4 replies to this topic

[Rocky]

I've just updated my MBAM (free version) in my win XP sp3 when at the quick scan during euristic-extra scan I've found the backdoor.bot in sysprep.exe located in system32 folder.
I've quarantined the file but I'm wondering if it could be a false positive and the file should be therefore restored (I've known that sysprep.exe is a legitimate file of the system).
Thanks in advance for any suggestions.

[Rocky]

Some additional info to help you in finding a solution to my problem:
1) a full scan before the quarantine confirmed the infection in sysprep.exe
2) if I'm not wrong the file sysprep.exe seems to have been added to my system with a recent installation of Visual c++ libraries
3) Superantispyware did not find anything; my Kaspersky internet security (my realtime protection) did not find anything either
4) with an on-line scan with VirusTotal 30 out of 31 products did not find anything; only the last one, webwasher guard (?) found something "suspicious"
Keep waiting for your suggestions
Cheers

[nosirrah]

Will be corrected this morning .

[nosirrah]

Please update and scan again , MBAM should now be able to tell the difference between the real and fake file .

[Rocky]

nosirrah, on Sep 13 2008, 03:40 PM, said:

Please update and scan again , MBAM should now be able to tell the difference between the real and fake file .

Great job Bruce,
just updated to version 1145 and the scan ended with success.
Let me thank you once again for your help.
Cheers