This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

Virus/Win32.WGeneric.esuykr(752144200) via filename=msvcp140_2_app.dll

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Virus/Win32.WGeneric.esuykr(752144200) via filename=msvcp140_2_app.dll

becksyboy
L0 Member

‎11-24-2025 02:39 AM

Hi All,

we have had a large amount of the following alerts via this filename. We think it could be related to a Microsoft update. Has anyone else seen this?

 

Virus/Win32.WGeneric.esuykr(752144200) via filename=msvcp140_2_app.dll

0 Likes Likes
5 REPLIES 5

vicNSS
L0 Member

‎11-24-2025 05:01 AM

Hi Becksyboy,

I do not have answer but I am wondering myself about it. I can see several alerts in last 2 days concerning what you described - on several endpoints but no information is found. Only place on the Internet I see about this issue is this community thread. Despite action being BLOCKED_9 - I do not see any usefull information. 

0 Likes Likes

MattVanEpps
L0 Member

‎11-24-2025 07:59 AM

Having the same issue. Thousands of alert emails. All the same Virus/Win32.WGeneric.esuykr(752144200) with misc: 206.206.85.202/filestreamingservice/files/9683459a-02fa-4bd6-9ae6-af8ddfbeef35?P1=1764000338&P2=404&P3=2&P4=YDDgm/xWLBt72w75YAeGr9xQrqK8hDBIUmysmppuEA4LGHQH05HpVTdDCdlt1nw+5ewnbPKWuH1bhYnl4pa5Jw==&cacheHostOrigin=2.tlu.dl.delivery.mp.microsoft.com. It looks like just about every computer on the inside of this network have triggered the alert. 

0 Likes Likes

josh.weeden
L0 Member

‎11-24-2025 10:15 AM

Any updates on this? I also had it trigger on a couple other files, such as WindowsAdvancedSettings.exe but coming from the same ip of 216.74.105.201

0 Likes Likes

sounetworksupport
L1 Bithead

‎11-24-2025 10:24 AM - edited ‎11-24-2025 10:26 AM

I think these were false positives. Try installing the 5381-5907 A/V updates from this morning. That put a stop to these detections for us.

If you pull up the Threat IDs in the Threat Vault, you'll see where they removed the definitions in the 5381-5907 update. For example, look at https://threatvault.paloaltonetworks.com/?query=752144200

 

In Current Release: No

Last Release: 5380 (2025-11-23 UTC)

First Release: 5379 (2025-11-22 UTC)

0 Likes Likes

SYoung14
L0 Member

‎11-24-2025 12:19 PM

We are seeing the same behavior.

 

If this is actually a false positive against a legitimate Microsoft update, then:

  • Why is Microsoft making our computers get DLL files over an unencrypted HTTP connection? (Geez, Microsoft)
  • Why aren't they using their own MSFT netblocks instead of a 3rd party CDN / colocation company (Colocation America Corporation)
  • Why is this behavior happening on computers with Windows updates turned OFF

 

In addition, we noticed the following two additional "files":

216.74.105.204{{{{/}}}}filestreamingservice/files/9683459a-02fa-4bd6-9ae6-af8ddfbeef35?P1=1763926133&P2=404&P3=2&P4=GOZXCewqQuAo9xaOkFUJus8cWmvuRRYqUNIXAp7bl5iI7duymC/li00a7kgIX9MFwBnbDuFTOB9pL7I18kZ2Gg==&cacheHostOrigin=2.tlu.dl.delivery.mp.microsoft.com

 

 

 

0 Likes Likes
  • 442 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks