6 Replies Latest reply on Apr 3, 2008 6:09 AM by tonyb99

    Mcafee Total Protection issues

      Hi,
      we are using mcafee total protection, i have noticed two issues with this product.

      (1)every time i open outlook, mcafee detects a file 57.htm , and it gives you the option to "manage the detection" which i do, i then clean the offending file. but the next time i start outlook i have to do the same thing. it never actually gets rid of the issue.

      (2)2-3 times a week, shortly after the pc starts up, mcafee takes up to 95% of the cpu usage. hanging the pc in the process. i then have to kill mcafee to get the pc to work, which obviously isnt ideal.

      Any suggestions?

      Thanks
      Damien

        • 1. RE: Mcafee Total Protection issues
          tonyb99
          Mcafee Total Protection is the name given to mcafee coporate offering (long before they decided to call the consumer one that) as the user is using Outlook I would assume he is corporate not consumer.

          IN which case.

          1) check your logs and post what virus is being detected for 57.htm
          2) this is VSE doing its dat update, it may run up to 100% CPU for up to 3 minutes depending on what else you have running.
          • 2. info and thanks...
            Hi Tony
            you are correct, i am using outlook in a coporate enviorment.
            thanks for the info on the update.

            regarding the log, where are theses located?

            is it under the "view PUP detections?"

            Regards
            Damien
            • 3. RE: info and thanks...
              tonyb99
              you can view the logs from right clicking on the relevant bit ( eg on access scanner) in the VSE console and choosing the log.

              you can also see all the logs in one place either here:
              C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection

              or here:
              C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan
              • 4. RE: Mcafee Total Protection issues
                When u r getting the popup for cleaning, kindly note the virus name and let me know
                • 5. info
                  Hi guys,
                  sorry about the delay in responding, the user was away with his laptop, only got it back now.

                  heres the info that mcafee continually brings up, when out look starts.

                  Detection : exploit-mime.gen.c
                  action : no action taken
                  object :57.htm
                  Location :C:\ doc....\.ole


                  on the users machine, there is no information or logs under the followin
                  C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
                  C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan

                  when you go to manage pup detections, it allways brings back about 6 detections of the 57.htm file, all located at the following location.
                  C:\Documents and Settings\dbrennan\Local Settings\Temp\eas-11184-531536\eas-11184-531536\57.ole\57.ole


                  the eas bit of the above directory is with the zantac email archive program that runs on outlook start up also.

                  Hope this helps.

                  Thanks
                  Damien
                  • 6. RE: info
                    tonyb99
                    -- Update September 20, 2003 --
                    AVERT has received serveral submissions of emails which are generically detected as Exploit-MIME.gen.c. On examination these files have been found to be emails sent by W32/Swen@MM , which attempts to use this exploit in some cases. These emails are normally detected as Exploit-MIME.gen.exe. However if the email has passed through an email based Anti-Virus scanner the attachment will have been removed resulting in an email that just contains the exploit code but no attachment, and this is triggering the Exploit-MIME.gen.c detection.
                    This generic detection covers email message files which exploit the Microsoft Incorrect MIME Header vulnerability. This vulnerability allows attached executable files to be run when a message is simply viewed. Several common viruses make use of this exploit, including W32/Badtrans@MM, W32/Nimda.gen@MM, and W32/Klez.gen@MM.

                    For more information on this exploit and a patch, visit http://www.microsoft.com/technet/security/bulletin/MS01-020.mspx
                    As this is a generic detection which may cover many different trojans and viruses, it is not possible to specify any further details or symptoms of this threat.