real threat or false positive?

J

Jack R

My friend is running Windows2000, with MSAS.
It came up with a possible threat: C:\winnt\system32\windriver32.exe.
I can't find any reference to this file, good or bad...
Is this a threat?
They've blocked it for now.
Thanks,
 
B

Bill Sanderson

What do the properties of the file have to say about it? Find it with
Explorer and right-click on it.
 
B

Bill Sanderson

What did MSAS say it was? I think I would trust Microsoft Antispyware on
this one. No references would be unusual for a commercially distributed
executable.
 
J

Jack R

Hi Bill, thanks for the quick response.
It's not my system, so I don't have ready access to it, and the owner would
have a problem with 'properties'.
MSAS said it was unrecognized but suspect.
Thanks again,
--
Jack

Bill Sanderson said:
What did MSAS say it was? I think I would trust Microsoft Antispyware on
this one. No references would be unusual for a commercially distributed
executable.
Click to expand...
 
T

TJ

Please verify EXACT spelling of the file in question. I suspect it's
actually WINDRV32.EXE - known to be part of a MyDoom mass mailing worm:
http://www.iamnotageek.com/a/windrv32.exe.php

If this is the case, the person probably has lots of other problems on their
PC. I would suggest they immediately run Hijackthis and post a log at the
Hijackthis Log forum at the following web site:
http://www.spywarewarrior.com/index.php

The fact that "windriver32.exe" brings up not a single hit on google, means
that's probably not the correct spelling.

Good luck!
 
J

Jack R

Thanks TJ, very good advice.
I will double-check with them to be sure of the spelling.
If I learn something useful, I will be sure to post it here.
--
Jack R

TJ said:
Please verify EXACT spelling of the file in question. I suspect it's
actually WINDRV32.EXE - known to be part of a MyDoom mass mailing worm:
http://www.iamnotageek.com/a/windrv32.exe.php

If this is the case, the person probably has lots of other problems on
their PC. I would suggest they immediately run Hijackthis and post a log
at the Hijackthis Log forum at the following web site:
http://www.spywarewarrior.com/index.php

The fact that "windriver32.exe" brings up not a single hit on google,
means that's probably not the correct spelling.

Good luck!
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

false positive: jpeg DLL for VB 0
False positive 0
false positive ? 6
"Computer is infected" - but MSAS shows "No Known Issues Detected" 2
Another false positive? 8
False positive 4
Trojan.Downloader.AdMSI -- False Positive ? 3
False positive on Avencis product (SSOX) 1

Top