Jump to content

Immunet Detected A Windowsupdate's File


Recommended Posts

Today, Immunet Free detected and quarantined a file which seemed to be a component of the Microsoft's regular update.


I can't recall detection name (it said like *.clamav.*, but I'm not sure whether it was worm or trojan), but file path is C:\Windows\winsxs\Temp\PendingRenames\(Random characters).amd64_microsoft-windows-wintrust-dll_(Random characters)_6.1.7601.18205_none_(Random characters)_wintrust.dll_abec426a.


I restored the file and rebooted to complete update, and so far there's no problem on my machine. However the file disappeared probably because it is temporary file and no more needed.


I belive it is false positive(at least, Norton with aggressive heuristics didn't make any warning

and after rebooting I made fullscan with MBAM then no malicios item found), but I can't confirm or even submit it because the file disappeared.


This is the second time I get confused by Immunet when windows update, first time I submitted the file but now I can't and also I'm a Free version's user, so I post it for imformation.


My system:

Fujitsu FH550/3A(aka F553AB)

CPU: Intel core i3 350M

Mem: 8GB

OS: Win7SP1 64bit

Main AV: NIS(latest)

Immunet version: (All protection enabled)

also, .NET Framework4 & EMET4.0 installed


Sorry for poor English.

Link to comment
Share on other sites

Hi Yuki & welcome to the Immunet Forum. Usually it's extreamly rare if Immunet quarantines a legitmate Windows Update file but you did the right thing by restoring the file from Quarantine. I also got updated this morning too but with no problems. What's best to do before you start the Windows Update process is go into Immunet's Settings and temporarly disable "Monitor Program Install" and "Blocking Mode" and then start to update your Operating System. This will help avoid any possible conflicts in the future and speed up the installiation process a little as well. Don't forget to turn these settings back on once the Windows updates are installed.


Cheers, Ritchie...

Link to comment
Share on other sites

Hi Yuki,


Can you please send us to support@immunet.com an SDT (instructions at the bottom of this post)?


We can obtain the necessary information from it to be able to mark the file as clean for other users.




SDT Instructions:

Please generate a SupportDiagnostics Report by doing the following:

- Click Start -> All Programs -> Immunet 3.0 -> SupportDiagnostics Tool

- A new file will be created on your desktop with a name like Immunet_Support_Tool_[date and


- Please email this file to support@immunet.com (please also say its Yuki, or maybe link this post, so that we know that it is you)

Link to comment
Share on other sites

  • 2 weeks later...


This topic is now archived and is closed to further replies.

  • Create New...