3 Replies Latest reply on Oct 21, 2008 12:12 PM by Grif

    False detection of conime.exe

      The 5410 dat files have been released early due to a DAT Issue Emergency with the
      5409 DAT Files.

      The reason for this DAT Issue Emergency is a false detection (PWS-LegMir) on the following file:

      Filename: conime.exe
      MD5: F96EBC5A624349D81DCC7600A3C5DC43
      Association: Microsoft Windows Vista

      The VIL has been updated to reflect information on this issue: http://vil.nai.com/vil/content/v_100683.htm

      The various 5410 dat file packages can be found at http://www.mcafee.com/apps/downloads/security_updates/dat.asp



      As of yet they still haven't updated the web page to reflect the new pattern files. The pulls from the master respository also haven't ben updated.
        • 1. RE: False detection of conime.exe
          twenden
          In our EPO reports, I can see 10 systems that have had the conime.exe removed by McAfee. All these systems are running Windows Vista. What does this file do to Vista, is is a necessary file?

          If so, what is the best way to restore this file back using EPO?
          • 2. RE: False detection of conime.exe
            tonyb99
            the file itself provides console IME (input method editor) support for asian language in vista.
            processes of the same name may indicate various malware:

            Note: conime.exe could also be a process which is registered as the Input Method Editor Remote administration backdoor tool. This backdoor application can allow attackers to access your computer, stealing passwords and personal data. This process is a security risk and should be removed from your system.

            Note! If your system is using a non western language this can be a legitimate entry.

            Determining whether conime.exe is a virus or a legitimate Windows process depends on the directory location it executes or runs from
            • 3. RE: False detection of conime.exe
              For restoring the conime.exe file, see the instructions given in this post by a McAfee Tech. A download link is provided for the file.

              http://community.mcafee.com/showpost.php?p=535983&postcount=2

              The "extra dat" instructions are for the retail versions of VirusScan but the "conime.exe" file should be appropriate for any situation.

              Hope this helps.

              Grif