1 2 3 4 Previous Next 34 Replies Latest reply on Oct 27, 2009 2:57 PM by exbrit Go to original post
      • 10. RE: Key Logger Quarrantined as Trojan
        If you read the WebImmune feedback the dll file submitted is called a generic PUP - and so did VirusScan until just recently. Now it's calling it a Trojan (when it quarrantines it) So something has just changed in VirusScan since the file has not changed for years. How can you undo this recent change in VirusScan?
        • 11. RE: Key Logger Quarrantined as Trojan
          exbrit
          Only they can do that if you can convince them it's a PUP and not a trojan or even better not even a PUP.
          • 12. RE: Key Logger Quarrantined as Trojan
            It 's been 4 days since the file was submitted to Avert and it's still being detected and quarantined as a Trojan. I see the keylogger is on my list of Trusted Programs in McAfee. Why is a trusted list still being kept if no attention is being paid to it?? This is becoming quite frustrating.
            • 13. RE: Key Logger Quarrantined as Trojan
              exbrit
              Did they acknowledge - not the auto-reply, a proper acknowledgement? If not re-submit it, and when you get the final reply, if it is negative, respond disputing it immediately.

              Email file to: [EMAIL="virus_research@avertlabs.com"]virus_research@avertlabs.com
              When submitting samples via E-mail all samples must be packaged in a .ZIP file. When creating this .ZIP file, it is important to understand that the .ZIP can be no more than 3 megabytes in size and can contain no more than 30 files. Additionally, any .ZIP file created must be password-protected using the password "infected" (minus the ""). Failure to follow these guidelines will cause your submission to be rejected.

              Also see *Unofficial* Increase In Size Of Submissions To Threat Center

              I would repeat, it's unlikely that a keylogger by its very nature, would ever be approved, but you never know.
              • 14. RE: Key Logger Quarrantined as Trojan
                Here is the text of their reply:
                "McAfee Labs - Beaverton
                Current Scan Engine Version:5300.2777
                Current DAT Version:5779.0000
                Thank you for your submission.

                Analysis ID: 5592510

                File Name Findings Detection Type Extra
                --------------------|------------------------------|---------------------------- |------------|-----
                thehookxp.dll |current detection |generic pws.y!bbg |Trojan |no

                current detection [thehookxp.dll]

                The file received is infected and can be detected and removed with our current DAT
                files and engine. It is recommended that you update your DAT and engine files and scan
                your computer again.

                If you are not seeing this with the product you are using, please speak with technical
                support so that they can help you determine the cause of this discrepancy. "

                As I stated before this site is not set up to certify submitted files as safe - it's purpose is precisely the opposite. That is why sending it to them is a total waste of time. Why is this file suddenly a Trojan when it wasn't for the past five years it existed on my PC??

                When a file or application is added to trusted list that should be the end of the issue (as it had been until about 1 week ago). This was a major change in protocol to the program and I either need to find how to undo it or will be looking for a different virus scanner.
                • 15. RE: Key Logger Quarrantined as Trojan
                  exbrit
                  I guess it would be logical to assume that they are making detection more and more sensitive, which isn't surprising considering the thousands of new threats that appear daily.

                  Reply to that email disputing their claim.
                  • 16. RE: Key Logger Quarrantined as Trojan
                    exbrit
                    I was just told there's a new page for disputes here: http://www.mcafee.com/us/threat_center/dispute/dispute_form.asp
                    • 17. RE: Key Logger Quarrantined as Trojan
                      thanks - unfortunately this form contains a ton of questions that could only be answerd by the software developer and if you don't fill out every field it gets rejected. Also the McAfee Product Selection doesn't contain a listing for the version of Virus Scan being used.

                      From your previous post: "I guess it would be logical to assume that they are making detection more and more sensitive, which isn't surprising considering the thousands of new threats that appear daily".


                      Yes - and there are probably many undesirables in my town that would like to break into my home. That is why I have door locks and a security system with the keys/password restricted to people selected by ME - not the manufacturer of the security system!
                      • 18. RE: Key Logger Quarrantined as Trojan
                        exbrit
                        You're right, I'll pass that back.
                        • 19. RE: Key Logger Quarrantined as Trojan
                          Well you can't accuse of not trying: my problem has been "escalated" based on this email:

                          ==========================================================
                          McAfee Labs Sample Analysis
                          Issue Number: 5592510
                          Virus Researcher: Arun Pradeep
                          McAfee Labs, Singapore
                          Identified: generic keylog.b

                          Thank you for submitting your suspicious file.

                          Synopsis -

                          Attached is a file for extra detection, which will be included in a future DAT set.

                          EXTRA.DAT
                          The file should be copied into the directory where the other DAT files reside (with default installation, C:\Program Files\Common Files\McAfee\Engine).

                          Otherwise, use the find/search utility on your computer search to for the following file:
                          McScan32.dll

                          Then copy the Extra.dat we have sent you to the same folder where one of the above is located.
                          Once you have copied the file, reboot the system for the driver to be loaded.

                          Further information about Extra.DATs can be found at http://vil.mcafeesecurity.com/vil/systemhelpdocs/extradat.aspx.

                          Solution -

                          To ensure that you have the maximum available capability of detecting and cleaning this malware on your system, please make sure you have the latest engine.

                          DAT updates are available at: http://www.mcafee.com/apps/downloads/security_updates/dat.asp

                          Support -

                          Virus Research accepts file samples for analysis and possible inclusion into AV signature DAT sets. We are also prepared to answer general virus questions.
                          =========================================================
                          Kind of confirms previous feeling that this site is set up to analyze files you suspect as infected - not to undo ones you know are not. Don't know if it's even worth replying to this since they obviously don't read the text of the message.