False Positive for ShopAtHome

B

Bill Sanderson

Ran into this on a server this morning. Since the detected files are copies
of the source CD's for SBS-2000, I'm quite certain this is a flase positive.

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 1006
Date: 3/9/2006
Time: 12:22:47 AM
User: N/A
Computer: PRIME
Description:
Windows Defender scan has detected potential malware.
For more information please see the following:
http://www.microsoft.com
Scan ID: {F8D0CF95-75EA-45F0-8D36-0D698C3CE5FE}
Scan Type: AntiSpyware
Scan Parameters: Full Scan
User: NT AUTHORITY\SYSTEM
Threat Name: ShopAtHome
Threat Id: 10773
Threat Severity: 4
Threat Category: 2
Path Found: file:G:\Source
CDs\sbs-cd3\EXCHSRVR60\MIGRATE\ASN\SUPPORT\SYMBOLS\I386\ASNSYMBOLS.MSI->(MSI
Stream 4);file:G:\Source
CDs\sbs-cd3\EXCHSRVR60\ADC\SUPPORT\SYMBOLS\I386\ADCSYMBOLS.MSI->(MSI Stream
4);file:G:\Source
CDs\sbs-cd2\SQL2000\MSEQ\X86\VS\VSI2.CAB->Common\Tools\VS-Ent98\VSInst\BuildRes\mdac.msm->(MSI
Stream 0);file:C:\Program Files\Microsoft Small Business Server
SP1\EX2KSP3_server.exe->(WinZipSfx)->server/support/symbols/i386/SupportSymbols.msi->(MSI
Stream 4);file:C:\Program Files\Microsoft Small Business Server
SP1\EX2KSP3_server.exe->(WinZipSfx)->server/calcon/support/symbols/i386/CalConSymbols.msi->(MSI
Stream 4);file:C:\Program Files\Microsoft Small Business Server
SP1\EX2KSP3_server.exe->(WinZipSfx)->server/adc/support/symbols/i386/ADCSymbols.msi->(MSI
Stream 4);file:G:\Source
CDs\sbs-cd3\EXCHSRVR60\SUPPORT\SYMBOLS\I386\SUPPORTSYMBOLS.MSI->(MSI Stream
4)
Detection Type: Signatures



--
 
P

plun

Hi Bill

Mr Treit confirmed it yesterday.

From: "Mike Treit [Msft]" <[email protected]>
References: <[email protected]>
Subject: Re: ShopAtHome False Positive with Full Scan?

--------------------------------------------------------------------------------


Yes, this is a false positive.

This should be fixed in an upcoming signature release. You should not
try to remove it (in any event, removing it will fail because it's
inside an archive, but that's a different issue.)

Thanks

-Mike
 
B

Bill Sanderson

So much for my memory--in fact, I even recall reading that message, but
obviously not which item was involved!
--

plun said:
Hi Bill

Mr Treit confirmed it yesterday.

From: "Mike Treit [Msft]" <[email protected]>
References: <[email protected]>
Subject: Re: ShopAtHome False Positive with Full Scan?

--------------------------------------------------------------------------------


Yes, this is a false positive.

This should be fixed in an upcoming signature release. You should not try
to remove it (in any event, removing it will fail because it's inside an
archive, but that's a different issue.)

Thanks

-Mike

--
plun
Ran into this on a server this morning. Since the detected files are
copies of the source CD's for SBS-2000, I'm quite certain this is a flase
positive.

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 1006
Date: 3/9/2006
Time: 12:22:47 AM
User: N/A
Computer: PRIME
Description:
Windows Defender scan has detected potential malware.
For more information please see the following:
http://www.microsoft.com
Scan ID: {F8D0CF95-75EA-45F0-8D36-0D698C3CE5FE}
Scan Type: AntiSpyware
Scan Parameters: Full Scan
User: NT AUTHORITY\SYSTEM
Threat Name: ShopAtHome
Threat Id: 10773
Threat Severity: 4
Threat Category: 2
Path Found: file:G:\Source
CDs\sbs-cd3\EXCHSRVR60\MIGRATE\ASN\SUPPORT\SYMBOLS\I386\ASNSYMBOLS.MSI->(MSI
Stream 4);file:G:\Source
CDs\sbs-cd3\EXCHSRVR60\ADC\SUPPORT\SYMBOLS\I386\ADCSYMBOLS.MSI->(MSI
Stream 4);file:G:\Source
CDs\sbs-cd2\SQL2000\MSEQ\X86\VS\VSI2.CAB->Common\Tools\VS-Ent98\VSInst\BuildRes\mdac.msm->(MSI
Stream 0);file:C:\Program Files\Microsoft Small Business Server
SP1\EX2KSP3_server.exe->(WinZipSfx)->server/support/symbols/i386/SupportSymbols.msi->(MSI
Stream 4);file:C:\Program Files\Microsoft Small Business Server
SP1\EX2KSP3_server.exe->(WinZipSfx)->server/calcon/support/symbols/i386/CalConSymbols.msi->(MSI
Stream 4);file:C:\Program Files\Microsoft Small Business Server
SP1\EX2KSP3_server.exe->(WinZipSfx)->server/adc/support/symbols/i386/ADCSymbols.msi->(MSI
Stream 4);file:G:\Source
CDs\sbs-cd3\EXCHSRVR60\SUPPORT\SYMBOLS\I386\SUPPORTSYMBOLS.MSI->(MSI
Stream 4)
Detection Type: Signatures
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

ShopAtHome False Positive with Full Scan? 1
Problems with Business Contact Manager with SP4 for OUtlook 2003 4
Printing, Imaging, Fax and All-in-One FAQ for Jan 26, 2004 2
Printing, Imaging, Fax and All-in-One FAQ for November 19, 2003 1
WTD: Nvidia Videocard for 4x AGP Slot 0
Printing, Imaging, Fax and All-in-One FAQ for July 31, 2003 0
Internet Explorer will open only https pages 3
FWT Newsletter - Weekly - February 16, 2004 2

Top