This seems like a false positive. Defender quarantines it on one computer


mccnavy

Well-known member
Member
VIP
Local time
6:45 PM
Posts
260
OS
Windows 11
Twice now, Microsoft defender has removed/quarantined the following file:

C:\WINDOWS\system32\SyncAppvPublishingServer.vbs

It says it is a Trojan:VBS/Tnega!MSR

When I do a search it says this file is a normal file. In fact I see it on my desktop computer and it doesn't get flagged. After the first time, in case the file was simply infected I used the one from the desktop. Still the same result. Thoughts?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    Intel i7-7700K
    Motherboard
    Asus Prime Z-270A
    Memory
    32GB 2666Mhz (Kingston Hyper X Fury)
    Graphics Card(s)
    Asus Nvidia 1050Ti
    Sound Card
    N/A
    Monitor(s) Displays
    Samsung C27F390
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 850 Evo 512GB
I can think of three things...

1. Defender has different definition sets on the two computers.
2. You may actually have a virus that is (for some reason), overwriting that file.
3. You may have another AV program (or remnants), on one computer or the other that's causing Defender to behave differently.

Get a 2nd opinion. Either Malwarebytes (free), or the ESET Online scanner (free), or SuperAntiSpyware (free).


Note about #3. Some AVs work "with" Defender when installed.
Like my Bitdefender... it sort of takes over from Windows Defender, even though Windows Defender is still there in the background.


I just checked. I do have: SyncAppvPublishingServer.vbs on my Windows 10 Home. Bitdefender says it's fine.
On Windows 10, it lives in this folder...
C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bxxxxxxxxx64e35_10.0.19041.2364_none_41xxxxxxxxx03816

...and it's 1.67 KB


Here's what's IN the one I have on Win 10...

Code:
'---------------------------------------------------------------------------------------------
' Copyright: Microsoft Corp.
'
' This script is designed to be used only for scheduled tasks(s).
' There is no extensive error check, and will not dump the output from the Powershell CmdLet.
'
' Usage: SyncAppvPublishingServer {cmdline-args(passthrough to cmdlet)}
'---------------------------------------------------------------------------------------------

Option Explicit


Dim g_cmdArgs
g_cmdArgs = ""


' main entrance

' Enable error handling
On Error Resume Next

ParseCmdLine

if g_cmdArgs = "" Then
    Wscript.echo "Command line arguments are required."
    Wscript.quit 0
End If  
   

Dim syncCmd
syncCmd = "$env:psmodulepath = [IO.Directory]::GetCurrentDirectory(); " & _
          "import-module AppvClient; " & _
          "Sync-AppvPublishingServer " & g_cmdArgs

Dim psCmd
psCmd = "powershell.exe -NonInteractive -WindowStyle Hidden -ExecutionPolicy RemoteSigned -Command &{" & syncCmd & "}"


Dim WshShell
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run psCmd, 0


' Reset error handling
On Error Goto 0
WScript.Quit 0


   
'---------------------------------------------------------------------------------------------
' Sub:  ParseCmdLine
'       Reading the parameters provided by the user in the command line
'---------------------------------------------------------------------------------------------
Sub ParseCmdLine()

    dim objArgs
    dim argsCount
    dim x
   
    Set objArgs = Wscript.Arguments
    argsCount = objArgs.count
   
    x = 0
    While x < argsCount
        g_cmdArgs = g_cmdArgs & " " & objArgs(x)
        x = x + 1
    Wend
   
End Sub





It'd crack me up, if this was related to Telemetry. :D
 
Last edited:

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦22631.3374 ♦♦♦♦♦♦♦23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 4702)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?
It is possible to be a Trojan, but i doubt it from the report you posted. But i would do as Haydon said upload it to VirusTotal !
 

My Computer

System One

  • OS
    Windows11 23H2 (OS Build 22631.2428)
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP HP ENVY TE01
    CPU
    2.90 gigahertz Intel Core i7-10700
    Motherboard
    Board: HP 8767 A (SMVB)
    Memory
    16214 Megabytes Usable Installed Memor
    Hard Drives
    1511.52 Gigabytes Usable Hard Drive Capacity
    1418.15 Gigabytes Hard Drive Free Space
    Keyboard
    Logitech wireless
    Mouse
    M 185 wireless
    Internet Speed
    12 ms Jitter 8 ms Download 10.5 Mbps Upload 1.7
    Browser
    Edge & FF
    Antivirus
    Windows Defender
Thanks...I uploaded it after Malwarebytes didn't see it as malware. Of 61 antivirus programs, it said that 13 saw it as a Trojan. I deleted it and replaced with the version from my desktop. That version had 0 see it as a Trojan. Better to be safe than sorry. I ran Malwarebytes, a full Defender scan, and an Defender offline scan...all reporting clear.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    Intel i7-7700K
    Motherboard
    Asus Prime Z-270A
    Memory
    32GB 2666Mhz (Kingston Hyper X Fury)
    Graphics Card(s)
    Asus Nvidia 1050Ti
    Sound Card
    N/A
    Monitor(s) Displays
    Samsung C27F390
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 850 Evo 512GB
Thumbs Up2.png

Good job.
 
Last edited:

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦22631.3374 ♦♦♦♦♦♦♦23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 4702)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?

Latest Support Threads

Back
Top Bottom