Windows6.1-KB975243-x86&64.msu False positive

Hi,

False positive virus found (with CIS v5 beta, RC1 & RC2) in this two Microsoft update:
Windows6.1-KB975243-x86.msu
Windows6.1-KB975243-x64.msu


http://img412.imageshack.us/img412/5558/false.th.jpg

You can download from (because I didn’t found official Microsoft links):
http://www.fileserve.com/file/k2C2wUD

I tested with latest: NOD32 v4, Panda Anti Virus 2011, F-Prot and they didn’t find any virus.

Hi Worlon,

We will check if what you reported is malware or just false positive and back to you later.

Thanks,
Erik M.

Thank you, I’m waiting for your response.

Hi Worlon,

Did you install them from the posted URL or did you retrieve them from M$ directly?

I think there’s no such update from Microsoft.IMO it’s malware.

Yes there is, just not public… probably the reason it’s floating around on other less secure sites to download msu’s from…

OK, show me the download link for exact update.I cannot find it.

You can’t download directly from MS, but these are signed by MS.

One more link:
x64 - Windows6.1-KB975243-x64.msu - Language Neutral Windows 7 Hotfix Downloads - The Hotfix Share
x86 - Windows6.1-KB975243-x86.msu - Language Neutral Windows 7 Hotfix Downloads - The Hotfix Share

I got them from severel source, but tem are the same files, and Comodo AV is the only one which find virus.

Well I requested the update, just to confirm the number, but that’s what i received from Microsoft:

[attachment deleted by admin]

Yes and if extracted the .msu should appear inside…

OK, here it is.Check it and let’s finish this.:))

[attachment deleted by admin]

No AV detection for me on AV database 5980

For me neither.But that’s the original file.Can you compare it to the other one that Worlon gave us, to confirm if they are the same or not.:slight_smile:

Exact match for MD5 and SHA1 hash, I assume fixed in between :wink:

Case closed, I suppose. :slight_smile:

Yes, with 5980 database not find virus, thx.

Hi All,

Yes, This False Positive was been fixed in AV database 5980.

Kind Regards,
Erik M.

Thank you for your fast work (within 24 Hrs)!!

Hi Worlon,

The false-positive is already fixed with CIS DB 5988. You can verify to confirm.

Regards,
ionel