WZCNFLCT.EXE False Positive?

Hi again…I am the OP, so here’s what VT has come up w/, as previously reported:

http://www.virustotal.com/file-scan/report.html?id=bf42d743efc3603c8887eed2cb85c8ca8c567bd7dc6c0936bc0f66f1dfc74fd5-1298840655

When I went in the chest to restore the file so that I could submit it to VT, I noticed another detection in the chest pertaining to system restore…see attached screen shot. Mind you, I haven’t run any more Avast scans, yet there was a new detection. I did however run MBAM & SAS scans & they detected nothing. I also use hard & soft firewalls & also use some other network security features & practice extremely safe internet, so the chance that I picked up a bug are not likely!

FYI, I updated to the new version of Avast a couple of days ago & now suddenly I am experiencing problems. Comodo was blocking attempts by Avast to update, & I of course allowed all.

Would love it if Avast would verify these supposed FP’s or can somehow confirm if in fact they are malicious in nature. According to Avast as listed on VT, the suspect file is clean. I am confused!

I can’t move it ( WZCNFLCT.EXE) to chest !

“acces denied” ???

Have you changed any settings? Pup? Heuristics level?

Nope! Left them at default…

FYI…Avast just updated! Let’s run another scan…stay tuned!

Just right click scan it in the chest, and if it’s clean restore it.

It’s OK NOW :slight_smile:

after updating :wink:

Finally it was just a False Positive.

I am about to run a boot scan! Just went thru all the settings of Avast 6.0 & adjusted to my liking.

Oh, & BTW…Avast seems to have fixed the issue!! Just scanned the two files in question & now they are clean…well they were always clean, but you get the point. Let’s see what the boot scan turns up…I hope nothing, as I believe should be the case.

I am curious now though why I have WZCNFLCT on my machine ??? Seems like I can delete it anyway…stay tuned…

A0043371.EXE from the restoration files and WZCNFLCT.EXE are likely the same files. They are both the same size at 45130 bytes.

You should be able to find out what program install put the file there. It would be better to uninstall that program if you don’t want/need it rather than just deleting the file. It seems that it was a false positive, anyway.

Gopher John

They are both the same size at 45130 bytes.

Curious, how do you know how large WZCNFLCT is, exactly?

You should be able to find out what program install put the file there.

Any suggestions as to how I might discover that? ???

Thanks!!

The VirusTotal results link you posted has a “Show All” button. Clicking that gives the filesize and checksums, among other information about the file.

Visiting the links I posted earlier lists one candidate. Searching Google for WZCNFLCT.EXE and comparing the results with your Add/Remove Programs list on your machine should give you the answer.

Ahh…must have missed the Show All button.

In regards to the program that installed WZCNFLCT, if you are referring to the SQL Server, I don’t have that. I don’t have all that many programs installed & other than one of the other MS ones, I can’t imagine how it would have got there. I keep a pretty clean system.

UPDATE: Unless it is part of “The Microsoft Visual C++ 2008 Redistributable Package”

It’s not that one. I have it installed and don’t have any WZCNFLCT.EXE. Maybe others more knowledgeable than I can offer some insight.