Found this showing that McAffee does not pick this up but others do. Is there a way to alert them to this, I noticed a note saying they don't patrol these threads. ADMIN??
VirSCAN.org Scanned Report :
Scanned time : 2008/09/12 12:50:31 (EST)
Scanner results: 42% Scanner(15/36) found malware!
File Name : m.exe
File Size : 177783 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 16c85cafe5ea5e693eb24bc3169182ee
SHA1 : d8104fa6030449f2cc90123028497e47b40f0b42
Online report : http://virscan.org/report/26521c2860fd9505c697955e68ceace4.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 220.127.116.11 2008.09.10 2008-09-10 1.42 -
AhnLab V3 2008.09.12.01 2008.09.12 2008-09-12 0.94 -
AntiVir 18.104.22.168 22.214.171.124 2008-09-11 2.30 TR/Spy.Gen
Arcavir 1.0.5 200809111947 2008-09-11 1.38 -
AVAST! 3.0.1 080911-0 2008-09-11 0.01 Win32:Spyware-gen [Trj]
AVG 126.96.36.1992 270.6.21/1667 2008-09-11 1.59 SHeur.CDWG
BitDefender 7.60825.1752851 7.20900 2008-09-12 3.02 -
CA (VET) 188.8.131.52 31.6.6085 2008-09-11 2.79 -
ClamAV 0.94 8220 2008-09-12 0.10 -
Comodo 2.11 184.108.40.2063 2008-09-11 0.46 -
CP Secure 220.127.116.115 2008.09.12 2008-09-12 7.18 -
Dr.Web 18.104.22.16870 2008.09.11 2008-09-11 3.17 Trojan.DownLoad.3854
ewido 22.214.171.124 2008.09.11 2008-09-11 2.86 -
F-Prot 126.96.36.199 20080911 2008-09-11 1.07 -
F-Secure 5.51.6100 2008.09.11.13 2008-09-11 1.96 Trojan.Win32.Qhost.kka [AVP]
Fortinet 2.81-3.113 9.538 2008-09-11 0.23 Suspicious
ViRobot 20080911 2008.09.11 2008-09-11 0.40 Trojan.Win32.Qhost.177693
Ikarus T3.1.01.34 2008.09.11.71439 2008-09-11 3.44 AdWare.Win32.BHO.atu
JiangMin 11.0.706 2008.09.11 2008-09-11 1.33 Trojan/Qhost.aoa
Kaspersky 5.5.10 2008.09.12 2008-09-12 0.13 Trojan.Win32.Qhost.kka
KingSoft 2008.1.14.15 2008.9.12.10 2008-09-12 0.88 -
McAfee 5.3.00 5382 2008-09-11 1.98 -
Microsoft 1.3903 2008.09.12 2008-09-12 3.97 Trojan:Win32/Boolwark.A
mks_vir 2.01 2008.09.12 2008-09-12 2.73 -
Norman 5.93.01 5.93.00 2008-09-11 5.23 W32/Qhost.EHT
Panda 9.05.01 2008.09.11 2008-09-11 3.00 -
Trend Micro 8.700-1004 5.536.09 2008-09-11 0.07 -
Quick Heal 9.50 2008.09.11 2008-09-11 2.05 Trojan.Qhost.kka
Rising 20.0 20.61.32.00 2008-09-11 1.45 -
Sophos 2.78.0 4.33 2008-09-12 1.89 -
Sunbelt 3.1.1628.1 2227 2008-09-11 0.65 -
Symantec 188.8.131.52 20080911.003 2008-09-11 0.18 -
nProtect 2008-09-11.00 2101015 2008-09-11 4.24 -
The Hacker 184.108.40.206 v00077 2008-09-09 0.43 Trojan/Qhost.kkb
VBA32 220.127.116.11 20080910.0550 2008-09-10 1.12 Trojan.Win32.Qhost.kkb
VirusBuster 18.104.22.168 10.87.9/624027 2008-09-11 1.29 -
i have exactly the same problem with a trojan in dan.exe.
i had to remove it with an eval copy auf another anti-virus.
they responded within 7 hours, mcafee webimmune did nothing til now.
i send them the file 4 days ago.
i very disappointed about that...
