7 Replies Latest reply on Aug 12, 2009 7:17 AM by DV27

    Generic.dx Trojan

      hi

      We have mcafee Enterprise 8.7i installed
      We're still getting on our WIN2k, WIN2k3 server and WIN2k clients these trojans:

      Generic.dx!byi
      Generic.dx!cbo


      Why mcafee cannot stop or prevent from getting them?
        • 1. RE: Generic.dx Trojan
          Good afternoon. We experienced multiple detections of the Generic.dx!byi threat on 38 of our corporate PCs, all involving a file called csc.exe that was part of the PC's Bloomberg install.

          Fortunately, this file (that is located in the c:\blp\Wintrv\Smartclient\400000130004e9618f0768606a53h directory) is a non-critical file for use with the application, otherwise a third of our trading floor PCs wouldnt be working come Monday morning - not a pleasent scenario.

          The threat Generic.dx!byi was first defined in DAT 5701 (last Friday's update - Avert lab article is here: http://vil.nai.com/vil/content/v_195868.htm ), and the detections were picked up on our usual Saturday morning PC scan.

          If anyone has any information about this threat or if they have had similiar detections in such a directory please can they post in this thread. We need to gain more information as we have to report to the board why there was a big spike in malware detections at the weekend.

          Thanks

          DV27
          • 2. RE: Generic.dx Trojan
            dustrho
            If that csc.exe file is a legitimate file, has anyone contacted McAfee support or Avert Labs to report a possible false detection?
            • 3. RE: Generic.dx Trojan
              I have asked our suppliers to investigate further. Havent heard anything back from them. If I do I'll post here.
              • 4. RE: Generic.dx Trojan
                We just heard from Bloomberg that they and McAfee identified a false positive issue with csc.exe. This was fixed in later DATs.

                Very disappointed in the lack of communication from McAfee regarding this. It could have been crippling for our trade floor of it was a critical file.
                • 5. RE: Generic.dx Trojan
                  THX, which DAT exactly was corrupt and which was repaired?
                  • 6. RE: Generic.dx Trojan
                    Our detecting DAT for the false positives was 5701.
                    • 7. RE: Generic.dx Trojan
                      dustrho


                      If you're using McAfee products in a corporate environment and can afford their Platinum Support, they'll send you notices when such things like this occur (if it affects a large amount of customers). It's pricey but well worth it.