Exploit-MSWord.a Real or False Positive

I am really just looking for information on this one from a very knowledgeable malware expert. I have a very new dell computer with fully updated Windows 7, IE9, and securities run pretty high. I use this computer mainly for writing and editing of my forthcoming book and writing for the Tribune ChicagoNow blog network. I do very little searching on the internet and deal maninly with sites I know and trust (like this one) and answering and writing emails (yes I do get attachments).

As far as security, I run Mcafee's Security Suite with Firewall, Spam Filter, etc. and have both the free Malwayrebytes scanner and Super Antispyware scanner, which I update and run once to twice a week. These two scanners where the first downloads on the machine after updating Windows 7 and Mcafee.

I also run a Mcafee scan manually and let it run its scheduled scan weekly. Malwayrebytes and Super Antispyware have never found anything on my computer, nor has Mcafee when I run my manual scans. I also scan any attachments with Mcafee and Malwayrebytes before I open them up and these scans have never found a thing. In addition, I run CCleaner more than once a week to clean things up in temp areas. I am highly attuned to keeping my computer free of junk.

About a month after my new computer came I took a large Word file and converted it from a 2010 file into an earlier format for my editor. Later that week my Mcafee scheduled scan found and quarentined Exploit-MSWord.a. I promptly deleted it from quarentine and noted where the file was located originally. This is where it gets strange. Here was the path: C:\Users\Kirk Mango\AppData\Local\Microsoft\Office\UnsavedFiles\Working Master Manuscript Edited - Tuesday 7-12-11((Unsaved-301631140143290256)).asd

I found it strange that this exploit was never found in any other scan and was not indentified until Mcafee ran a scheduled scan and after I had converted the file to an earlier version of Word. When I researched Exploit-MSWord.a it is said to be a Trojan by Mcafee but only Mcafee seems to know about it. Plus, I found it strange that it is located in unsaved files, those files Word would use to go back to if the power went out and you lost the file you were working on or it got corrupted.

Called Mcafee since I have a new computer and new service with them and they said it was not a false positive and that the scanner had removed it from my machine. Ok, did not seem right especially since it was never found by anything else before in the first month I had the computer, was only found when I converted the file, and was in an unsaved file area.

Two more months goes by, I run all my normal scans each week using all my updated scanners and nothing, and on an updated version of my book, same file just updated from my editor but that I broke down by chapter and saved as seperate Word files, Mcafee scheduled scan finds the same would be trojan Exploit-MSWord.a. and in the same area: C:\Users\Kirk Mango\AppData\Local\Microsoft\Office\UnsavedFiles\Kirk M((Unsaved-301671311400402224)).asd. I again delete the file from quarantine.

Again, I find it strange that nothing is found until the file is broken down or converted and Mcafee scheduled scan is the only one that finds this same so called Trojan. This time I call Microsoft, their security division, and they search their database for such a Trojan and say they don't have anything on this. I ask them if they have an online scanner I could use figuring since this thing seems to be only associated with Microsoft Word that something they use to remove Viruses/Trojans would be a good 4th check since I run three other different malware/virus scanners. They send me to their Microsoft Safety Scanner. I run a full scan and nothing is found. I run all my scans again, Malwayrebytes and Super Antispyware and nothing.

My question is, is this a false positive? Is Mcafee the only scanner or virus program that finds this thing, and only on a scheduled scan, and actually in an unsaved file area for Microsoft Word. Again, no other company seems to know about this Exploit-MSWord.a. Any attachment I get from my editor that I download, or anyone else for that matter is always scanned with an updated Malwayrebytes and Mcafee before it is opened and they have never found anything. What the heck???

I would like to know more about this thing before I go down the path of trying to remove something that may not really exist.

 

This is why I like coming here when I need a straight answer. Here you have people who actually know what they are doing. Ok, only two more questions if I might Chaslang.

1. If it is only a security risk than what is Mcafee actually quarentining and what am I deleting from quarintine? Mcafee insists it is a Trojan.

2. Is it OK to just keep my Malwarebytes free scanner (updated daily by me), Super Antispyware scanner (updated daily by me), and CCleaner (latest verison) on my computer in my spyware tools folder? Mcafee tech is telling me I should not have them on as they cause problems for Mcafee. When I try to explain to them that they are only the scanner that does not run in the background and that they are only used to scan they don't seem to understand.

 

Thanks for your help and information. Major Geeks is the best!!!

Oh, and I know CCleaner is just a cleaning/maintanance type program, I just keep it in the same folder as my two scanners.

Best,

Kirk