2 replies to this topic

[jimsokol]

I am curious why service.cfg is flagged as Heuristics.Reserved.Word.Exploit. It it the only thing found in a full scan, and is reported in two area, file and registry. I am not concerned about it, as nothing else was found, but was curios as to why this was flagged on its own.

Log output appears below. Thanks. ...jim

Malwarebytes' Anti-Malware 1.33
Database version: 1668
Windows 5.1.2600 Service Pack 2

1/20/2009 7:19:18 AM
mbam-log-2009-01-20 (07-19-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 157530
Time elapsed: 59 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\Services.cfg (Heuristics.Reserved.Word.Exploit) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\Services.cfg (Heuristics.Reserved.Word.Exploit) -> No action taken.

[GT500]

That's because of one of the many ways our heuristics work.

I don't see how that file could ever be legit, but if it is then add it to your ignore list or file a False Positive report in our False Positives forum.

[jimsokol]

GT500, on Jan 20 2009, 05:41 PM, said:

That's because of one of the many ways our heuristics work.

I don't see how that file could ever be legit, but if it is then add it to your ignore list or file a False Positive report in our False Positives forum.

Thanks for the reply. I have no clue whether it is legit. I was just curious because nothing else was found in the full scan.


...jim