LilBambi BSOD Kernel Dump Analyst Joined Apr 17, 2012 Posts 292 Location Virgina, USA Feb 27, 2013 #1 Trojan:JS/Flagrab.A and others detected in VHD in backup only Windows 7 64-bit ENU SP1, updates current (except language packs) MSE without custom exlusions, weekly full scans Security Essentials Version: 2.1.1116.0, Antimalware Client Version: 3.0.8402.0, Engine Version: 1.1.7702.0, Antivirus definition: 1.113.753.0, Antispyware definition: 1.113.753.0, Network Inspection System Engine Version: 2.0.5854.0, Network Inspection System Definition Version: 9.315.0.0 I keep getting detections for several threats within my Windows XP Mode VHD file in the Windows Backup ZIP-files, but not for the actual VHD file (not running), nor by running MSE in the virtual machine itself. I use Windows XP Mode only occasionally to run programs for a USB-device with only a 32-bit driver. I don't recall browsing any web sites there apart from Windows Update. Click to expand... Has anyone seen this before? This may be a scenario I am dealing with for a client. The only place MSE finds any malware is within the backup zips in the backup sets. It doesn't really say which file other than the date and backup.zip. That is noted in this conversation as well when you go to the site and read it and the answer. However, I've already done the suggestions noted before I even found that page today. I even removed all the backup sets, it still found it (in old backup sets that were no longer even there!). I turned off the schedule, and deleted all the sets, and went to the folder on the external hard drive and deleted the folder named for the computer. Then rebooted and ran the full MSE scan again, and there was nothing there. This was a few days ago. Today the full scan found them again. And it is finding files that were in the set for this week but before we started the backup set by two days. Phantoms coming back? or what? Because it's in the zip file in the backups, I am thinking maybe it's a false positive in the VHD file. There are about 20 of them just like they say for that Microsoft Answers article. I thought originally that it was something to do with temporary spaces or something so I went through and made sure to remove all the temporary spaces from all the user account areas that are in the backup. I may go back and remove the VHD from the backup and see if that stops it. Just wanted to put this out there to see if anyone else was having issues. The computer comes up totally clean and has been scanned by ESET online scanner with a clean bill of health as well as from Malwarebytes. Even MSE gives the computer itself a clean bill of health despite what it finds ONLY in the backups. It's weird!