4 replies to this topic

[vof]

My AVG 8.0 is reporting I-Worm/Brontok.KO in this file. This is in a freshly created AutoPatcher folder for XP SP3. If this file is supposedly msconfig.exe from Win2K, it certainly has a different size to my Win2K SP4 executable. What do other users' AV progs report?

vof

[Cristiano]

you can check it at http://www.virustotal.com . this service check each file with several engines

[James]

 vof, on Jul 1 2008, 12:44 AM, said:

My AVG 8.0 is reporting I-Worm/Brontok.KO in this file. ...

This looks like a false reading by AVG. F-Secure with the latest updates (2008-07-01_02) finds NO virus

To be sure, check the MD5 hash of msconfig.exe (with md5deep, md5sum, HashCalc or others)
It should be 3c60aefa68efa2c4d13ab6b68fe82b81

 vof, on Jul 1 2008, 12:44 AM, said:

If this file is supposedly msconfig.exe from Win2K, ...

No, this is msconfig for Win2k, not from Win2k.

--
James

[vof]

 James, on Jul 1 2008, 06:09 AM, said:

This looks like a false reading by AVG. F-Secure with the latest updates (2008-07-01_02) finds NO virus

To be sure, check the MD5 hash of msconfig.exe (with md5deep, md5sum, HashCalc or others)
It should be 3c60aefa68efa2c4d13ab6b68fe82b81




No, this is msconfig for Win2k, not from Win2k.

--
James

Thanks for that. MD5 hash is OK. VirusTotal reports it clean, and interestingly, AVG 8.0 with most recent update from earlier today (270.4.3/1528) now thinks it is clean.

vof

[James]

Thanks for the feedback. Every test I carried out this morning confirmed that this was a false alarm.
--
James