2 Replies Latest reply on Jun 3, 2011 6:50 AM by Tsurugi_Matsuda

    False Positive Trojan - Generic.dx!gnb HELP

      I have a Dell Notebook Running Windows 7 Ultimate Service Pack 1.

      False Positive is regarding to some Game Trainers I have downloaded.

       

      McAfee has claimed that it detected a Trojan Horse that resides in the application itself (.exe file) and deletes it.

      But I have previously run the exact same application on a older Dell Computer that runs on Windows XP SP3 with AVG Free installed without any problems or infections for years.

       

      Details are as follows:

      Product Information

      Product: McAfee Security Center 2010 provided by Dell

      Product Version: 10.5

      VirusScan Version: 14.5

      DAT/Signature Version (VirusScan): 6355

      Engine Version (VirusScan): 5400.1158

       

      Malware Information

      Detection Name: Generic.dx!gnb

      Scanned by: McAfee Security Center Real-Time Protection

      Filename: asx-p15-mmx8.exe

      Issue: False Positive

      Reason: Checked the file with VirusTotal website, and only 12 of 40 Antivirus/Internet Security Software detects virus inside file. Previously sent to McAfee Avert Labs and it still insisted there is a virus inside. False Positive might be due to the application's DirectX-compatible coding that resembles that of a Trojan.

       

      In fact, quite a lot of Game Trainers have been affected by both McAfee and Symantec products and have been raised in many of those sites that provide support for the trainers. Main effects include incomplete functionality of the trainers or even Trojan Horse detection.

        • 1. Re: False Positive Trojan - Generic.dx!gnb HELP
          Nitin Kumar

          Hi,

           

          Please provide the Id here you have received when you submitted it to McAfee Labs.

           

          Regards,

          Nitin

          • 2. Re: False Positive Trojan - Generic.dx!gnb HELP

            This is the id that I have received when I re-submitted the same file to McAfee Avert Labs a few minutes ago: 6641714.

            Currently awaiting result but should be the same as the file I submitted somewhere in March 2011.

             

            Since the executable file is automatically deleted when it's extracted, I have no choice but to upload the entire compressed folder that has the file inside to Avert Labs. One file will have an inconclusive result so focus on the executable file inside instead.

             

            Update: It has been a week and no one bothers about this false positive anymore. I really hope a seperate sub-forum should be set-up specifically for Generic-class trojan horses because there are at least 9 out of 10 McAfee Users who uses Game Trainers would have gone through the extreme pain of having their precious trainers removed against their will just because of too many false positives. And it is very serious to the extent that many users have considered getting alternate Antivirus Programs in place of McAfee even before their licences expire.

            As a sidenote, McAfee. Symantec, AVG and Trend Micro are the four main BLACKLISTED Antivirus Brands by major Game Trainer Sites in the internet for their inaccurate detection of viruses that really do harm, too many False Positive Hits and inability to properly whitelist those programs that work so well with other minor Antivirus Brands.

            Message was edited by: Tsurugi_Matsuda on 5/24/11 11:53:52 AM CDT

             

            Message was edited by: Tsurugi_Matsuda on 6/3/11 6:50:38 AM CDT