We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Contact Forum Editor

Send an email to our Forum Editor:


PLEASE NOTE: Your name is used only to let the Forum Editor know who sent the message. Both your name and email address will not be used for any other purpose.

Tech Helproom


It's free to register, to post a question or to start / join a discussion


 

C:\WINDOWS\SYSNATIVE\MSFEEDSSYNC.EXE


buteman
Resolved

Likes # 0

I had Emisoft Anti Malware ignore this thinking it was a Microsoft product but Emisoft has it down as a Trojan Dropper.

I have changed the rules to always block but cannot seem to find any information about it.

None of my other security programs find any problems.

Anyone any idea as to whether I should allow or deny it.

Like this post
Secret-Squirrel

Likes # 0

msfeedssync.exe is part of the Microsoft service that regularly checks for updates to web feeds that you've subscribed to.

If you're not sure whether a file is safe or not then upload it to one of these online scanners:

Virus Total

Jotti

The file will be scanned by multiple anti-virus engines and at the end it'll display a report showing the results from each vendor.

If the file is clean then it's OK to allow it - especially if you want your feeds to update ;)

Like this post
woodchip

Likes # 0

Its classing it as Spyware, a bit like a cookie as it gathers information to send back, so it does not like it doing this

Like this post
Secret-Squirrel

Likes # 0

Hi Woodchip

"Its classing it as Spyware"

Buteman says that Emisoft is detecting that file as a Trojan Dropper which is something very different and potentially serious. Malware files can have any name so it's always worth getting a second opinion.

It's likely that it's just a false positive and the online malware scans should confirm that - if all security vendors on those two sites say the file is clean and it's only Emisoft that claims it's infected then it'll be fine for him to allow it.

Like this post
woodchip

Likes # 0

it works in the same way

Like this post
buteman

Likes # 0

Secret-Squirrel

Added the URL to your first one but it just kept running for about 20 minutes without actually doing anything so switched it off.

2nd one you needed an actual file to enter but only have the URL.

So no luck so far just ran an additional scan from Eset and nothing found.

I am not sure I have a problem or whether it is just PCA working on a few problems.

just about to remove Firefox to see if it makes any difference.

Like this post
buteman

Likes # 0

Just tried Firefox and it is working properly again so did not need to remove it.

Like this post
Secret-Squirrel

Likes # 0

Buteman, I tried those two sites prior to posting and they were both working fine.

I'm confused with what you mean by "URL". You know the path to that file because it's the title of this thread. On each site there's a "Browse" button so click it and navigate to the location of that suspicious file - when you've found it, select it, upload it, and wait for the results.

Note that "sysnative" is normally a pointer to the Windows\System32 folder, so if you can't find that folder then look in System32 instead for that file of yours.

Let me know what you discover please.

Like this post
buteman

Likes # 0

Because I changed it from allow to Block on Emisoft behavior blocker.It has now terminated it so just a matter of waiting to see if there is any side effects.It will be easy enough to change it back again if need be.

Like this post
buteman

Likes # 0

.Secret-Squirrel

It is not a file as such it just stops bad sites from opening I think but will have another look.

This is what it says.

C:\WINDOWS\SYSNATIVE\MSFEEDSSYNC.EXE Allowed by Rule Behavior.TrojanDownloader.

Because I thought that it was from microsoft I allowed it hence the problem of allowing or denying.

I have now denied it so Emisoft will not let it open again.

Because I have now blocked it this is what I see.

C:\WINDOWS\SYSNATIVE\MSFEEDSSYNC.EXE Terminated by Rule Behavior.Spyware

So just a matter of waiting to see if I get any problems with Microsoft.

Like this post
Secret-Squirrel

Likes # 0

It's not a website or a URL but clearly a file on your computer that Emsisoft thinks is malware. The security-scan websites I pointed you too will soon confirm that, and given that Emsisoft Anti-Malware appears to have a higher rate of false positives than its competitors, you'll probably find it's quite safe and you can stop blocking it. I notice from another post of yours that you stopped using Incredimail because Emsisoft said it was a trojan so that sort of confirms the reputation of that program for false positives.

Like I said yesterday, if you carry on blocking that file, any Microsoft Feeds you've got setup won't be able to update.

Like this post

Reply to this topic

This thread has been locked.



IDG UK Sites

Google Fit vs Apple Health Kit: What's the difference?

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Introducing generation tech

IDG UK Sites

Government kills £50 million 'Silicon Roundabout' regeneration fund