False Positive in Messenger?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Outlawstar15a2, Sep 29, 2009.

  1. Outlawstar15a2

    Outlawstar15a2 Corporal

    I woke up today and Avast alerted me that

    C:\Users\Culery J Jeffries\AppData\Local\Microsoft\Messenger\joey3155@hotmail.com\SharingMetadata\Working\database_D898_1D79_981D_577A\tmp.edb

    was infected with signs of the JS:ScriptSH-inf [Trj] trojan horse so I manually selected the file to check it again Avast cannot access because it's currently in use by MSN Messenger. It only appeared today when I woke up as far as I know it should be a false positive: I've been keeping my PC clean and all my scans come up benign, I speak to the same old people on Messenger and I know them well, I don't use any of Messenger's auxillary services, I don't use their chat rooms, and no files were transferred between me and my Messenger contacts.

    By the way what does that file do anyway?
     
    Outlawstar15a2, Sep 29, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It would not surprise me for it to be an FP. There are many FPs on things like this.

    See this: http://technet.microsoft.com/en-us/library/bb124808(EXCHG.65).aspx
     
    chaslang, Oct 3, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds