Author Topic: Migwiz.exe  (Read 11582 times)

Offline dellboy

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Migwiz.exe
« on: May 31, 2010, 02:20:13 PM »
Hi,

Just done a full system scan and a threat was found C:\WINDOWS\$NtServicePackUninstall$\migwiz.exe

I've sent it to the chest, but Avast says its malware?

I can't find any conclusive info on this except that migwiz.exe is a file used by files transfer wizard?

Can someone please point me in the right direction.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Migwiz.exe
« Reply #1 on: May 31, 2010, 02:29:04 PM »
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\* That will stop the File System Shield scanning any file you put in that folder.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline PapaSmurf

  • Full Member
  • ***
  • Posts: 159
  • Gender: Male
    • Personal Message (Offline)
Re: Migwiz.exe
« Reply #2 on: May 31, 2010, 02:32:33 PM »
According to what I have read, it is a file transfer utility from Microsoft.
Possibly maybe something corrupted the file?
You can google the filename and read about it.

Do what DavidR suggests..this will give another report that can be viewed.
PapaSmurf is running Windows XP  Professional (SP3)
NVIDIA GeForce 7600 GT
Pentium 4/ 3.* Ghz  Memory 1024MB
avast! Antivirus  v5.05 Home Edition, Outpost Firewall Pro 7.0, Mozilla FireFox/NoScript/AdBlock Plus

Offline dellboy

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Re: Migwiz.exe
« Reply #3 on: May 31, 2010, 02:46:16 PM »
Thanks for the really quick replies 8)

Here's the link from Virus total:http://www.virustotal.com/analisis/8e4e9f5e172a4948893eb3189786caadce43e47522292324281ba7812b174383-12753128




Offline dellboy

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Re: Migwiz.exe
« Reply #4 on: May 31, 2010, 02:52:21 PM »
I thought I'd scan the migwiz.exe file whilst in the suspect folder, and lo and behold a threat was detected.  The description was Win32:Malware-gen, which after doing a quick Google search doesn't look very encouraging!

Offline rob24

  • Full Member
  • ***
  • Posts: 112
  • Gender: Male
    • Personal Message (Offline)
Re: Migwiz.exe
« Reply #5 on: May 31, 2010, 06:45:14 PM »
My daily scheduled scan using Ashquick.exe also found this today. I sent it to the chest and it is also IDd as Win32:Malware-gen. I have submitted it to Avast too.
AMD 4200 dual core, 1Gb RAM, 250Gb HDD partitioned, Win XP Home SP3, Avast Free 2014, firewall in Technicolor TG582n router + free Outpost firewall, Malwarebytes' Anti-Malware 1.6 free

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Migwiz.exe
« Reply #6 on: May 31, 2010, 07:13:03 PM »
I thought I'd scan the migwiz.exe file whilst in the suspect folder, and lo and behold a threat was detected.  The description was Win32:Malware-gen, which after doing a quick Google search doesn't look very encouraging!

If you had excluded that folder as I suggested in the above instructions then you shouldn't have found anything.

The avast Win32:Malware-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

So a search on this malware name is unlikely to reveal any useful 'specific' information on what it actually is.

Unfortunately your URL to the VT results doesn't work, so how many detections and what detected it (only avast and gdata, etc.) ?
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Migwiz.exe
« Reply #7 on: May 31, 2010, 07:15:44 PM »
My daily scheduled scan using Ashquick.exe also found this today. I sent it to the chest and it is also IDd as Win32:Malware-gen. I have submitted it to Avast too.

The strange thing is that a search of my system for this file only reveals one in the c:\windows\system32 folder and a scan of that with ashquick.exe finds it clean.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline rambo1940

  • Full Member
  • ***
  • Posts: 199
    • Personal Message (Offline)
Re: Migwiz.exe
« Reply #8 on: May 31, 2010, 08:14:50 PM »
I have just done a scan and found the same thing.
I have also looked up Migwiz on Google and am none of the wiser.
Could someone please tell me in simple English.
(1) What is Migwiz
(2) why did the scan find it
(3) should i remove it.At the moment it is locked up in the vault.
(4)If it is not a virus or similar why did Avast pick it up.
(5)What should i do now.

Sorry to sound so stupid but i really don't understand.
Help would be much appreciated,
Thank you.
Regards.
 

Offline polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20172
  • Gender: Male
  • malware fighter
    • Personal Message (Offline)
Re: Migwiz.exe
« Reply #9 on: May 31, 2010, 08:31:51 PM »
Hi posters in this thread,

Here it is qualified as benign:
 migwiz.exe - Process Information

This component is part of  MS Windows Files and Settings Transfer Wizard


Component Name: migwiz.exe

Description of : With the use of a direct connection cable and this program,
you will be able to transfer all settings and files from an old computer to a new one.
info: http://www.liutilities.com/products/wintaskspro/processlibrary/migwiz/
Further: http://www.spyfu.com/Term.aspx/Term.aspx?t=997090

Recommendation for :
.

Trusted: Yes
Trojan: No
Chronic: No
Adware: No
Carrier: No
Browser Hijacker: No
Dialer: No
Commercial Keylogger: No
Remote Administration Tool: No
Suspected: No

Company Name: Microsoft Corporation
Platforms Affected: 
Methods of Distribution: .
Variants/Versions: 
Release Date: ,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline rambo1940

  • Full Member
  • ***
  • Posts: 199
    • Personal Message (Offline)
Re: Migwiz.exe
« Reply #10 on: May 31, 2010, 08:35:13 PM »
That's great
Thank you

Offline rob24

  • Full Member
  • ***
  • Posts: 112
  • Gender: Male
    • Personal Message (Offline)
Re: Migwiz.exe
« Reply #11 on: May 31, 2010, 08:42:59 PM »

Here it is qualified as benign:
 migwiz.exe - Process Information

This component is part of  MS Windows Files and Settings Transfer Wizard
Is it OK to leave it in the Chest as I have in that case, or is the file needed for the MS process you describe, when the time comes to carry out that process. In other words, will the Wizard fail in the absence of that file?
I was happy enough got it to stay safely in the Chest before knowing that, even if it had been a threat.
AMD 4200 dual core, 1Gb RAM, 250Gb HDD partitioned, Win XP Home SP3, Avast Free 2014, firewall in Technicolor TG582n router + free Outpost firewall, Malwarebytes' Anti-Malware 1.6 free

Offline fernbomb

  • Newbie
  • *
  • Posts: 11
    • Personal Message (Offline)
Re: Migwiz.exe
« Reply #12 on: May 31, 2010, 09:41:09 PM »
I got this today as well, and I moved it to the chest. Is it possible this is just a false positive?

Offline Gargamel360

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 2358
  • Gender: Male
  • Memento Mori
    • Personal Message (Offline)
Re: Migwiz.exe
« Reply #13 on: May 31, 2010, 09:58:28 PM »
Looks like it.
Polonus knows his malware. :)
He posted his source if you would care to check yourself.
Signature?  But I gots no pen....

Offline mag

  • Advanced Poster
  • **
  • Posts: 743
    • Personal Message (Offline)
Re: Migwiz.exe
« Reply #14 on: June 01, 2010, 04:08:24 PM »
I got the same thing with a scan yesterday. Moved migwiz.exe to the chest yesterday. Did a right click avast scan on it inside the chest today (with latest virus database) and it says "migwiz.exe - no virus", so I assume it was just a false positive in yesterdays virus database release?

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now