    I recently found this executable in a very strange folder on my machine (MPSigStub.exe). The properties indicate that it comes from MicroSoft. Does anybody no what it is? I spent most of an hour with MicroSoft and got "We're Not Sure" for and answer.

  2. #2
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Without further information it is hard to say if the file is safe or not. Even if support from Microsoft is not sure about the file, it does not mean that the file is bad, it just means, they have so many files that they lost track :(

    The properties info of the file could be faked, so with the name and the info alone, there is no telling if the file is ok or not.

    I believe it would be best if you would submit the file for analysis, if possible also include a Spybot and/or Hijackthis log. For example use this adress: detections-at-spybot.info (replace -at- with @ )


    When submitting a suspicious file please, zip or rar the file an put a password like infected on the archive. Otherwise the file could be filtered by automatic scanners.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  3. #3
    Junior Member
    Join Date
    Aug 2006
    Posts
    2

    Default MPSigStub.exe

    Thanks for responding.

    I got paranoid about having the program on my machine so I erased it. Can't send you a copy.

    I also found a log file that has MPSigStub as part of the name and it appears that the program may be part of the upgrade or update process for Windows Defender. At any rate I haven't noticed any problems with my machine so I think everything is okay.

    Again, Thanks for your help.

  4. #4
    Junior Member
    Join Date
    Nov 2006
    Posts
    3

    Default Same file found, have a copy

    I also found this file on my fileserver. The server is running Windows 2003 and Windows defender. The file details also say MS. I haven't called them about it though.

    It was found in F:\781115a6699d2ccd5d

    I've attached a zip file with the .exe with the password of 'infected'. Any insight would be appreciated. Cheers.
    Last edited by tashi; 2006-11-09 at 22:14. Reason: Removed attachment

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,491

    Default

    Hello whereisian

    Please see:
    Infected Files. How To Submit. Please do not attach them here.
    http://forums.spybot.info/showthread.php?t=1699

    Thanks.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  6. #6
    Junior Member
    Join Date
    Nov 2006
    Posts
    3

    Default Emailed

    Sorry 'bout that. I've submitted via email.

  7. #7
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,491

    Default

    Cheers.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  8. #8
    Junior Member
    Join Date
    Nov 2006
    Posts
    3

    Default ping

    Just seeing if anything was found.

    Cheers

  9. #9
    Junior Member
    Join Date
    Nov 2007
    Posts
    1

    Default

    Copied from Spyware-Net:

    Description of mpsigstub.exe
    This is a component of Microsoft Windows Application. Microsoft Windows Application is the widely popular Windows operating system. The Windows family of operating systems developed the point-and-click graphical user interface for easy interaction with programs and files.

  10. #10
    Junior Member
    Join Date
    Jul 2008
    Posts
    3

    Default unusual way to run

    i woke up this morning to my real time spyware shield tellin me a process (mpsigstub.exe) was trying to run from my external hard drive i went to look into this file and what it was where it was and why it was there it was in H:\1b3b00f54712297a6b47e4c2 witch wasn't there for 100 percent sure last night my updates dont run during the night so it shouldn't be anysort of update either so i tried to scan the file and avast tells me access is denied for a scan i checked the security properties of the file system has full access and user has none other than read and execute i thought all this was very odd for ANY standard running file also theres no signature in any way. i zipped the file up and put the "infected" password on in and im sending the file now if you can give me any information it would be much appreciated

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •