This content has been marked as final. Show 34 replies
If you read the WebImmune feedback the dll file submitted is called a generic PUP - and so did VirusScan until just recently. Now it's calling it a Trojan (when it quarrantines it) So something has just changed in VirusScan since the file has not changed for years. How can you undo this recent change in VirusScan?
Only they can do that if you can convince them it's a PUP and not a trojan or even better not even a PUP.
It 's been 4 days since the file was submitted to Avert and it's still being detected and quarantined as a Trojan. I see the keylogger is on my list of Trusted Programs in McAfee. Why is a trusted list still being kept if no attention is being paid to it?? This is becoming quite frustrating.
Did they acknowledge - not the auto-reply, a proper acknowledgement? If not re-submit it, and when you get the final reply, if it is negative, respond disputing it immediately.
Email file to: [EMAIL="firstname.lastname@example.org"]email@example.com
When submitting samples via E-mail all samples must be packaged in a .ZIP file. When creating this .ZIP file, it is important to understand that the .ZIP can be no more than 3 megabytes in size and can contain no more than 30 files. Additionally, any .ZIP file created must be password-protected using the password "infected" (minus the ""). Failure to follow these guidelines will cause your submission to be rejected.
Also see *Unofficial* Increase In Size Of Submissions To Threat Center
I would repeat, it's unlikely that a keylogger by its very nature, would ever be approved, but you never know.
Here is the text of their reply:
"McAfee Labs - Beaverton
Current Scan Engine Version:5300.2777
Current DAT Version:5779.0000
Thank you for your submission.
Analysis ID: 5592510
File Name Findings Detection Type Extra
thehookxp.dll |current detection |generic pws.y!bbg |Trojan |no
current detection [thehookxp.dll]
The file received is infected and can be detected and removed with our current DAT
files and engine. It is recommended that you update your DAT and engine files and scan
your computer again.
If you are not seeing this with the product you are using, please speak with technical
support so that they can help you determine the cause of this discrepancy. "
As I stated before this site is not set up to certify submitted files as safe - it's purpose is precisely the opposite. That is why sending it to them is a total waste of time. Why is this file suddenly a Trojan when it wasn't for the past five years it existed on my PC??
When a file or application is added to trusted list that should be the end of the issue (as it had been until about 1 week ago). This was a major change in protocol to the program and I either need to find how to undo it or will be looking for a different virus scanner.
I guess it would be logical to assume that they are making detection more and more sensitive, which isn't surprising considering the thousands of new threats that appear daily.
Reply to that email disputing their claim.
thanks - unfortunately this form contains a ton of questions that could only be answerd by the software developer and if you don't fill out every field it gets rejected. Also the McAfee Product Selection doesn't contain a listing for the version of Virus Scan being used.
From your previous post: "I guess it would be logical to assume that they are making detection more and more sensitive, which isn't surprising considering the thousands of new threats that appear daily".
Yes - and there are probably many undesirables in my town that would like to break into my home. That is why I have door locks and a security system with the keys/password restricted to people selected by ME - not the manufacturer of the security system!
You're right, I'll pass that back.
Well you can't accuse of not trying: my problem has been "escalated" based on this email:
McAfee Labs Sample Analysis
Issue Number: 5592510
Virus Researcher: Arun Pradeep
McAfee Labs, Singapore
Identified: generic keylog.b
Thank you for submitting your suspicious file.
Attached is a file for extra detection, which will be included in a future DAT set.
The file should be copied into the directory where the other DAT files reside (with default installation, C:\Program Files\Common Files\McAfee\Engine).
Otherwise, use the find/search utility on your computer search to for the following file:
Then copy the Extra.dat we have sent you to the same folder where one of the above is located.
Once you have copied the file, reboot the system for the driver to be loaded.
Further information about Extra.DATs can be found at http://vil.mcafeesecurity.com/vil/systemhelpdocs/extradat.aspx.
To ensure that you have the maximum available capability of detecting and cleaning this malware on your system, please make sure you have the latest engine.
DAT updates are available at: http://www.mcafee.com/apps/downloads/security_updates/dat.asp
Virus Research accepts file samples for analysis and possible inclusion into AV signature DAT sets. We are also prepared to answer general virus questions.
Kind of confirms previous feeling that this site is set up to analyze files you suspect as infected - not to undo ones you know are not. Don't know if it's even worth replying to this since they obviously don't read the text of the message.