2 Replies Latest reply on Apr 16, 2012 4:04 AM by mjmurra

    Boot sector infection display / blacklisted file

      Had a strange computer today. VSE detected (but couldn't clean) a Boot Sector Infection on MBR 1. This computer had VSE 8.7i.

       

      Ran Getsusp, it also detected the boot sector infection, but displays it strangely (not really explained as an infection - just a suspicious file).

      Also on that scan, it said that mcscan32.dll was "blacklisted".

       

      Force installed VSE 8.8 onto the machine, and later on did a full scan, scan came back ok. A later iteration of Getsusp only found 1 MBR (First scan found 2), and Mscan32 was no longer blacklisted.

       

      The infected boot sector isn't really obvious in the results (no colour coding/shading), and what caused the "blacklisted file:?

       

      Details:

      McAfee Labs(r) GetSusp(tm) Version 3.0.0.226 built on Nov 17 2011

      Copyright (c) 2011 McAfee, Inc. All Rights Reserved.

      This product is outdated.

       

      GetSusp initiated on Mon Apr 16 11:15:14 2012

       

       

      Master Boot Record is infected with the Chan virus !!!

        Master Boot Record(s):....2

        Possibly Infected:.............1

        Boot Sector(s):.................1

        Possibly Infected: ............0

       

      <snip>

      C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll ... is Suspicious !!!

      <continues>

       

       

      Suspicious Files

      Status

      MD5

      Location

      File Name

      Attribute

      Company

      Description

      Product Version

      File Version

      File Size

      Creation Date

      Modification Date

      Type

      Scan Error

      Chan



      Master Boot Record










      UNKNOWN

      <removed>

      <removed - internal corporate file><removed>

      A

      <removed><removed>

      0.0.0.0

      0.0.0.0

      204,800

      04/16/2012 09:04

      04/16/2012 09:04

      Module

      Blacklisted

      1957c5c463bcdc21f374523fd32a3115

      C:\Program Files\Common Files\McAfee\Engine

      mcscan32.dll

      A

      McAfee, Inc.

      AV Scanning Engine

      5.4.00

      5.4.00

      3,182,712

      05/18/2010 15:45

      07/31/2009 05:40

      Module

      Unknown Files

       

      Message was edited by: mjmurra on 16/04/12 6:55:39 PM