Jump to content


Windows Live Mesh: WLSync.exe false positive

Started by szpon5, Jun 04 2012 09:25 AM

9 replies to this topic

#1 szpon5

    New Member

  • Members
  • Pip
  • 9 posts
  • Gender:Male
  • Location:Poland

Posted 04 June 2012 - 09:25 AM

Welcome.
Malwarebytes indicates that the Windows Live Mesh, in file WLSync.exe is a threat.
The file is located by default in C:\Program Files\Windows Live\Mesh

#2 shadowwar

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 2,698 posts

Posted 04 June 2012 - 12:30 PM

Please attach a scan log of the detection and the wlsync file in zip format please.

Thanks.
Rich Matteo
Research Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 szpon5

    New Member

  • Members
  • Pip
  • 9 posts
  • Gender:Male
  • Location:Poland

Posted 04 June 2012 - 04:36 PM

I'm very sorry, because I forgot to change the language in program on English.
Can there be a log in Polish? Do not make you a big problems?

If you need scan log in language English, it write, and will change the language on English in the program and repeat the scan.

Screen after the scan:
http://img221.images...76/obraz2vg.jpg

File .zip with scan log and file WLSync.exe
http://speedy.sh/Dm4wy/WLSync.zip

#4 szpon5

    New Member

  • Members
  • Pip
  • 9 posts
  • Gender:Male
  • Location:Poland

Posted 04 June 2012 - 04:53 PM

In addition to the file, look at the registry value. You'll see it in the scan log and on screen.

#5 miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,354 posts
  • Gender:Female
  • Location:Belgium

Posted 05 June 2012 - 04:29 AM

Hi,

Thanks for reporting this. This was indeed a false positive and will be fixed in next update. However, You do have an uncommon install though which triggered our heuristics.
Anyway, please let me know if this is fixed in next update (should be from database version v2012.06.05.03 and up)
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 szpon5

    New Member

  • Members
  • Pip
  • 9 posts
  • Gender:Male
  • Location:Poland

Posted 05 June 2012 - 03:47 PM

View Postmiekiemoes, on 05 June 2012 - 04:29 AM, said:

Thanks for reporting this. This was indeed a false positive and will be fixed in next update.

Thank you very much for explanation :)

View Postmiekiemoes, on 05 June 2012 - 04:29 AM, said:

However, You do have an uncommon install though which triggered our heuristics.
Anyway, please let me know if this is fixed in next update (should be from database version v2012.06.05.03 and up)
I'm very sorry, but I do not understand, what you mean? I have a version database v2012.06.03.06. Now I updated and have already v2012.06.05.06. But yesterday when the scanning and I sent the scan log, I had a version of the database v2012.06.03.06.

#7 miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,354 posts
  • Gender:Female
  • Location:Belgium

Posted 05 June 2012 - 03:54 PM

This FP was fixed in database v2012.06.05.03, so if you updated, it shouldn't be detected anymore :)
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#8 szpon5

    New Member

  • Members
  • Pip
  • 9 posts
  • Gender:Male
  • Location:Poland

Posted 05 June 2012 - 04:03 PM

Thank you very much for the repair, thank you :D

And yet entirely other question: What does shortcut FP? :P

#9 miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,354 posts
  • Gender:Female
  • Location:Belgium

Posted 05 June 2012 - 04:07 PM

FP means False Positive :)
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#10 szpon5

    New Member

  • Members
  • Pip
  • 9 posts
  • Gender:Male
  • Location:Poland

Posted 05 June 2012 - 04:12 PM

Thank you very much :)
Back to False Positives · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Malwarebytes Anti-Malware Support
  3. False Positives
  4. Terms of Use