Fixed (Heuristics): Windows update file detected . . .

R

Richard FDisk

New member
false positive?

don't know if this has been reported before?
as this is an old file;

The update file from this MS page:

http://support.microsoft.com/kb/124345

file name is: ww1138.exe

update for win3.1x calculator

detected as Win32.Monderb.aqpu

how can it have a win32. infection if it's an MS file from their servers
and a 16-bit DOS file not 32-bit

I just DL it again and rescanned it and got the same result

any ideas?
 
I downloaded it just now. SpyBot Search & Destroy fully updated detects the same thing here only on the Heuristic scan. Malwarebytes detects it as Trojan.Agent. Avast 5 and ClamWin find no infection.

I uploaded the file to VirusTotal and only Prevx found an infection, calling it Medium Risk Malware.

VirusTotal mm1132.exe scan

It's probably a false positive, but may warrant further investigation.
 
it was packed with PKzip . . .

I'm guessing the false positive is coming from some part of the old pkzip code in the file.

I opened the file in an editor to view the contents,
the header contains:

MZ∩☺↓ ♠ ╤♀** ♥ ♦ ☺≡*▲ ☺Copyright 1989-1990 PKWARE Inc. All Righ
ts Reserved.♪◙ ⁿ.î♫o♦í☻ î╦ü├ ◘;├r♥- ♠- ·╝ ☻Ä╨√-A úq♦Ä└ΦÖ í
 
thank you for reporting this issue,

I can confirm the false positive with this update for the calculator for Win 3.1x.
It will be fixed with the next detection update scheduled for Wednesday 2010-08-04 (today)
 
You must log in or register to reply here.
Back
Top