Is this Real

Avast just did a full scan and came up with this c:/windows/network diagnostic/xpdiag.exe on my windows 7 home premium
Win-32 malware-gen
this is the first time i have seen this
also it will not allow me to move it to the chest- it states- Error Access is Denied (5)
I did a full scan with Superantispyware and it is not showing this at all
So what is this?

robin

where have you got the /network diagnostic/xpdiag.exe from?

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.

huh? i gave you the path where it is sitting, that is why i am asking what this is and why it is seeing it as a threat when no other antispyware program sees it
robin

Upload to Avast as a false positive

well ;D I obviously didn’t ask about the path…there’s no such folder/file in Win7’s Windows directory…it must have been created after visiting a web site and downloading malware. The only question is again, where from…what is it etc…I mean you know where you surf.

ok looks like a false positive
this computer originally had xp home media center on it then I converted it to Vista then Upgraded again to windows 7 home premium so it is showing the xp files
Since the file is from 2006 it has to be a false positive because i have had Avast on here for 2mths and AVG on it prior and it never picked it up
this is what the virustotal said

Antivirus Version Last Update Result
AhnLab-V3 2010.07.29.00 2010.07.28 -
AntiVir 8.2.4.32 2010.07.29 -
Antiy-AVL 2.0.3.7 2010.07.29 -
Authentium 5.2.0.5 2010.07.29 -
Avast 4.8.1351.0 2010.07.29 Win32:Malware-gen
Avast5 5.0.332.0 2010.07.29 Win32:Malware-gen
AVG 9.0.0.851 2010.07.29 -
BitDefender 7.2 2010.07.29 -
CAT-QuickHeal 11.00 2010.07.29 -
ClamAV 0.96.0.3-git 2010.07.29 -
Comodo 5583 2010.07.29 -
DrWeb 5.0.2.03300 2010.07.29 -
Emsisoft 5.0.0.34 2010.07.29 -
eSafe 7.0.17.0 2010.07.29 -
eTrust-Vet 36.1.7748 2010.07.29 -
F-Prot 4.6.1.107 2010.07.29 -
F-Secure 9.0.15370.0 2010.07.29 -
Fortinet 4.1.143.0 2010.07.29 -
GData 21 2010.07.29 Win32:Malware-gen
Ikarus T3.1.1.84.0 2010.07.29 -
Jiangmin 13.0.900 2010.07.29 -
Kaspersky 7.0.0.125 2010.07.29 -
McAfee 5.400.0.1158 2010.07.29 -
McAfee-GW-Edition 2010.1 2010.07.29 -
Microsoft 1.6004 2010.07.29 -
NOD32 5324 2010.07.29 -
Norman 6.05.11 2010.07.29 -
nProtect 2010-07-29.01 2010.07.29 -
Panda 10.0.2.7 2010.07.29 -
PCTools 7.0.3.5 2010.07.29 -
Prevx 3.0 2010.07.29 -
Rising 22.58.03.04 2010.07.29 -
Sophos 4.55.0 2010.07.29 -
Sunbelt 6660 2010.07.29 -
SUPERAntiSpyware 4.40.0.1006 2010.07.29 -
Symantec 20101.1.1.7 2010.07.29 -
TheHacker 6.5.2.1.328 2010.07.29 -
TrendMicro 9.120.0.1004 2010.07.29 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.29 -
VBA32 3.12.12.6 2010.07.28 -
ViRobot 2010.7.29.3963 2010.07.29 -
VirusBuster 5.0.27.0 2010.07.29 -
Additional information
File size: 557568 bytes
MD5 : cebed017c4965fc4407ccd986ae0a528
SHA1 : 971622280bc03de467363a11d2ff23ccbf7c0f84
SHA256: de1996b3694914cb1700739773fd88bf3236e5b5c3c2a68792a8df91c37e2875
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x22B29
timedatestamp…: 0x452B95BF (Tue Oct 10 14:44:47 2006)
machinetype…: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2C5C8 0x2C600 6.33 57cf770f7b1d5f84cc1280f5473f83d9
.data 0x2E000 0x181C 0x1400 4.26 d90ac363056f2dfa53e4bfba27ccc1f6
.rsrc 0x30000 0x5A270 0x5A400 3.01 efdb6657bc6dbf1c79ceee8b4ec4ec8c

( 0 imports )

( 0 exports )
TrID : File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=cebed017c4965fc4407ccd986ae0a528
ssdeep: 6144:vBOxI1QatPzUxORzuZah7+ygUPDjKiQSzmh:vkI1QatPzUqJPDjKiQMc
sigcheck: publisher…: Microsoft Corporation
copyright…: (c) Microsoft Corporation. All rights reserved.
product…: Microsoft_ Windows_ Operating System
description…: Network Diagnostic for Windows XP
original name: xpnetdiag.exe
internal name: xpnetdiag.exe
file version.: 5.1.2600.3012 (xpsp.061010-0355)
comments…: n/a
signers…: -
signing date.: -
verified…: Unsigned
PEiD : -
RDS : NSRL Reference Data Set

please fix this in your next update
robin

i sent it to avast to show them it is a false positive
robin

Periodically scan the file within the chest (after signature updates) and when it is no longer detected, Restore it from the chest. Confirm that the file has been restored to the original location and you can delete the copy that remains in the chest.

Or

  • In the meantime (if you accept the risk), add it to the exclusions lists:
    File System Shield, Expert Settings, Exclusions, Add and
    avast Settings, Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.