Resources for IT Professionals >
포럼 홈
>
Forefront Client Security Malware Technology and Response
>
FCS don't remove Backdoor:Win32\Agent.CR from Win32l.dll
FCS don't remove Backdoor:Win32\Agent.CR from Win32l.dll
- Hi,
I'm having problems removing Win32\Agent.CR from Windows\System32\Win32l.dll (Windows 2003 Server) with Forefront Client Security.
It is classified as a backdoor and risk as Severe.
If a choose SmartClean button it saids that it needs to restart the server because to remove it. But after restart, if I scan, it is there again.
I used tasklist to identify the program that is using it. It is msiexc.exe.
I killed the process at task manager and try it again. It seams to remove it. But if I restart the server and scan again. Yes, it is there again!
How can I remove it? Could it be a false positive?
Thanks,
Pedro Gonçalves
모든 응답
- Get a copy of the file and submit it at http://www.microsoft.com/security/portal use the submit a sample button.
Guessing our detection/removal rules may not be just right for the variant you are seeing and need to be updated. Be sure to include details when submitting it.
CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde
