[SOLVED] FP for Mercury Mail - graywallsetup.exe

I just installed CIS 3.8.64263.468. During the installation scan for malware, it detected malware in the file graywallsetup.exe, which is part of Mercury Mail. Mercury Mail was in this case part of the XAMPP software package (bundled open source web server software). It happened for the files contained in XAMPP 1.6.8 and XAMPP 1.7.0.

It marked the file as having Application.Win32.FraudTool.MacroVirus.~A(ID=0x2cd256).

Now, I’m not personally sure it is virus free, but I’d be very surprised if it was (CIS 3.5 and Avast 4.8 don’t trigger on it), and there would have been a huge outcry if XAMPP was packaging a virus/malware.

Here is the virustotal.com link for it:


Someone had already checked the same file, but that was in 2008-01, so I also rescanned it:



Please update your CIS bases, scan the files and check if the file is detected in the latest update


No change…it’s still showing up.

The Threat has changed to Application.Win32.FraudTool.MacroVirus.~A@2937430

As of 3.8 v477 with DB 1005, it is no longer reporting as a virus. So at some point, it was fixed.