This content has been marked as final. Show 7 replies
Good afternoon. We experienced multiple detections of the Generic.dx!byi threat on 38 of our corporate PCs, all involving a file called csc.exe that was part of the PC's Bloomberg install.
Fortunately, this file (that is located in the c:\blp\Wintrv\Smartclient\400000130004e9618f0768606a53h directory) is a non-critical file for use with the application, otherwise a third of our trading floor PCs wouldnt be working come Monday morning - not a pleasent scenario.
The threat Generic.dx!byi was first defined in DAT 5701 (last Friday's update - Avert lab article is here: http://vil.nai.com/vil/content/v_195868.htm ), and the detections were picked up on our usual Saturday morning PC scan.
If anyone has any information about this threat or if they have had similiar detections in such a directory please can they post in this thread. We need to gain more information as we have to report to the board why there was a big spike in malware detections at the weekend.
If that csc.exe file is a legitimate file, has anyone contacted McAfee support or Avert Labs to report a possible false detection?
I have asked our suppliers to investigate further. Havent heard anything back from them. If I do I'll post here.
We just heard from Bloomberg that they and McAfee identified a false positive issue with csc.exe. This was fixed in later DATs.
Very disappointed in the lack of communication from McAfee regarding this. It could have been crippling for our trade floor of it was a critical file.
THX, which DAT exactly was corrupt and which was repaired?
Our detecting DAT for the false positives was 5701.
If you're using McAfee products in a corporate environment and can afford their Platinum Support, they'll send you notices when such things like this occur (if it affects a large amount of customers). It's pricey but well worth it.