wextract.exe & MTP_Enhanced.exe : FPs?

Just did a scan with Avast! 4.8 Home Edition (VPS version 091119-0).
It found:
11/19/2009 6:47:02 AM SYSTEM 1268 Sign of “Win32:Trojan-gen” has been found in “C:\WINDOWS$NtServicePackUninstall$\wextract.exe” file.

11/19/2009 6:30:09 AM SYSTEM 1268 Sign of “Win32:Trojan-gen” has been found in “C:\Documents and Settings\Rick\My Documents\Downloads\MTP_Enhanced.exe” file.

Now, from reading others posts, I suspect the wextract.exe is a false positive.
I still have this file on my system.
I attempted to upload/e-mail/send-to VirusTotal, but was unable to do so. I thought this might be due to some sort of restriction
on files in the $NtServicePackUninstall$ folder, so I tried to copy wextract to my desktop and documents folder, but permission was denied.

The other file, MTP_Enhanced.exe appears to be a legit Microsoft “Media Transfer Protocol Enhanced Specification” file
(something to do with their media player?)
Link: http://www.microsoft.com/downloads/details.aspx?FamilyID=fed98ca6-ca7f-4e60-b88c-c5fce88f3eea&displaylang=en
I attempted to quarantine MTP_Enhanced.exe, but Avast failed to do so. At the time I was unaware the file was from Microsoft, so I instructed Avast to delete it. The file I deleted was 369 KB, the same size as listed in the link to MS, above.
If checked out as a FP, I will re-download MTP_Enhanced from MS (if anyone knows exactly what this file is for, please inform me. MS is obtuse in their explanation).

Many thanks,
Rick

Hello spykat

it is fixed in VPS version 091119-1 , please update avast!

thanks
nmb

Hi nmb,

Thanks for the (very!) fast reply :slight_smile:
I did another scan with the new defs and I came up clean for both wextract.exe & the MTP_Enhanced.exe I re-downloaded.

Thank you for your service.

you are welcome.

nmb