Please report any false positives to McAfee Labs as soon as possible.
See McAfee KnowledgeBase article KB67411 - How to submit a possible false or incorrectly classified sample file to McAfee Labs
I submitted it to Virus_Research@avertlabs.com.
It will not accept any attachments unless you put them in a
password protected .zip file with the password “infected” .
After several tries I got an automated response saying that it is a virus.
On the basis of the information provided I would advise to immediately launch a case and have this escalated.
Please see http://www.mcafee.com/us/about/contact/, select your location and contact McAfee Technical Support.
We have the same trouble since a few weeks.
8/13/2010 9:00:07 AM Engine version = 5400.1158
8/13/2010 9:00:07 AM AntiVirus DAT version = 6072.0
8/13/2010 9:00:07 AM Number of detection signatures in EXTRA.DAT = None
8/13/2010 9:00:07 AM Names of detection signatures in EXTRA.DAT = None
8/13/2010 4:44:33 PM Deleted C:\Mosaiq\SetupMosaiq_original.exe C:\DOCUME~1\91092\LOCALS~1\Temp\IXP000.TMP\document.doc .exe W32/Autorun.worm.c (Virus)
Sorry, should have updated this sooner.
Actually, the file size was increased on the .exe files, so something did modify them.
When I submitted the last setup.exe file to VirusTotal, it came back with a different name from the McAfee component.
Kaspersky 18.104.22.168 2010.08.04 Trojan-Dropper.Win32.Typic.bke McAfee 5.400.0.1158 2010.08.04 Artemis!954A5517E2E1 McAfee-GW-Edition 2010.1 2010.08.04 Artemis!954A5517E2E1
After a test my .exe file turned out to be infected too.
I disabled McAfee and unpacked the file, then a document.doc.exe appearred. (With al lot of spaces between de doc and the .exe)
When I enabed McAfee, document.doc.exe was deleted by McAfee.
Thank you for your response!