Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


no digital signature on mqac.sys in %windows%\system32\drivers

  • Please log in to reply
3 replies to this topic

#1 dave4duncan


  • Members
  • 2 posts
  • Local time:02:20 AM

Posted 26 April 2014 - 10:54 AM

I ran rkill to check of problems with my system XP/SP3. The file mqac.sys does no have a valid digital signature. I have 6 copies of this file on my system from past sp's. how do  determine which one to use as a replacement? How do I check to see if it is signed, and if it is do I just swap them out?


Have already cleaned system, getting rid of old files, cleaning the registry, I.e. a deep cleaning to speed up my system and clear up problems. I have no malware or virus' that Avast and several other scan tools and detect.

Attached Files

Edited by hamluis, 27 April 2014 - 11:18 AM.
Moved from XP to Am I Infected - Hamluis.

BC AdBot (Login to Remove)


#2 yu gnomi

yu gnomi

  • Members
  • 532 posts
  • Gender:Male
  • Location:Chicago suburb
  • Local time:04:20 AM

Posted 27 April 2014 - 12:04 AM

from what I can gather, mqac.sys is part of the message queing system (MSMQ) that is not part of a standard XP install, but is a free add-on (at least for XP Pro) if you wanted to install it. It might be part of something called 'Snap Desktop' (which I also don't have)




Does this sound like something that you would have installed on your machine?


If so, I doubt that it's malware, even though there are multiple copies without signatures. I'm pretty sure I have a few Windows system files that aren't signed.


Unless you think they are harmful, I would just leave them be- don't fix what ain't broke. 

Edited by yu gnomi, 27 April 2014 - 12:16 AM.

#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,717 posts
  • Gender:Male
  • Local time:11:20 AM

Posted 27 April 2014 - 01:18 PM

How did you check for the absence of a digital signature? Via the properties tab?


Microsoft executables are often signed via a catalog file, and do not have a "Digital Signatures" properties tab. You need to use a tool like sigcheck.


I explain this all in my video:


The use of sigcheck is explained at the end of the video.

Didier Stevens

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019


If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.


Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"

#4 dave4duncan

  • Topic Starter

  • Members
  • 2 posts
  • Local time:02:20 AM

Posted 27 April 2014 - 02:18 PM

ran rkill which said the file did not have a digital signature. Does rkill not give true results? Your program gave the same result.


This file is a part of the message queing option in windows. Deleting message queing in add/remove windows componets does not delete the files (about 20 of them). As far as I can tell at this point Message queing is not running on my system.


System file checker wants to change these 20 files. I know how to redirect from to the location that they came from (i.e. not the cd drive but a directory). This will not change anything as they are not signed either.


Can I just delete them?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users