5 Replies Latest reply on Nov 21, 2011 10:59 AM by alex_n

    False Positive--mluser32.dll--GetSusp Uploaded.

      Hello team!

       

      "mluser32.dll"

       

      This is a file needed to run an accountancy program.

      It is a FALSE POSITIVE case.

       

      11/17/2011

      Work Item ID: 341006

      Filename: mluser32.dll

       

      Type: trojan

       

       

      But file its perfectly safe, trusted, and needed to run an accountance software, that has been used for 14 years now.

       

       

      Can you review and return an update???

       

       

      Thank you very much in advance!!

        • 1. Re: False Positive--mluser32.dll--GetSusp Uploaded.

          Labs answered this:

           

          McAfee Labs Sample Analysis

          McAfee Labs, Automation

           

          Thank you for submitting your suspicious file(s) through the GetSusp tool. We have determined that the following submissions are handled by our AV signature DAT files.

           

                  Reference  : (Escalation) 6785162

                  ---------------------------------

                  

                  File Name                    Findings            Detection               Type              

                  =========                    ========            =========               ====              

                  mluser32.dl_                 detected            generic.dx!bajm         trojan            

                 

                  

           

          DAT version 6531 provides cover against all of the submissions shown above.

           

          Solution -

           

          To ensure that you have the maximum available capability of detecting and cleaning this malware on your system, please make sure you have the latest engine.

           

          DAT updates are available at: http://www.mcafee.com/apps/downloads/security_updates/dat.asp

           

          Support -

           

          Virus Research accepts file-samples for analysis and possible inclusion into AV signature DAT sets. 

           

          All product-related questions and comments can be addressed through technical support and customer service, including:

           

          * Product installation and update questions

          * Product usage questions

          * Specific operating system/version questions

          * Assistance with detection and cleaning or removal of viruses or trojans

           

          Please use the following link to reach our technical support group for McAfee products.

           

          Business Customers:

          <http://www.mcafee.com/us/support.aspx>

           

          Home Customers:

          <http://home.mcafee.com/root/support.aspx>

           

          Regards,

           

          McAfee Labs

          --------------------------

          McAfee Labs Blog <http://blogs.mcafee.com/mcafee-labs>

          AudioParasitics - The Official PodCast of McAfee Labs <http://podcasts.mcafee.com/audioparasitics/>

          --------------------------

           

           

           

          BUT, this is not an infection, or a trojan.

          This is a safe file that its needed to work on accountancy.

           

          We already replied to that email with the word "False" (minus the "")

           

           

          I hope this works ok.

           

           

          Thanks.

          • 2. Re: False Positive--mluser32.dll--GetSusp Uploaded.
            Hayton

            http://www.gecom.com.ar/Descargar/contenido.htm

             

            mluser32.dll : downloaded and submitted to VirusScan. Clean (0/42) - see

            http://www.virustotal.com/file-scan/report.html?id=0b98b6993e95c404f6deee5dc60c0 a4dcbfd819c4e3b9426c0f45b8a226946b9-1321571907

             

            (Edit) But also see http://r.virscan.org/b80bfebb9627d19c6d9b4ad80613fda9 (2009) - perhaps it depends where the file comes from or when it was created or modified.

             

            Wait for a response from the labs, see what they say.

             

            Message was edited by: Hayton on 17/11/11 23:36:47 GMT
            1 of 1 people found this helpful
            • 3. Re: False Positive--mluser32.dll--GetSusp Uploaded.
              Vinod R

              Flagging off to someone

              • 4. Re: False Positive--mluser32.dll--GetSusp Uploaded.

                Guys,

                we received the extra.dat file.

                 

                OK.

                 

                But, we cant seem to find the folder containing the   McScan32.dll    file we were instructed to look for via Search tool, for pasting the new file into that folder.

                 

                Also, I search the sugested link 

                http://vil.mcafeesecurity.com/vil/systemhelpdocs/extradat.aspx

                 

                where I found the following path to copy/paste the new extra.dat file:

                • Double click on the Program Files folder.
                • Double click on the Common Files folder.
                • Double click on the Network Associates folder.
                • Double click on VirusScan Engine folder.
                • Double click on the 4.0.xx.

                 

                But again, imposible to find.   We dont have the Network Associates folder.    Isnt that location (document) outdated???

                 

                What should we do?

                Is it necesary to manually copy that file? Or can we wait for the automatic MTP update??

                 

                Here are the instructions via email received yesterday:

                 

                "McAfee Labs Sample Analysis

                Issue Number: 6785162 Virus Researcher: Showvik Chakraborty

                Filename: mluser32.dl_

                Detected as Generic.dx!bajm in DAT: 6534

                Identified: No Virus/Trojan

                 

                McAfee Labs, McAfee Labs, Bangalore, India

                Thank you for submitting your suspicious file.

                 

                Synopsis -

                Our Senior Virus Research Engineers have examined the file in question and no virus was found.

                 

                Solution -

                Attached is an extra.dat with correct detection. This correction will be included in the next DAT update.

                 

                EXTRA.DAT

                 

                This should be used with any of the McAfee AV Scanners.

                The file should be copied into the directory where the other DAT files reside.

                Using the find/search utility on your computer search for the following file:

                McScan32.dll

                 

                Then copy the Extra.dat we have sent you to the same folder where one of the above is located.

                Once you have copied the file, reboot the system for the driver to be loaded.

                 

                Further information about Extra.DATs can be found at http://vil.mcafeesecurity.com/vil/systemhelpdocs/extradat.aspx.

                 

                Solution -

                To ensure that you have the maximum available capability of detecting and cleaning this malware on your system, please make sure you have the latest engine.

                 

                DAT updates are available at: http://www.mcafee.com/apps/downloads/security_updates/dat.asp

                 

                Support -

                Virus Research accepts file-samples for analysis and possible inclusion into AV signature DAT sets.

                 

                Regards,

                McAfee Labs"

                 

                 

                That´s it.

                 

                I think we are almost there, but this one last fundamental thing is missing.

                 

                Thanks for all the support!!

                 

                 

                El mensaje fue editado por: alex_n on 21/11/11 10:06:34 AM CST
                • 5. Re: False Positive--mluser32.dll--GetSusp Uploaded.

                  Issue Solved!

                   

                  Despite not being able to manually copy and paste the extra.dat file,  the automatic update was succesfull and now the accountacy software is able to run without problems.

                   

                   

                  So, everything ended up perfect.

                   

                   

                  Thank you guys for all the help.