9 Replies Latest reply on Dec 28, 2011 2:04 PM by exbrit

    McAfee Is Deleting Things Without Asking!

      HI,

      I have a copy of Portable Counter Strike on my USB thumb drive that I like to play with some of my mates. However when I try to extract the portable copy to my laptop McAfee insists on deleting one of the two self extracting archives (ZeroX.exe) in the PCS file. Is there any way I can stop McAfee from deleting this file, because I know itss not a virus, without turning off McAfee?

       

      P.s I have included a screen shot of the deletion window McAfee shows for reference.

        • 1. McAfee Is Deleting Things Without Asking!
          Peacekeeper

          Only way other than disabling real time scanning is to submit the file to Mcafee as a false +ve

           

          http://vil.nai.com/vil/submit-sample.aspx

           

          When you get back the auto reply add false +ve to subject and reply back asking for a manual recheck. See if you can get other friends to do this as well always better having several reports.

          • 2. McAfee Is Deleting Things Without Asking!

            I did as you suggested and the web service couldn't find any harmful things in the file so it automaticaly refered it onto some other service. That then sent back an email with a .dat file and instructions to install the file. How do I send back the false positive to McAfee?

            • 3. McAfee Is Deleting Things Without Asking!
              Peacekeeper

              Did you install the dat? What did the second email say? Did it say it is infected?

              • 4. Re: McAfee Is Deleting Things Without Asking!

                No I didn't install the .dat file. Here is a copy of the email:

                 

                McAfee Labs Sample Analysis

                Issue Number:  6550172  

                Identified: Generic.TRA

                 

                McAfee Labs, McAfee Labs

                 

                Thank you for submitting your suspicious files.

                 

                Synopsis -

                 

                Attached is a file for extra detection, which will be included in a future DAT set.

                 

                EXTRA.DAT

                 

                The extra dat will detect the following files in the escalation.

                 

                Filename            MD5 digest                                                      

                --------            ----------                                                      

                zerox.exe           79bc464f5e853934987d2d3011068c98                                

                 

                The file should be copied into the directory where the other DAT files reside (with default installation, C:\Program Files\Common Files\McAfee\Engine).

                 

                Otherwise, use the find/search utility on your computer search to for the following file:

                McScan32.dll

                 

                Then copy the Extra.dat we have sent you to the same folder where one of the above is located.

                Once you have copied the file, reboot the system for the driver to be loaded.

                 

                Further information about Extra.DATs can be found at http://vil.mcafeesecurity.com/vil/systemhelpdocs/extradat.aspx.

                 

                Solution -

                 

                To ensure that you have the maximum available capability of detecting and cleaning this malware on your system, please make sure you have the latest engine.

                 

                DAT updates are available at: http://www.mcafee.com/apps/downloads/security_updates/dat.asp

                 

                Support -

                 

                Virus Research accepts file-samples for analysis and possible inclusion into AV signature DAT sets. We are also prepared to answer general virus questions.

                 

                All product-related questions and comments can be addressed through technical support and customer service, including:

                 

                * Product installation and update questions

                * Product usage questions

                * Specific operating system/version questions

                * Assistance with detection and cleaning or removal of viruses or trojans

                 

                Please use the following link to reach our technical support group for McAfee products.

                 

                Corporate Gold Customers:

                https://mysupport.mcafee.com

                 

                Corporate Platinum Customers:

                https://platinum.mcafee.com

                 

                Single User/Retail Customers:

                <http://service.mcafee.com/default.aspx>

                 

                Regards,

                 

                McAfee Labs

                A division of McAfee, Inc.

                --------------------------

                McAfee Labs Blog <http://www.avertlabs.com/research/blog/>

                AudioParasitics - The Official PodCast of McAfee Labs <http://podcasts.mcafee.com/audioparasitics>

                --------------------------

                Safe online? Avoid dangerous web sites using McAfee SiteAdvisor™ -  a FREE download from http://www.siteadvisor.com?cid=27092. Don't search or surf without it!

                • 5. Re: McAfee Is Deleting Things Without Asking!
                  Peacekeeper

                  Hmm ok they reckon it is infected and made a extra dat to detect it better.

                   

                  If you are sure all fine reply to this email add false +ve to subject and request a review. Say why you think it is clean.

                  • 6. Re: McAfee Is Deleting Things Without Asking!

                    Hi again,

                    I sent back a review request as you said and I got back this email. I dont think its in response to my review request but it dose go into detal about the Trojan itself.

