cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 1 of 5

McAfee Alert False-Positive: JS/Exploit-packed.C

Jump to solution

Anyone seeing trojan name per McAfee DAT 6217/6218 JS/Exploit-packed.C (file name: gdsr(1).js)?

Per a blog post:

"The company I work for noted several detections for JS/Exploit-Packed.c on VirusScan today. After some digging I managed to find this page.

Your gdsr.js file that was being detected was submitted to McAfee Platinum Support, verified as not malicious, and will be excluded from being detected in a future DAT release. Unclear which DAT release it will be, but if you know someone with McAfee they can try it out. It should either be the 6219 or 6220 DAT release (1/7 or 1/8). "

Do a search via google for: "trojans name is gdsr.js" or "mcafee gdsr.js". I would post the links but a couple of the blogs/ bulletin referencing this is getting tag by McAfee for JS/Exploit-packed.C (file name: gdsr(1).js).

Any insight on this would be helpful....

TIA


If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
1 Solution

Accepted Solutions
mjmurra
Level 12
Report Inappropriate Content
Message 4 of 5

Re: McAfee Alert False-Positive: JS/Exploit-packed.C

Jump to solution

mjmurra wrote:

Yep have been seeing it since 6216 from memory. It's basically a FP on a "rate content" script used on various blogs and other websites.

I have an extra.dat, and deployed to clients. Waiting for the fix in the prod dats.

Have had at least 5 FPs a day with it.

Fix appears to have been implemented into the production dats over the weekend.

4 Replies
Highlighted

Re: McAfee Alert False-Positive: JS/Exploit-packed.C

Jump to solution

I have noticed the same thing in my network.  Have you narrowed it down to any specific sites?  I have not had a chance to locate this one.

mjmurra
Level 12
Report Inappropriate Content
Message 3 of 5

Re: McAfee Alert False-Positive: JS/Exploit-packed.C

Jump to solution

Yep have been seeing it since 6216 from memory. It's basically a FP on a "rate content" script used on various blogs and other websites.

I have an extra.dat, and deployed to clients. Waiting for the fix in the prod dats.

Have had at least 5 FPs a day with it.

mjmurra
Level 12
Report Inappropriate Content
Message 4 of 5

Re: McAfee Alert False-Positive: JS/Exploit-packed.C

Jump to solution

mjmurra wrote:

Yep have been seeing it since 6216 from memory. It's basically a FP on a "rate content" script used on various blogs and other websites.

I have an extra.dat, and deployed to clients. Waiting for the fix in the prod dats.

Have had at least 5 FPs a day with it.

Fix appears to have been implemented into the production dats over the weekend.

Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 5 of 5

Re: McAfee Alert False-Positive: JS/Exploit-packed.C

Jump to solution

Looks like it was corrected in DAT 6218 or 6219.  As for the sites that were producing the FP's, I wasn't able to track that down.  But it appears that the FP had something to do with:

"GD Star Rating 1.9.7........the main JavaScript file in GD Star Rating is marked as Trojan by McAfee....."

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community