corrupted executable file

[Keyboard King]

Hi All
AVG found an corrupted executable file c:\Windows\SysWOW64\mfc45.dat. I delete it from the virus vault and it returns. AVG Tech help wanted to exclude it from the search which of course just ignores it not delete it. They said that they could not delete it because it was a windows file. I have tried all the usual scans sfc/scannow safescan-download from windows but finds nothing etc and even used my old DOS knowledge and deleted it from the directory (using the cmd to get to the command prompt). This worked until I rebooted and it then re appeared.
I have tried one of the suggestions from this forum which asked me to download some software, but it was only temporary you had to pay to get a fix but no telling if it had found the file.
Please can anybody help.
Geoff

 

[maxie]

Hi Welcome to Seven Forums ... A false Positive ? ...

http://forums.avg.com/ww-en/avg-forums?sec=thread&act=show&id=395

If you want the best Advice Uninstall Avg with its Removal Tool ..

 

[Keyboard King]

corrupted executable file - AVG found

So can I take it then that this file can be ignored and put it in the exclude of AVG and safely ignore it?
Geoff

 

[maxie]

Yes or if you want to double check .. Upload it to Virus Total

 

[Keyboard King]

Corrupt executable file

Hi Maxie
Thank you for taking the trouble.
According to Virus Total it is not a "False Positive" it is a virus/hacker but I don't know what to do with the information that the program gives me. There doesn't seem to be a solution anywhere. I have tried sfc /scannow, a full scan on Microsoft safety scan and that doesn't find it. Have you any more suggestions please.

 

[maxie]

Which Antivirus Programs found it to be a Virus .. On Virus Total ? ...

 

[Keyboard King]

Corrupt Executable file

Hello Maxie
According to Virus Total "Detection Ratio 4/53" Another one added today 3/5 before
The ones that find it are:Comodo, McAfee GW edition, TheHacker, TrendMicro-HouseCall
This is what Virus Total says
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystems

Comodo Heur.Corrupt.PE 20141015 McAfee-GW-Edition BehavesLike.Win32.PWSZbot.lh 20141015 TheHacker W32/Behav-Heuristic-CorruptFile-EP 20141013 TrendMicro-HouseCall Suspicious_GEN.F47V0914 20141015
These are the positives
Thanks
Geoff

 

[maxie]

Does your Computer seem to be working as normal ? ...

It is more than likely these are False Positives ...

 

[Borg 386]

Have you tried scanning with other scanners to see what they make of the file?

Give you system a scan with Malwarebytes (Free Version) & see what the results are.

Any software that finds problems, but won't fix it until you pony up some $$$$$ should be avoided. There are plenty of other legitimate programs out there for free that will fix problems. Programs that find problems, but demand payment before fixing are most likely a scam.

 

[Keyboard King]

Thank you Borg
I have Malware bits free and use it regularly manually as a backup for AVG, and this program does not find any problem with the file. As far as I am aware this is a good program to use as backup. Do you think that I can safely ignore the file in AVG and exclude it from the scan?
Geoff

 

[Borg 386]

Well, a Google search yields mixed results as to if it is or isn't a safe file, but mostly pointing to a false positive. Keep a close eye on your PC & watch for any out of the ordinary behavior. If you want, you can Google "mfc45.dat" & see all the various posts about it. Here are a couple:

What is syswow64\mfc45.dat corrupt - Microsoft Community

https://forums.malwarebytes.org/index.php?/topic/118615-spywarepassword-mfc45dat/

 

[Keyboard King]

Corrupt Executable

Hi Borg
Thanks for the links and it looks as though it is possibly used by System Mechanic which I also have on my system. I will keep an eye on my system and see what happens.
Thank You all
Geoff