birdface 14:55 02 Jun 2011

I had Emisoft Anti Malware ignore this thinking it was a Microsoft product but Emisoft has it down as a Trojan Dropper.

I have changed the rules to always block but cannot seem to find any information about it.

None of my other security programs find any problems.

Anyone any idea as to whether I should allow or deny it.

  Secret-Squirrel 15:48 02 Jun 2011

msfeedssync.exe is part of the Microsoft service that regularly checks for updates to web feeds that you've subscribed to.

If you're not sure whether a file is safe or not then upload it to one of these online scanners:

Virus Total


The file will be scanned by multiple anti-virus engines and at the end it'll display a report showing the results from each vendor.

If the file is clean then it's OK to allow it - especially if you want your feeds to update ;)

  woodchip 16:19 02 Jun 2011

Its classing it as Spyware, a bit like a cookie as it gathers information to send back, so it does not like it doing this

  Secret-Squirrel 16:42 02 Jun 2011

Hi Woodchip

"Its classing it as Spyware"

Buteman says that Emisoft is detecting that file as a Trojan Dropper which is something very different and potentially serious. Malware files can have any name so it's always worth getting a second opinion.

It's likely that it's just a false positive and the online malware scans should confirm that - if all security vendors on those two sites say the file is clean and it's only Emisoft that claims it's infected then it'll be fine for him to allow it.

  woodchip 16:44 02 Jun 2011

it works in the same way

  birdface 16:45 02 Jun 2011


Added the URL to your first one but it just kept running for about 20 minutes without actually doing anything so switched it off.

2nd one you needed an actual file to enter but only have the URL.

So no luck so far just ran an additional scan from Eset and nothing found.

I am not sure I have a problem or whether it is just PCA working on a few problems.

just about to remove Firefox to see if it makes any difference.

  birdface 16:51 02 Jun 2011

Just tried Firefox and it is working properly again so did not need to remove it.

  Secret-Squirrel 17:06 02 Jun 2011

Buteman, I tried those two sites prior to posting and they were both working fine.

I'm confused with what you mean by "URL". You know the path to that file because it's the title of this thread. On each site there's a "Browse" button so click it and navigate to the location of that suspicious file - when you've found it, select it, upload it, and wait for the results.

Note that "sysnative" is normally a pointer to the Windows\System32 folder, so if you can't find that folder then look in System32 instead for that file of yours.

Let me know what you discover please.

  birdface 17:22 02 Jun 2011

Because I changed it from allow to Block on Emisoft behavior blocker.It has now terminated it so just a matter of waiting to see if there is any side effects.It will be easy enough to change it back again if need be.

  birdface 17:32 02 Jun 2011


It is not a file as such it just stops bad sites from opening I think but will have another look.

This is what it says.

C:\WINDOWS\SYSNATIVE\MSFEEDSSYNC.EXE Allowed by Rule Behavior.TrojanDownloader.

Because I thought that it was from microsoft I allowed it hence the problem of allowing or denying.

I have now denied it so Emisoft will not let it open again.

Because I have now blocked it this is what I see.

C:\WINDOWS\SYSNATIVE\MSFEEDSSYNC.EXE Terminated by Rule Behavior.Spyware

So just a matter of waiting to see if I get any problems with Microsoft.

  Secret-Squirrel 08:14 03 Jun 2011

It's not a website or a URL but clearly a file on your computer that Emsisoft thinks is malware. The security-scan websites I pointed you too will soon confirm that, and given that Emsisoft Anti-Malware appears to have a higher rate of false positives than its competitors, you'll probably find it's quite safe and you can stop blocking it. I notice from another post of yours that you stopped using Incredimail because Emsisoft said it was a trojan so that sort of confirms the reputation of that program for false positives.

Like I said yesterday, if you carry on blocking that file, any Microsoft Feeds you've got setup won't be able to update.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5T review: Hands-on

Illustrator Andrés Lozano on his improv line work, brazen use of colours & hand sketching

iPhone X review

Comment envoyer gratuitement des gros fichiers ?