MSC detected/quarantined a file today that I am certain is a False Positive.
It is the program file for an older version of CCleaner (v. 2.27) from Piriform that was in my downloads folder.
I have restored the file and attached it as a password-protected zip file (password = "infected").
I am running OEM MSC on this Dell XPS 420 running Win Vista Ultimate SP2 (32 bit), IE8, FF 3.6.2.
All Windows and MS and McAfee programs are fully updated (though I have not yet received the 2010 versions of McAfee as an update).
There has been no suspicious behavior on the system.
Scans with McAfee, MBAM Pro 1.45 and SuperAntispyware are all clean.
My McAfee versions are:
VS 13.15.116 (DAT 5935, 3/29/2010, Engine 5301.4018)
NOTE: The attached zip file may be infected!
PS Since the file in question is an outdated version of the software, I will just delete it from the computer. And since this particular file is not on my other, newer system that also runs McAfee (the XPS 8100), I did not receive a detection from McAfee for this file on that computer. Just this one.Message was edited by: imikhlin
Even though you think the detection is a false positive, I've removed the attachments that you made in your post
To submit samples for review, there is a process that can be followed to insure everything gets safely to McAfee Labs. Please see http://vil.nai.com/vil/submit-sample.aspx for how to submit samples.
If it's a false, McAfee will remove the detection from future DATs and you may receive an extra.dat to suppress the detection on your machine, until that happens.
Hope that helps,
Thanks for writing.
That entire webimmune submission process is a flail (have attempted it multiple times in the past, and cannot even set up an account).
And frankly, I don't have the time to flail on it again right now.
I have submitted the file by email (zipped, password-protected) to email@example.com.
I'm seeing a different detection with the 5936 dats - Genericd.dx!psw
I have submitted a copy to Avert, and hopefully they will resolve the FP issue.Message was edited by: Mal09 on 30/03/10 16:59:04 GMT