                     

                    McAfee Labs Sample Analysis

                     

                    McAfee Labs, Automation

                     

                    Thank you for submitting your suspicious file(s). We have determined that the following submissions are handled by our AV signature DAT files.

                     

                            Reference  : (Escalation) 6550172

                            ---------------------------------

                            

                            File Name                    Findings            Detection               Type              

                            =========                    ========            =========               ====              

                            zerox.exe                    detected            generic.dx!wmd          trojan            

                            VIL Link: Not available

                            

                     

                    DAT 6281 provides cover against all of the submissions shown above.

                     

                    Solution -

                     

                    To ensure that you have the maximum available capability of detecting and cleaning this malware on your system, please make sure you have the latest engine.

                     

                    DAT updates are available at: http://www.mcafee.com/apps/downloads/security_updates/dat.asp

                     

                    Support -

                     

                    Virus Research accepts file samples for analysis and possible inclusion into AV signature DAT sets. We are also prepared to answer general virus questions.

                     

                    All product related questions and comments can be addressed through technical support and customer service, including:

                     

                    * Product installation and update questions

                    * Product usage questions

                    * Specific operating system/version questions

                    * Assistance with detection and cleaning or removal of viruses or trojans

                     

                    Please use the following link to reach our technical support group for McAfee products.

                     

                    Corporate Customers:

                    <https://mysupport.mcafeesecurity.com>

                     

                    Single User/Retail Customers:

                    <http://service.mcafee.com>

                     

                    Regards,

                     

                    McAfee Labs

                    --------------------------

                    McAfee Labs Blog <http://www.avertlabs.com/research/blog/>

                    AudioParasitics - The Official PodCast of McAfee Labs <http://podcasts.mcafee.com/audioparasitics>

                    --------------------------

                    Safe online? Avoid dangerous web sites using McAfee SiteAdvisor™ -  a FREE download from http://www.siteadvisor.com?cid=27092. Don't search or surf without it!

                    • 7. Re: McAfee Is Deleting Things Without Asking!
                      Peacekeeper

                      Seems more an auto type reply  they seem to say it is infected.

                       

                      Next thought is

                       

                      - Join the McAfee Getsusp group at https://community.mcafee.com/groups/getsusp30-beta-feedback

                      You will have to ask there for Getsusp, which is a Beta program and not yet on general release.

                      Download here latest version https://community.mcafee.com/message/161182#161182

                      Before you use Getsusp, you should go to this document

                      https://community.mcafee.com/docs/DOC-1323

                      and download the PDF file explaining what Getsusp is and how it works, and this document

                      https://community.mcafee.com/docs/DOC-1761

                      which downloads the installation guide PDF document.

                       

                      Disable Real time scanner and run getsusp and post the required file in your post in the thread.

                       

                      Mention you think it is a false detection and as these are manually checked they can be white listed fast.

                      • 8. Re: McAfee Is Deleting Things Without Asking!

                        I found a working solution. your going to have to ditch this POS. It is obviouse that the devs think of users as runny nosed children. Malwarebytes anti-malware, not only handles everything that mcafee can do, they dont make you fork out your entire paycheck!

                         

                        options such as (remove file after quarenteen) are just that OPTIONS!

                         

                        all in all it is time for these greedy corps like mcafee to go sit on somthing

                        • 9. Re: McAfee Is Deleting Things Without Asking!
                          exbrit

                          That is way off base and you are in for a big surprise if you believe that.

                           

                          A quote from one of the lead developers of MalwareBytes (Bruce Harrison):

                          ...

                          As far as why MBAM is very good at dealing with this infection, that is simple. MBAM is designed to be very good at dealing with malware that the AVs seem to be having problems with. I do not spend my time making MBAM detect millions of infections that any decent AV already detects as MBAM is DESIGNED to work alongside antivirus software, not replace it.  A huge chunk of the research that goes into MBAM revolves around what we see making it into HJT threads as the vast majority of these threads involve antivirus software that was in some way bypassed.

                          ...

                          Lets settle this now and avoid any further misinformation. MBAM is now a very good backup to any antivirus software and will only get better in the future. MBAM will NEVER add antivirus abilities to its core app and is always advised to be used WITH antivirus software. We actually get this question a lot in the forums and I assure you that we always say :

                          "No, MBAM can't replace your existing antivirus software and is not designed to."

                          ...

                           

                          I would also point you to the forums terms of service you agreed to when you joined:  https://community.mcafee.com/docs/DOC-1001

                           

                          To get back to the OP - I moved this to Artemis discussion.  There is plenty you can do for erroneous detections, read here:  https://community.mcafee.com/thread/2016