Virus or False Alert? Please help

spluff · 15 Jun 2011 at 14:27

Just updated my antivirus definitions and applied latest updates to my win7 64bit build - a few hours later MSE popped up with virus found message:-

Cant seem to get anything on this and seems like a microsoft file:-

--------------------
Name: Exploit:Win32/CVE-2011-0658
ID: 2147646548
Severity: Severe
Category: Exploit
Path: file:_C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
Detection Origin: Local machine
Detection Type: Heuristics
Detection Source: Real-Time Protection
User: NT AUTHORITY\LOCAL SERVICE
Process Name: C:\Windows\System32\taskhost.exe
Signature Version: AV: 1.105.2002.0, AS: 1.105.2002.0, NIS: 9.196.0.0
Engine Version: AM: 1.1.6903.0, NIS: 2.0.5854.0

Category: Exploit

Description: This program is dangerous and exploits the computer on which it is run.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer.

Items:
file:C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf

demonix · 15 Jun 2011 at 14:32

spluff said:
Detection Type: Heuristics

Take heuristic detections with a pinch of salt as some of the times their way wrong so I suggest you upload that file to somewhere like virustotal which will check it against several anti-virus programs and if only a few flag it up then you should lodge a false positive report with the AV vendor.

spluff · 15 Jun 2011 at 14:50

its MSE - microsoft security essentials

Would have hoped one of their own system files would have been able to be detected correctly LOL

spluff · 15 Jun 2011 at 15:08

Used the website and 3 sites found it a virus

Tried scanning the same file on another PC with the website 0 sites found it a virus

Ive deleted the file - but Im worried that I may need it being in the microsoft folder :/

BloodyL · 15 Jun 2011 at 16:41

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3AWin32%2FCVE-2011-0658&ThreatID=-2147320748

http://secunia.com/advisories/cve_reference/CVE-2011-0658/

That particular threat has only just been discovered and as yet doesn't have any detailed information.

demonix · 16 Jun 2011 at 15:08

spluff said:
Used the website and 3 sites found it a virus

Tried scanning the same file on another PC with the website 0 sites found it a virus

Ive deleted the file - but Im worried that I may need it being in the microsoft folder :/

If you mean 3 programs flagged it then it can be classed as a false positive.

Also you shouldn't have deleted it as from what I've discovered that file is part of microsofts anti piracy (or WAT the new name for WGA) system.

spluff · 16 Jun 2011 at 21:57

it got recreated this morning and that scans ok