BUG: False positive--WS2003->Windows\System32\TAPICFG.EXE

[Bill Frandsen]

If you run the spyware on a clean install (no net connection ever, installed
from original media) of Windows Server 2003, you will end up with a false
positive on the Microsoft system installed file TAPICFG.EXE in the
Windows\System32 folder.

Once deleted by the tool, it pops back immediately as it is cached in the
windows file protection cabs.

I verified on MSDN that this is indeed a valid Microsoft system file
shipping with Server 2003 and NOT a "coolwebsearch browser hijack" as is
claimed by the antispyware tool.

 

[Andrew Burlak]

Yes, it occurs to me too.

I am running Windows 2003 SP1(beta) build 1289.
C:\windows\system32\tapicfg.exe

I compared (fc /b) tapicfg.exe with the one from installation media
(expanded \I386\TAPICFG.EX_), and found no differences.

tapicfg.exe is not replaced by SP1 build 1289, so it probably occurs also on
SP0.

 

[Stephen]

| If you run the spyware on a clean install (no net connection ever,
installed
| from original media) of Windows Server 2003, you will end up with a false
| positive on the Microsoft system installed file TAPICFG.EXE in the
| Windows\System32 folder.
|
| Once deleted by the tool, it pops back immediately as it is cached in the
| windows file protection cabs.
|
| I verified on MSDN that this is indeed a valid Microsoft system file
| shipping with Server 2003 and NOT a "coolwebsearch browser hijack" as is
| claimed by the antispyware tool.
|
|

Ditto - I get a positive on tapicfg.exe which is both the name of a
legitmate Windows file as well as the name of a virus file.