I can’t understand why it’s considered a false positive. Here is what I know:

  • My laptop has been trying to make 6881 connections from explorer.exe to random sites in Eastern Europe for weeks now
  • I did not have Bing Desktop installed (it’s listed in Updates, but not selected for download)
  • I have no torrent software installed
  • I had DLLs installed that were being held open by some process (presumably explorer.exe - I didn’t check this)
  • Since I removed the DLLs, all suspicious 6881 connections have ceased.

Personally I’m convinced those DLLs are malware, yet nothing would detect and remove them. Hence, I contest the false positive classification applied to those DLLs.