Tuesday, February 12, 2013 1:16 PM
Using Forefront Client Security (full updated through today 2/12/2013) I am getting a SEVERE alert for worm:Win32/Autorun/XGK
Location of the file per Forefront is C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.
Is this a false positive? I have read that on the Internet including a MSFT site. But if so, why has Forefront not been updated to reflect that? I have another notebook with the same OS (Win 7 64 bit with Forefront) and a similar scan yields no alert for a possible virus.
Forefront is able to remove the virus but it consistently reappears. I have tried this seven times already.
I've tried submitting the file to Microsoft for evaluation but the file is not allowing itself to be copied.
Stopping Windows search service and then disabling it from startup seems to get rid of the tmp.edb file. However renabling the service and using Forefront shows the possible threat again.
Malware Antibytes and Spybot S&D do not show it as a threat.
Basically, Im confused. The fact that another system running Forefront and the same OS do not show it as threat is discomforting. As is the fact this seems to have appeared shortly after I opened an email with a word document attached and did not scan the document before opening it. I have since deleted the email from Outlook so cant reevaluate if that was the cause.
Thanks in advance. Please can someone help????
Monday, February 18, 2013 2:40 PMModerator
Thank you for the post.
If FEP does not detect this kind of virus, you may submit a sample to MMPC for further analysis: https://www.microsoft.com/security/portal/Submission/Submit.aspx
Nick Gu - MSFT
- Marked As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Thursday, February 21, 2013 1:35 PM