Strange that it would disappear from the Quarantine folder without you actually deleting it from there. Once a file is quarantined it is no longer harmful so there is no need to worry.
Just to double check make sure we are talking the same Quarantine folder.
Double-click the taskbar icon to open SecurityCenter
Click Navigation (top right)
Click Quarantined and Trusted Items lower down that list below
Click any of the 3 'drawers' to expand
It should snhow there until you either delete, restore or report it to McAfee for further checking. (That latter action doesn't always work, depending on who is your ISP).
A full scan checks everything, everywhere, while the real-time scanner only looks for active files.
It's described here: http://vil.nai.com/vil/content/v_142494.htm
There is also the off-chance that it was a false alarm.
Yes, exactly the same folder. The entry was there, in the top drawer, in fact. I checked it and also checked the 'Remove' information tab.
I later carried out a Quick scan and after that the folder was empty. I can understand why the quick scan may not see everything, obviously, but I cannot understand why that would have any effect on the contents of a quarantine folder.
I'll carry out another full scan and check if anything is found. Incidentally there was some information somewhere that I found that seemed to imply that the latest DAT files and engine can automatically clear this trojan.
Just completed a Full scan which comes back clean.
All Quarantine drawers are empty now. It looks likely that this was a false positive after all.
Ah well I guess you can relax for a while then, all the best. ;-)
That is puzzling though seeing an item in Quarantine that erases itself. Maybe VirusScan changed its mind?
If that is possible. I'm beginning to think anything is possible lately.
Thanks for your responses.
Downloader.BCS has been around for years but is still going. McAfee has had a detection for it since 2007 - see http://vil.nai.com/vil/content/v_142494.htm
Someone reported a McAfee detection of this recently at techsupportforum.com but does not say if it disappeared from quarantine :
Well for the first time in SUCH a long time, McAfee picked up a virus/Trojan. The Trojan was "downloader-bcs". And when McAfee picked it up, it was quarantined immediately (well I hope it was immediately LOL).
Rather alarmingly, there was a recent post in these forums (which went unanswered, unfortunately) also reporting that this Trojan was somehow missed by McAfee real-time scanning; so there is an infection method which is allowing the malware to be installed. The poster reports other malware picked up by a Full Scan :
I am running Windows 7 Home Premium 64-bit version with Internet Explorer 8 and automatic updates and user access control enabled. On 4/22, a manual full scan byMcAfee Security Center found Downloader-BCS in:
Subsequently, a manual full scan by Microsoft Safety Scanner also found TrojanDownloader:Java/OpenConnection.HH in
as well as Exploit:Java/CVE-2010-0840.AJ in
Edit : I should have read the original post more closely. It says the Downloader was found after a Full Scan but does not mention any other malware. So another Full Scan (as originally advised) may not be necessary.
Yes, a second full scan came back clean, but the original report also referred to the C:\Users\[username]\AppData\LocalLow\Sun\Java\Deployment\cache location.
I still wonder if it was some form of false positive. I recall coming across something similar some years ago with some Epson software, which was reported as a virus. I checked this out and reran the scan, (not McAfee), a few days later and it had 'disappeared'.
One would hope that McAfee is capable of dealing with an old established piece of malware, but you do occasionally see rather disparaging comments in the computer press about McAfee cabilities.
There again, I suppose no product is perfect; certainly with a competitor product I experienced all sorts of odd issues, not least, and the final straw for me, was the disabling of all internet connection on one computer. Instant solution was to dump it and use a different product.
It may not be a false positive. The Java Exploit the other poster referred to can occur if the latest Java updates haven't been installed - see this Microsoft Malware Protection Center page for details. It gets installed because of a known (and patched) Java vulnerability, CVE-2010-0840.
When a user visits a website that contains the class using a computer that has a vulnerable version of Sun Java, security checks may be bypassed, allowing arbitrary code to be executed.
SymptomsAlert notifications or detections of this malware from installed antivirus or security software may be the only other symptoms.