cancel
Showing results for 
Search instead for 
Did you mean: 
alex_n
Level 7
Report Inappropriate Content
Message 1 of 6

False Positive--mluser32.dll--GetSusp Uploaded.

Jump to solution

Hello team!

"mluser32.dll"

This is a file needed to run an accountancy program.

It is a FALSE POSITIVE case.

11/17/2011

Work Item ID: 341006

Filename: mluser32.dll

Type: trojan

But file its perfectly safe, trusted, and needed to run an accountance software, that has been used for 14 years now.

Can you review and return an update???

Thank you very much in advance!!

1 Solution

Accepted Solutions
Highlighted

Re: False Positive--mluser32.dll--GetSusp Uploaded.

Jump to solution

Flagging off to someone

5 Replies
alex_n
Level 7
Report Inappropriate Content
Message 2 of 6

Re: False Positive--mluser32.dll--GetSusp Uploaded.

Jump to solution

Labs answered this:

McAfee Labs Sample Analysis

McAfee Labs, Automation

Thank you for submitting your suspicious file(s) through the GetSusp tool. We have determined that the following submissions are handled by our AV signature DAT files.

        Reference  : (Escalation) 6785162

        ---------------------------------

        

        File Name                    Findings            Detection               Type              

        =========                    ========            =========               ====              

        mluser32.dl_                 detected            generic.dx!bajm         trojan            

       

        

DAT version 6531 provides cover against all of the submissions shown above.

Solution -

To ensure that you have the maximum available capability of detecting and cleaning this malware on your system, please make sure you have the latest engine.

DAT updates are available at: http://www.mcafee.com/apps/downloads/security_updates/dat.asp

Support -

Virus Research accepts file-samples for analysis and possible inclusion into AV signature DAT sets. 

All product-related questions and comments can be addressed through technical support and customer service, including:

* Product installation and update questions

* Product usage questions

* Specific operating system/version questions

* Assistance with detection and cleaning or removal of viruses or trojans

Please use the following link to reach our technical support group for McAfee products.

Business Customers:

<http://www.mcafee.com/us/support.aspx>

Home Customers:

<http://home.mcafee.com/root/support.aspx>

Regards,

McAfee Labs

--------------------------

McAfee Labs Blog <http://blogs.mcafee.com/mcafee-labs>

AudioParasitics - The Official PodCast of McAfee Labs <http://podcasts.mcafee.com/audioparasitics/>

--------------------------

BUT, this is not an infection, or a trojan.

This is a safe file that its needed to work on accountancy.

We already replied to that email with the word "False" (minus the "")

I hope this works ok.

Thanks.

Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 3 of 6

Re: False Positive--mluser32.dll--GetSusp Uploaded.

Jump to solution

http://www.gecom.com.ar/Descargar/contenido.htm

mluser32.dll : downloaded and submitted to VirusScan. Clean (0/42) - see

http://www.virustotal.com/file-scan/report.html?id=0b98b6993e95c404f6deee5dc60c0a4dcbfd819c4e3b9426c...

(Edit) But also see http://r.virscan.org/b80bfebb9627d19c6d9b4ad80613fda9 (2009) - perhaps it depends where the file comes from or when it was created or modified.

Wait for a response from the labs, see what they say.

Message was edited by: Hayton on 17/11/11 23:36:47 GMT
Highlighted

Re: False Positive--mluser32.dll--GetSusp Uploaded.

Jump to solution

Flagging off to someone

alex_n
Level 7
Report Inappropriate Content
Message 5 of 6

Re: False Positive--mluser32.dll--GetSusp Uploaded.

Jump to solution

Guys,

we received the extra.dat file.

OK.

But, we cant seem to find the folder containing the   McScan32.dll    file we were instructed to look for via Search tool, for pasting the new file into that folder.

Also, I search the sugested link 

http://vil.mcafeesecurity.com/vil/systemhelpdocs/extradat.aspx

where I found the following path to copy/paste the new extra.dat file:

  • Double click on the Program Files folder.
  • Double click on the Common Files folder.
  • Double click on the Network Associates folder.
  • Double click on VirusScan Engine folder.
  • Double click on the 4.0.xx.

But again, imposible to find.   We dont have the Network Associates folder.    Isnt that location (document) outdated???

What should we do?

Is it necesary to manually copy that file? Or can we wait for the automatic MTP update??

Here are the instructions via email received yesterday:

"McAfee Labs Sample Analysis

Issue Number: 6785162 Virus Researcher: Showvik Chakraborty

Filename: mluser32.dl_

Detected as Generic.dx!bajm in DAT: 6534

Identified: No Virus/Trojan

McAfee Labs, McAfee Labs, Bangalore, India

Thank you for submitting your suspicious file.

Synopsis -

Our Senior Virus Research Engineers have examined the file in question and no virus was found.

Solution -

Attached is an extra.dat with correct detection. This correction will be included in the next DAT update.

EXTRA.DAT

This should be used with any of the McAfee AV Scanners.

The file should be copied into the directory where the other DAT files reside.

Using the find/search utility on your computer search for the following file:

McScan32.dll

Then copy the Extra.dat we have sent you to the same folder where one of the above is located.

Once you have copied the file, reboot the system for the driver to be loaded.

Further information about Extra.DATs can be found at http://vil.mcafeesecurity.com/vil/systemhelpdocs/extradat.aspx.

Solution -

To ensure that you have the maximum available capability of detecting and cleaning this malware on your system, please make sure you have the latest engine.

DAT updates are available at: http://www.mcafee.com/apps/downloads/security_updates/dat.asp

Support -

Virus Research accepts file-samples for analysis and possible inclusion into AV signature DAT sets.

Regards,

McAfee Labs"

That´s it.

I think we are almost there, but this one last fundamental thing is missing.

Thanks for all the support!!

El mensaje fue editado por: alex_n on 21/11/11 10:06:34 AM CST
alex_n
Level 7
Report Inappropriate Content
Message 6 of 6

Re: False Positive--mluser32.dll--GetSusp Uploaded.

Jump to solution

Issue Solved!

Despite not being able to manually copy and paste the extra.dat file,  the automatic update was succesfull and now the accountacy software is able to run without problems.

So, everything ended up perfect.

Thank you guys for all the help.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community