Just did a scan with Avast! 4.8 Home Edition (VPS version 091119-0).
It found:
11/19/2009 6:47:02 AM SYSTEM 1268 Sign of “Win32:Trojan-gen” has been found in “C:\WINDOWS$NtServicePackUninstall$\wextract.exe” file.
11/19/2009 6:30:09 AM SYSTEM 1268 Sign of “Win32:Trojan-gen” has been found in “C:\Documents and Settings\Rick\My Documents\Downloads\MTP_Enhanced.exe” file.
Now, from reading others posts, I suspect the wextract.exe is a false positive.
I still have this file on my system.
I attempted to upload/e-mail/send-to VirusTotal, but was unable to do so. I thought this might be due to some sort of restriction
on files in the $NtServicePackUninstall$ folder, so I tried to copy wextract to my desktop and documents folder, but permission was denied.
The other file, MTP_Enhanced.exe appears to be a legit Microsoft “Media Transfer Protocol Enhanced Specification” file
(something to do with their media player?)
Link: http://www.microsoft.com/downloads/details.aspx?FamilyID=fed98ca6-ca7f-4e60-b88c-c5fce88f3eea&displaylang=en
I attempted to quarantine MTP_Enhanced.exe, but Avast failed to do so. At the time I was unaware the file was from Microsoft, so I instructed Avast to delete it. The file I deleted was 369 KB, the same size as listed in the link to MS, above.
If checked out as a FP, I will re-download MTP_Enhanced from MS (if anyone knows exactly what this file is for, please inform me. MS is obtuse in their explanation).
Many thanks,
Rick