Fixed: swxcacls.exe - looks like FP

[FoxCat]

Hi Guys,

XP Pro, SP3; Firefox 3.07, SpyBot S&D 1.6.2.46

after today's update (came with TeaTimer 1.6.6.32)
I got this as in report extract below
"Kind": MalwareC
File is sitting there since 2007 I checked MD5 it is what it should be with that legit file which Combofix can install

None of the security and additional on-demand scans don't flag it

Thanks in advance
---------------------------------------------------------
Win32.Autoit.D: [SBI $9DBF579B] Executable (File,

nothing done)
C:\WINDOWS\system32\swxcacls.exe
Properties.size=212480
Properties.md5=B1A9CF0B6F80611D31987C247EC630B4
Properties.filedate=1164914432
Properties.filedatetext=2006-12-01 06:20:32

Win32.Autoit.D: [SBI $5F15CC1D] Settings (Registry

change, nothing done)


HKEY_USERS\S-1-5-21-507921405-113007714-839522115-

1003\Software\Microsoft\Internet

Explorer\PhishingFilter\Enabled
-----------------------------------------

here is additional info
MD5: b1a9cf0b6f80611d31987c247ec630b4
*******************************
Freeware implementation of XCACLS
Company: SteelWerX
Version: 1.0.1.1
internalname: SWXCACLS
Product name: SteelWerX Extended Configurator ACLists
********************

 

[Yodama]

hello,

thank you for reporting this issue, I can confirm that it is a false positive.
It will be corrected as soon as possible.

 

[FoxCat]

hello,
thank you for reporting this issue, I can confirm that it is a false positive.
It will be corrected as soon as possible.

Hi Yodama,

Thank you for confirmation :2thumb: Cheers!

***p.s. stupid question: if individual file/folder rescanned after update would that check the file and registry entries? Not all scanners are checking the registry when using Shell Extension.

 

[Yodama]

question: if individual file/folder rescanned after update would that check the file and registry entries? Not all scanners are checking the registry when using Shell Extension.

If you are using the shell extension to scan files/folders the registry does not get scanned.