1 2 Previous Next 17 Replies Latest reply on Mar 16, 2011 4:34 PM by wysinotwyg

    uvscan - 6282.tar Found the PWS-SpyEye!env.a trojan !!!

      All of a sudden we are gettiong loads of these errors since updating to 6282.tar

       

      example /apps/mcafee/validate.exe

       

      We are getting hundreds of these across all file our Solaris system I am also very sure there aren't any Trojans in any of these files,

       

      Is anybody else having similar problems looks like a false positive to me?

       

      Comments Please

       

        • 1. Re: uvscan - 6282.tar Found the PWS-SpyEye!env.a trojan !!!
          Peter M

          I have a feeling this is VSE or other, not Home and Home Office Products...I will move it if you indicate what product this is.

           

          Message was edited by: Ex_Brit on 14/03/11 11:39:01 EDT AM
          • 2. uvscan - 6282.tar Found the PWS-SpyEye!env.a trojan !!!

            Hi Ex_brit, yes I think your right I noticed after I had submitted.

             

            The product is Mcafee Virus scan for Sun Sparc Version 6.0.0.309

            AV Engine Version 5400.1158

             

            Was trying to find whether anybody else has the same problem almost 100% sure it is a false positive and was after confirmation and whether I need to report to Mcafee.

             

            Please move as appropriate appreciated.

             

            John

            1 of 1 people found this helpful
            • 3. uvscan - 6282.tar Found the PWS-SpyEye!env.a trojan !!!
              Peter M

              Moved it to VirusScan Other for better attention.  Someone will come along from the Business Community with more knowledge than I soon hopefully.

              • 4. uvscan - 6282.tar Found the PWS-SpyEye!env.a trojan !!!

                We noticed a huge number of false positives after testing 6282.  Our system runs AIX 5.3.  No response yet from McAfee.

                • 5. Re: uvscan - 6282.tar Found the PWS-SpyEye!env.a trojan !!!

                  We have hit the same issue.  A lot of *.exe files are showing as infected.  We compared one file to a version a couple of years old (burned to DVD on Dec 2007), and they appear to be identical.  The virus scanner says the old version has the virus as well, which I find dubious.  I have tried Microsoft Security Essentials scan and it did not find any issues, although it may not detect this particular trojan.  Also scanned with Norton, and no issues there either.  We are running Redhat Linux uvscan 6.0.0.309, dat file 6284 created March 13, 2011.  This is our first scan with this dat file.

                   

                  Ran a McAfee VirusScan Enterprise 8.5.0i, Dat 6284.0000, March 13, 2011 against the same files, from Window's XP OS, and found no issues.  Same DAT file, different engine, and OS, inconsistent results.

                   

                  Message was edited by: wysinotwyg on 3/14/11 6:53:38 PM CDT
                  • 6. uvscan - 6282.tar Found the PWS-SpyEye!env.a trojan !!!

                    Thanks Everyone  I think this is a false positive, Not sure the way forward but will try and report to Mcafee to see if I can find out why?

                     

                    These files are downloadable by the public so our customer is pretty concerned.

                     

                    EX-brit Thank your move has confirmed what I was thinking.

                    • 7. uvscan - 6282.tar Found the PWS-SpyEye!env.a trojan !!!
                      korax

                      I have the same problem and now more than 500 of my files have been renamed.

                       

                      What's the status of this isseu. This is very annoying !

                      • 8. uvscan - 6282.tar Found the PWS-SpyEye!env.a trojan !!!
                        rackroyd

                        I've pinged McAfee Labs about these reports to be sure they are aware and they are already looking into it.

                        If anyone's willing to link a verbose scan report to this thread that shows these detections i think it'll help the McAfee Labs peeps.

                         

                        Thanks,

                         

                        Rob.

                        • 9. uvscan - 6282.tar Found the PWS-SpyEye!env.a trojan !!!
                          korax

                          e.g. (the file base64-1.3.tar.gz is from 2003 and has not been changed since)

                           

                          root@xxxx werner]# /usr/local/uvscan/uvscan -r --summary  --noboot --secure --ignore-links base64-1.3.tar.gz --verbose

                          McAfee VirusScan Command Line for Linux32 Version: 6.0.3.356

                          Copyright (C) 2010 McAfee, Inc.

                          (408) 988-3832 LICENSED COPY - September 03 2010

                           

                          AV Engine version: 5400.1158 for Linux32.

                          Dat set version: 6285 created Mar 14 2011

                          Scanning for 656989 viruses, trojans and variants.

                           

                          /home/werner/base64-1.3.tar.gz/base64-1.3.tar/COPYING ... is OK.

                          /home/werner/base64-1.3.tar.gz/base64-1.3.tar/INSTALL ... is OK.

                          /home/werner/base64-1.3.tar.gz/base64-1.3.tar/Makefile.in ... is OK.

                          /home/werner/base64-1.3.tar.gz/base64-1.3.tar/README ... is OK.

                          /home/werner/base64-1.3.tar.gz/base64-1.3.tar/b64.gif ... is OK.

                          /home/werner/base64-1.3.tar.gz/base64-1.3.tar/base64.1 ... is OK.

                          /home/werner/base64-1.3.tar.gz/base64-1.3.tar/base64.c ... is OK.

                          /home/werner/base64-1.3.tar.gz/base64-1.3.tar/base64.exe ... Found the PWS-SpyEye!env.a trojan !!!

                          /home/werner/base64-1.3.tar.gz/base64-1.3.tar/base64.pdf ... is OK.

                          /home/werner/base64-1.3.tar.gz/base64-1.3.tar/base64.w ... is OK.

                          /home/werner/base64-1.3.tar.gz/base64-1.3.tar/config.h.in ... is OK.

                          /home/werner/base64-1.3.tar.gz/base64-1.3.tar/configure ... is OK.

                          /home/werner/base64-1.3.tar.gz/base64-1.3.tar/configure.in ... is OK.

                          /home/werner/base64-1.3.tar.gz/base64-1.3.tar/getopt.c ... is OK.

                          /home/werner/base64-1.3.tar.gz/base64-1.3.tar/getopt.h ... is OK.

                          /home/werner/base64-1.3.tar.gz/base64-1.3.tar/index.html ... is OK.

                          /home/werner/base64-1.3.tar.gz/base64-1.3.tar/install-sh ... is OK.

                          /home/werner/base64-1.3.tar.gz/base64-1.3.tar/rfc1341.html ... is OK.

                          /home/werner/base64-1.3.tar.gz/base64-1.3.tar/rfc1341.txt ... is OK.

                          /home/werner/base64-1.3.tar.gz ... is OK.

                           

                           

                          Summary Report on /home/werner/base64-1.3.tar.gz

                          File(s)

                                  Total files:...................     1

                                  Clean:.........................     0

                                  Not Scanned:...................     0

                                  Possibly Infected:.............     1

                           

                           

                          Time: 00:00.00

                          1 2 Previous Next