This seems like a false positive. Defender quarantines it on one computer


mccmw

mccmw

Well-known member
Member
VIP
Local time
7:21 AM
Posts
496
OS
Windows 11
Twice now, Microsoft defender has removed/quarantined the following file:

C:\WINDOWS\system32\SyncAppvPublishingServer.vbs

It says it is a Trojan:VBS/Tnega!MSR

When I do a search it says this file is a normal file. In fact I see it on my desktop computer and it doesn't get flagged. After the first time, in case the file was simply infected I used the one from the desktop. Still the same result. Thoughts?
 

My Computers My Computers

System One System Two

  • At a glance

    Windows 11Intel i7-7700K32GB 2666Mhz (Kingston Hyper X Fury)Asus Nvidia 1050Ti
    OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    Intel i7-7700K
    Motherboard
    Asus Prime Z-270A
    Memory
    32GB 2666Mhz (Kingston Hyper X Fury)
    Graphics Card(s)
    Asus Nvidia 1050Ti
    Sound Card
    N/A
    Monitor(s) Displays
    Samsung C27F390
    Screen Resolution
    1920 x 1080
    Hard Drives
    1TB Western Digital SN770 (System) and 2TB Western Digital SN770 (Storage)
    Antivirus
    Windows Security

  • At a glance

    Windows 11 Homei9-11900H32GBIntegrated Intel and Nvidia 3050Ti
    Operating System
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Dell/XPS 15 9510
    CPU
    i9-11900H
    Motherboard
    Unknown
    Memory
    32GB
    Graphics card(s)
    Integrated Intel and Nvidia 3050Ti
    Sound Card
    Integrated (Realtek)
    Monitor(s) Displays
    None
    Screen Resolution
    1920 x 1200 (non-Touch)
    Hard Drives
    2TB SK Hynix P41 Platinum
    Antivirus
    Windows Security
I can think of three things...

1. Defender has different definition sets on the two computers.
2. You may actually have a virus that is (for some reason), overwriting that file.
3. You may have another AV program (or remnants), on one computer or the other that's causing Defender to behave differently.

Get a 2nd opinion. Either Malwarebytes (free), or the ESET Online scanner (free), or SuperAntiSpyware (free).


Note about #3. Some AVs work "with" Defender when installed.
Like my Bitdefender... it sort of takes over from Windows Defender, even though Windows Defender is still there in the background.


I just checked. I do have: SyncAppvPublishingServer.vbs on my Windows 10 Home. Bitdefender says it's fine.
On Windows 10, it lives in this folder...
C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bxxxxxxxxx64e35_10.0.19041.2364_none_41xxxxxxxxx03816

...and it's 1.67 KB


Here's what's IN the one I have on Win 10...

Code: 
'---------------------------------------------------------------------------------------------
' Copyright: Microsoft Corp.
'
' This script is designed to be used only for scheduled tasks(s).
' There is no extensive error check, and will not dump the output from the Powershell CmdLet.
'
' Usage: SyncAppvPublishingServer {cmdline-args(passthrough to cmdlet)}
'---------------------------------------------------------------------------------------------

Option Explicit


Dim g_cmdArgs
g_cmdArgs = ""


' main entrance

' Enable error handling
On Error Resume Next

ParseCmdLine

if g_cmdArgs = "" Then
    Wscript.echo "Command line arguments are required."
    Wscript.quit 0
End If  
   

Dim syncCmd
syncCmd = "$env:psmodulepath = [IO.Directory]::GetCurrentDirectory(); " & _
          "import-module AppvClient; " & _
          "Sync-AppvPublishingServer " & g_cmdArgs

Dim psCmd
psCmd = "powershell.exe -NonInteractive -WindowStyle Hidden -ExecutionPolicy RemoteSigned -Command &{" & syncCmd & "}"


Dim WshShell
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run psCmd, 0


' Reset error handling
On Error Goto 0
WScript.Quit 0


   
'---------------------------------------------------------------------------------------------
' Sub:  ParseCmdLine
'       Reading the parameters provided by the user in the command line
'---------------------------------------------------------------------------------------------
Sub ParseCmdLine()

    dim objArgs
    dim argsCount
    dim x
   
    Set objArgs = Wscript.Arguments
    argsCount = objArgs.count
   
    x = 0
    While x < argsCount
        g_cmdArgs = g_cmdArgs & " " & objArgs(x)
        x = x + 1
    Wend
   
End Sub





It'd crack me up, if this was related to Telemetry. :D
 
Last edited:

