Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 9
Report Inappropriate Content
Message 1 of 3

May8-9 Autoit Scripts false detection

On May 8-9 McAfee AV detected a lot of my AutoIt scripts as viruses with the ThreatName PWSZbot-FCI!---{ID}----

I was wondering if anyone else had this issue.

It seems like there is somehting fishy about this too.

There were a few marked on my personal workstation and they are in my quarantine manager.  the quarantine manager says they were detected with  DAT version 7432 which at the time of this post is current. When I click on the files and do check for false positive, it says that is can't do that because the current DAT installed is the DAT version that detected the virus.  However, if I recover the quarantined file and then scan it again, it is not detedted as a virus anymore.  So how did 7432 detect this as a virus yesterday, but today it is not detecting it as a virus?

Also, files I submitted to virustotal yesterday - McAfee and another or two detected as virus, but today, they do not detect the same file as a virus.  However the DAT version has not been updated.

Does McAfee ever update the DAT file without incrementing the version?  That is what this feels like.

Just currious if anyone else knows anything about this.

2 Replies
Level 7
Report Inappropriate Content
Message 2 of 3

Re: May8-9 Autoit Scripts false detection

same problem here!  Downloading 7433 - hoping it resolves the issue.  Did it fix the issue for you by chance?

Level 9
Report Inappropriate Content
Message 3 of 3

Re: May8-9 Autoit Scripts false detection

7433 corrects the false positive.  You still have to unquarantine all the files it deleted.  I am not sure how I am going to unquarantine these files on the hundreds of machines where htey were removed from.  We need a better way to clean-up the aftermath when these mass false positives happen.

The strange thing is that it seems like the problem was corrected before 7433 was released.  I'm not sure how McAfee corrected the false positive prior to releasing an updated DAT.  That part is weird.

Good luck.  I see it is your first post, welcome to the McAfee community forums.

Message was edited by: eobiont on 5/9/14 12:38:26 PM GMT-06:00
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community