NEWS FROM THE LAB - Monday, April 20, 2009

False Alarm with Backdoor.Win32.Agent.afqs Posted by Jose @ 05:15 GMT

In the last couple of hours, we had a false alarm on a Windows XP system file called wmiprvse.exe

This file was updated by Windows updates earlier this year. Though the executable is not signed by Microsoft, it is indeed a clean file.

The file may appear on your system in the following locations:

  •   C:\WINDOWS\system32\wbem\wmiprvse.exe
  •   C:\WINDOWS\system32\dllcache\wmiprvse.exe
  •   C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3_ctc\SP3GDR\wmiprvse.exe

We have fixed the false alarm and apologize for any inconvenience.

Fix is included in the database release 2009-04-20_02.