My Computers My Computers

System One System Two

  • At a glance

    Win 11 Home ♦♦♦26200.8655 ♦♦♦♦♦♦♦25H2AMD Ryzen 7 3700XG.Skill (F4-3200C14D-16GTZKW)EVGA RTX 2070 (08G-P4-2171-KR)
    OS
    Win 11 Home ♦♦♦26200.8655 ♦♦♦♦♦♦♦25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 5302)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Total Security
    Other Info
    Speakers: Klipsch Pro Media 2.1

  • At a glance

    Windows XP Pro 32bit w/SP3AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Keyboard
    Logitech Classic Keybooard 200
    Mouse
    Logitech Optical M-BT96a
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 15 years?
Upload the file to VirusTotal

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com
 

My Computer My Computer

At a glance

Windows 10 Pro
OS
Windows 10 Pro
It is possible to be a Trojan, but i doubt it from the report you posted. But i would do as Haydon said upload it to VirusTotal !
 

My Computer My Computer

At a glance

Windows11 23H2 (OS Build 22631.2428)2.90 gigahertz Intel Core i7-1070016214 Megabytes Usable Installed Memor
OS
Windows11 23H2 (OS Build 22631.2428)
Computer type
PC/Desktop
Manufacturer/Model
HP HP ENVY TE01
CPU
2.90 gigahertz Intel Core i7-10700
Motherboard
Board: HP 8767 A (SMVB)
Memory
16214 Megabytes Usable Installed Memor
Hard Drives
1511.52 Gigabytes Usable Hard Drive Capacity
1418.15 Gigabytes Hard Drive Free Space
Keyboard
Logitech wireless
Mouse
M 185 wireless
Internet Speed
12 ms Jitter 8 ms Download 10.5 Mbps Upload 1.7
Browser
Edge & FF
Antivirus
Windows Defender
Thanks...I uploaded it after Malwarebytes didn't see it as malware. Of 61 antivirus programs, it said that 13 saw it as a Trojan. I deleted it and replaced with the version from my desktop. That version had 0 see it as a Trojan. Better to be safe than sorry. I ran Malwarebytes, a full Defender scan, and an Defender offline scan...all reporting clear.
 

My Computers My Computers

System One System Two

  • At a glance

    Windows 11Intel i7-7700K32GB 2666Mhz (Kingston Hyper X Fury)Asus Nvidia 1050Ti
    OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    Intel i7-7700K
    Motherboard
    Asus Prime Z-270A
    Memory
    32GB 2666Mhz (Kingston Hyper X Fury)
    Graphics Card(s)
    Asus Nvidia 1050Ti
    Sound Card
    N/A
    Monitor(s) Displays
    Samsung C27F390
    Screen Resolution
    1920 x 1080
    Hard Drives
    1TB Western Digital SN770 (System) and 2TB Western Digital SN770 (Storage)
    Antivirus
    Windows Security

  • At a glance

    Windows 11 Homei9-11900H32GBIntegrated Intel and Nvidia 3050Ti
    Operating System
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Dell/XPS 15 9510
    CPU
    i9-11900H
    Motherboard
    Unknown
    Memory
    32GB
    Graphics card(s)
    Integrated Intel and Nvidia 3050Ti
    Sound Card
    Integrated (Realtek)
    Monitor(s) Displays
    None
    Screen Resolution
    1920 x 1200 (non-Touch)
    Hard Drives
    2TB SK Hynix P41 Platinum
    Antivirus
    Windows Security
Thumbs Up2.png

Good job.
 
Last edited:

My Computers My Computers

System One System Two

  • At a glance

    Win 11 Home ♦♦♦26200.8655 ♦♦♦♦♦♦♦25H2AMD Ryzen 7 3700XG.Skill (F4-3200C14D-16GTZKW)EVGA RTX 2070 (08G-P4-2171-KR)
    OS
    Win 11 Home ♦♦♦26200.8655 ♦♦♦♦♦♦♦25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 5302)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Total Security
    Other Info
    Speakers: Klipsch Pro Media 2.1

  • At a glance

    Windows XP Pro 32bit w/SP3AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Keyboard
    Logitech Classic Keybooard 200
    Mouse
    Logitech Optical M-BT96a
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 15 years?
You must log in or register to reply here.

Similar threads

Solved HELP!! 911--Windows Defender False Positive? Free Diagnostic Software Detected as Infected
2 3
Replies
53
Views
9K
bikemanAMD
B

Latest Support Threads

Latest Tutorials

Back
Top Bottom