Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Wimserv.exe FALSE POSITIVE? [SOLVED by db 1044]


Recommended Posts

Hi

and find attached the exe.

A scan detected Winserv.exe as a malware? here is the report

 

IObit Malware Fighter

 

OS: Windows 7

Version: 1.0.0.12

Define Version: 1043

Time Elapsed: 00:05:47

Objects Scanned: 51170

Threats Found: 1

Save Time: 12/07/2011 18:07:29

 

|Name|Type|Description|ID|

Trojan.Generic, FILE, C:\Windows\system32\wimserv.exe, 4071696

 

 

Virustotal report

http://www.virustotal.com/file-scan/report.html?id=f8ed26ed4fb68c06f2b171686de099331d22954c05d5476c3b33bd7574c26bb0-1310486106

wimserv.rar

Link to comment
Share on other sites

False/Positive on file Wimerv.exe

 

I got the same message on 2 of my Windows 7 PC's. I also uploaded the file to VirusTotal and it found NO issues with the file, 0/43 (0.00%)

 

I just added them to the ignore list until the definition file is corrected for this issue.

 

 

Les

Link to comment
Share on other sites

I got the same result.

 

I double checked it using avast!, SuperAntiSpyware, Malwarebytes and uploaded to Virustotal.com for a check.

 

They all came up clean.

 

The file date on my desktops is 7/13/2009.

 

ISTM to be a false positive that is showing up as a result of the virus signature update to IMF this morning. It never showed up before in IMF scans as Malware/Trojan. It is also not showing up in a ASC Full Malware Scan.

 

I would think that it is a False Positive and recommend against deleting it as it is a Windows critical file. JMO:-)

 

I also added to the Ignore list.

Link to comment
Share on other sites

wimserv.exe is Definitely a Real Windows system file.

In fact it is in several folders, on this W-7 computer,

and they all appear to be valid folder locations.

 

How will we know when IMF has been fixed so that we can delete the file from the Ignore list?

Link to comment
Share on other sites

Same here

 

wimserv.exe coming up as infected with Trojan.Generic on new computer. IMF didn't detect it yesterday, just today after updating definitions. McAfee Security Center doesn't find a thing. IMF should correct false positive in next definition update hopefully!

Link to comment
Share on other sites

Hi nubreaks, welcome to IObit Forum!:-D

 

I think you have misunderstood Cicely.

 

Definition db is not updated to 1044 yet.

 

As of now it is still 1043.

 

Check the bottom of the Scan section in your IMF GUI, you will see that:

 

Definitions Version: 1043(2011-07-12) ....Fingerprint: 391518

 

When it is updated soon, you will see that Definitions Version: will change to 1044 with the date of update on the right of it and new Fingerprint: count number which would be higher than 391518.

 

After then, the false positive will not be flagged when PC is scanned by IMF.

 

Cheers.:smile:

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...