heur.Suspicious.19625079 found in system32/oobe/msoobe.exe

I just bought new computer.
with oem XP home ed. Installed.
Fisrt installed COMODO then connected to Internet in order to register my XP.
And COMODO says that there are heur.Suspicious.19625079 found in system32/oobe/msoobe.exe

Moved it to the appropriate forum.


msoobe.exe is a genuine executable from Microsoft, related with the activation of Windows, and should NOT be removed. Doing so could possibly cause problems. This is a so called false positive. Please see this topic for how to report a false positive correctly:

I just dont know false it or not. That’s why I posted in help forum.
How can i fugure out is msoobe.exe infected or not?

Upload it here:

As the malware is named heur.Suspicious, I’m 100% (or as close as you can get to it without being 100%) sure that it’s a false positive. The name of the malware means that it’s been flagged as a potentially malicious file, not that it’s malicious. Heuristics is a method to catch unknown malware, and unfortunately, it sometimes catches harmless files. :wink:

ok thanks
http://www.virustotal.com says it’s clear

Hi zarza,

Thankyou for reporting. We have found the false alarm and will fix them in the subsequent updates.

Thanks and Regards,


The reported False detection has been fixed in db v1192. Please Update your AV and confirm this.