cancel
Showing results for 
Search instead for 
Did you mean: 

VirusScan false positive

hello guys,

I know that i should't do that but yesterday at work I plugged my HDD on my company’s PC which ran Mcafee Virusscan Entreprise and Windows XP, it automatically launched an analysis and the worst thing happened ! It detected hundreds mp3 files as W32/getcodec viruses. The network administrators became crazy because of all the alerts brought up to them.

I have had these files for years now and no antivirus mark them as viruses so once back at home i downloaded the latest version of Mcafee Virusscan Entreprise with the free trial to test my drive with several .DAT database(7500, 7545 and 7622) on Windows 7, but it found nothing at all !

To be sure I tested many of the potentially infected files on virustotal.com but then again nothing.

So my question is could it be a false positive from the Virusscan of my company ? or is the operating system involved ? Or is there a special module to find this kind of virus ? I really don't understand.

And can a Mcafee Technician test my files to tell me if they are infected ?

Thanks for your answer.

Ronan

6 Replies

Re: VirusScan false positive

,

                  By not being familiar with the Corporate/Enterprise applications, I have no suggestions other than consulting your Support Team/or Service Portal. However here is a description from the McAfee Threat Center, in regards to the mentioned Detection  W32/GetCodec - Malware - McAfee Labs Threat Center

All the very best,

Catdaddy

McAfee Volunteer Moderator

(Consumer Products)

Cliff
McAfee Volunteer

Re: VirusScan false positive

You can also test the files on www.virustotal.com.

Re: VirusScan false positive

Yes peacekeeper, I did that, I test many files on virustotal.com but none of them was infected. I clearly think it was a false positive but I wanted to have your opinion. Could an antivirus made so many mistakes (more than 500 files)? Or is the non trial version of virusscan entreprise more accurate than any antivirus engine on www.virustotal.com?

Re: VirusScan false positive

See....How to Submit a file to the Labs for analysis: http://www.mcafee.com/us/threat-center/resources/how-to-submit-sample.aspx

 

Email file to: virus_research@mcafee.com and make the header of the email start with the word FALSE - for example FALSE:  In-house file being detected by McAfee

When submitting samples via E-mail all samples must be packaged in a .ZIP file.

Additionally, any .ZIP file created must be password-protected using the password "infected" (minus the "") - using the basic or default zipping level - some compression software offers varying degrees.  Failure to follow these guidelines will cause your submission to be rejected.

If you've done that properly an automated response should be received almost immediately, followed by a manual one, usually within 24 - 48 hours.

If you don't receive anything it either means the file was submitted incorrectly or the response is sitting in your Junk or Spam mail folders.

**If they respond that it is an infection and you are sure it is not, reply to that email immediately ( to virus_research@mcafee.com ) and insert the word 'False' (minus the '') in front of the header, but keep the rest of the header intact.

To be on the safe side scan with an outside anti-malware agent such as MalwareBytes (Free)  or SuperAntispyware (Free). Let them clean everything they find.

Hayton
Level 18
Report Inappropriate Content
Message 6 of 7

Re: VirusScan false positive

If you have 500 MP3 files then those messages indicate not 500 malware detections but one malware detection repeated 500 times.

You haven't said anything about any messages you get when running any of these files. Have a look at the Microsoft entry for this malware detection and see if you recognise any of the illustrated dialog windows that would confirm the files have been tampered with by malware. The extension may be MP3 but if infected they will have been changed to required WMP.

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FGecedo...

Re: VirusScan false positive

, i tested my files with MalwareBytes as you said, but again it found nothing, no virus w32/getcodec in my music. I will send some samples tomorrow to Mcafee Labs.

, yes it should be the same malware detected many times. I didn't say anything about any messages i could get when running those files because there isn't any dialog windows asking me to download a codec. I test with VLC and with WMP, it's the same, there is nothing at all, everything looks OK !