locked
Win32/Autorun/XGK Help!!!! RRS feed

  • Question

  • Using Forefront Client Security (full updated through today 2/12/2013) I am getting a SEVERE alert for worm:Win32/Autorun/XGK

    Location of the file per Forefront is C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb

    Is this a false positive? I have read that on the Internet including a MSFT site. But if so, why has Forefront not been updated to reflect that? I have another notebook with the same OS (Win 7 64 bit with Forefront) and a similar scan yields no alert for a possible virus. 

    Forefront is able to remove the virus but it consistently reappears. I have tried this seven times already.

    I've tried submitting the file to Microsoft for evaluation but the file is not allowing itself to be copied.

    Other observations:

    Stopping Windows search service and then disabling it from startup seems to get rid of the tmp.edb file. However renabling the service and using Forefront shows the possible threat again.

    Malware Antibytes and Spybot S&D do not show it as a threat.

    Basically, Im confused. The fact that another system running Forefront and the same OS do not show it as threat is discomforting. As is the fact this seems to have appeared shortly after I opened an email with a word document attached and did not scan the document before opening it. I have since deleted the email from Outlook so cant reevaluate if that was the cause.

    Thanks in advance. Please can someone help????

    Tuesday, February 12, 2013 1:16 PM

Answers