Thanks Tonyb99, I had not come across that in the FAQ's. Must of not looked hard enough. Well I took your advise and uploaded the file noting the other AV's that have picked it up, Webimmune came back as inconclusive.
To D-Fens, who were you saying replied to you in 7 hours? I had submitted my problem also via the web help last week and my response came this morning which was to take screenshots of; add/remove programs, program files folders, task list, task bar programs, McAfee about screen & system tray.... Will see how WebImmune responds. Thanks guys.
avira (www.avira.com) responded so fast. i was informed of every step til they included the definitions into the DATs.
it scored very good at http://www.av-comparatives.org/ , thats why i tried it.
in comparison to mcafee, its also quite fast...
i wish mcafee could update their DATs a few times a day, like almost every other AV company does.
i already asked mcafee about that, they responded that they will release an emergency DAT as needed, but thats not what i wanted to know wink i remember that with engine 5200 it's possible to have inter-day updates...?
especially no updates of DATs on the weekend are a pain, my company is opened on weekends ;)
they should at least update the DATs in the morning on mondays or something like that.
about webimmune: i have no response from mcafee about my trojan, and right now there's no update on that.
my spam-filter is disabled, just to make that sure ;)
four days after i sent the file via the webimmune webinterface to mcafee,
i wrote an e-mail to firstname.lastname@example.org with my analysis ID to get a status report on that or maybe even an extra.dat, but nothing happend.
i need a fast responding AV-company, so that there is no impact on the daily business.
right now, mcafee is not what i expect from a major AV-company.
not to mention the performance with patch 6 and VSE 8.5i.
hopefully patch 7 fixes that in october :)
AVERT Labs - Beaverton
Current Scan Engine Version:5300.2777
Current DAT Version:5379.0000
Thank you for your submission.
Name Findings Detection Type Extra
dan.exe inconclusive no
inconclusive [ dan.exe ]
Upon analysis the file submitted does not appear to contain one of the 200,000 known threats in the AutoImmune database. The file may contain a new threat, or no code capable of being infected. Your submission is being forwarded to an Avert Labs Researcher for further analysis. You will be contacted by AVERT through e-mail with the results of that analysis.
Ahh Avira.. Just yesterday I made a linux boot usb AV scanner using their engine and definitions from the recovery iso available on the net for free. Picked up my trojan no worries.
I actually agree with your points on McAfee, at times the service feels a little below par when comparing against other major AV companies on the market. Also my webimmune analysis, like yours, is without reply so far but I might also try my luck with the research address. I am sitting without an update an resorting to re-imaging and manually removing the trojan from usb's although they are getting infected quicker than I can remove.
hi troywedy, look at the new comparison on http://www.av-comparatives.org published yesterday.
AVIRA scored very good! i bought a antivir license yesterday, to get rid of 1 trojan and 1 keylogger which AVERT didn't update yet. (i sent them the trojan 7 day ago and the keylogger 5 days) you can use the with the command line scanner available here: http://www.avira.com/en/support/support_downloads.html
maybe you could use the command line scanner via netlogon to make the removal more comfortable?
They do a nice bootable CD there on antivira (see prev link aswell)
Avira AntiVir Rescue System
The Avira AntiVir Rescue System a linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to repair a damaged system, to rescue data or to scan the system for virus infections. Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer. The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available.
Hey D-Fens i did check that out after you said, I'm quite happy with what I have used of it. Also McAfee finally updated to DAT 5384 as of 1030 yesterday to include my trojan although I am still weary as it will not pick it up on a direct manual scan, only when the trojan is trying to execute or bind itself. Eiter way it is stopping it from auto running and I have re-imaged all pc's. Thing is my webimmune has still not been updated and no response from the emails I have sent! Pis Poor.
Thats the one I used tonyb99, but from this link it has the files to extract and create the bootable usb drive. It scanned my trojan no worries and was quick.
USB bootable scanner