 |
|
|
|
Next: McAfee antivirus moving a VB6Program.exe into C:Q..
|
| Author |
Message |
External
Since: Apr 13, 2007
Posts: 2
|
(Msg. 1) Posted: Fri Apr 13, 2007 12:17 am
Post subject: McAfee is moving program's exe into Quarantine folder
Archived from groups: alt>comp>virus, others (more info?)
|
|
|
Hi All,
We have a program developed in VB6 and installed on hundreds of users
scattered around the world. This program is automatically run by an NT
service once a day. It's been running fine for the last 4-5 years.
Please note that all the users have exactly the same operating
environment, i.e. McAfee virus scan 8.0, OS is Windows XP SP2 and MS
office 2003 SP1.
Now SOME of the users have experienced a problem. The McAfee Virus
scan is moving the program's exe into C:\Quarantine folder and
renaming it to *.vir
Can you please advise why this problem is caused?
Regards,
FK |
|
| Back to top |
|
 | |
External
Since: Apr 13, 2007
Posts: 2
|
(Msg. 2) Posted: Fri Apr 13, 2007 5:23 am
Post subject: Re: McAfee is moving program's exe into Quarantine folder [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Apr 13, 1:12 pm, "Marcin Domaslawski" <mila....RemoveThis@wp.pl> wrote:
> Hi,
>
> McAfeedetected an malware code inside your file. Question is if on every
> system file is detected or only on some.
> First case is caused by similiar malware signature inMcAfee'sdatabase -
> you can contact withMcAfeeand register a false positive
> 2nd case: can be caused by incorrect work of antivirus e.g. by damaged virus
> signatures database. I met with that situation with Kaspersky AV. Try
> re-download all database.
>
> Marcin Domaslawski
>
> Uzytkownik <its_f....RemoveThis@hotmail.com> napisal w wiadomoscinews:1176448629.245440.276850@e65g2000hsc.googlegroups.com...
>
>
>
> > Hi All,
>
> > We have aprogramdeveloped in VB6 and installed on hundreds of users
> > scattered around the world. Thisprogramis automatically run by an NT
> > service once a day. It's been running fine for the last 4-5 years.
>
> > Please note that all the users have exactly the same operating
> > environment, i.e.McAfeevirus scan 8.0, OS is Windows XP SP2 and MS
> > office 2003 SP1.
>
> > Now SOME of the users have experienced a problem. TheMcAfeeVirus
> > scan ismovingtheprogram'sexeintoC:\Quarantinefolderand
> > renaming it to *.vir
>
> > Can you please advise why this problem is caused?
>
> > Regards,
>
> > FK- Hide quoted text -
>
> - Show quoted text -
I have just come to know that the executable is being detected as
malware just because it is using "RegCreateKeyEx" API to add a value
under "RunOnce" registry key.
Can you please tell a solution to this? I need to enter an entry under
"RunOnce" key.
Regards,
FK |
|
| Back to top |
|
| |
External
Since: Apr 13, 2007
Posts: 1
|
(Msg. 3) Posted: Fri Apr 13, 2007 5:24 am
Post subject: Re: McAfee is moving program's exe into Quarantine folder [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Hi,
McAfee detected an malware code inside your file. Question is if on every
system file is detected or only on some.
First case is caused by similiar malware signature in McAfee's database -
you can contact with McAfee and register a false positive
2nd case: can be caused by incorrect work of antivirus e.g. by damaged virus
signatures database. I met with that situation with Kaspersky AV. Try
re-download all database.
Marcin Domaslawski
Uzytkownik <its_faiz.RemoveThis@hotmail.com> napisal w wiadomosci
news:1176448629.245440.276850@e65g2000hsc.googlegroups.com...
> Hi All,
>
> We have a program developed in VB6 and installed on hundreds of users
> scattered around the world. This program is automatically run by an NT
> service once a day. It's been running fine for the last 4-5 years.
>
> Please note that all the users have exactly the same operating
> environment, i.e. McAfee virus scan 8.0, OS is Windows XP SP2 and MS
> office 2003 SP1.
>
> Now SOME of the users have experienced a problem. The McAfee Virus
> scan is moving the program's exe into C:\Quarantine folder and
> renaming it to *.vir
>
> Can you please advise why this problem is caused?
>
> Regards,
>
> FK
> >> Stay informed about: McAfee is moving program's exe into Quarantine folder |
|
| Back to top |
|
| |
External
Since: Jul 04, 2003
Posts: 1728
|
(Msg. 4) Posted: Fri Apr 13, 2007 10:54 am
Post subject: Re: McAfee is moving program's exe into Quarantine folder [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
From: <its_faiz.TakeThisOut@hotmail.com>
| Hi All,
| We have a program developed in VB6 and installed on hundreds of users
| scattered around the world. This program is automatically run by an NT
| service once a day. It's been running fine for the last 4-5 years.
| Please note that all the users have exactly the same operating
| environment, i.e. McAfee virus scan 8.0, OS is Windows XP SP2 and MS
| office 2003 SP1.
| Now SOME of the users have experienced a problem. The McAfee Virus
| scan is moving the program's exe into C:\Quarantine folder and
| renaming it to *.vir
| Can you please advise why this problem is caused?
| Regards,
| FK
Assuming your author created a good ptrogram and not malware, submit the files being
falsely detected to McAfee via the email addtress virus_research.TakeThisOut@avertlabs.com and in the
subject of the email use "False Positive on VB6 software" and in the body of the email
state your case why you believe the attached files are not malware.
Attach all the files deemed malware (and you haven't posted what they were declared as) in
password protected ZIP file with the password being; infected { password = infected }
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm >> Stay informed about: McAfee is moving program's exe into Quarantine folder |
|
| Back to top |
|
| |
External
Since: Apr 13, 2007
Posts: 1
|
(Msg. 5) Posted: Fri Apr 13, 2007 1:20 pm
Post subject: Re: McAfee is moving program's exe into Quarantine folder [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Hello,
Assuming the program is not malware I would not attempt to make any changes
to it.
Instead, follow David's advice and contact McAfee. If the program is not
malware they should be willing to update their definitions so the program is
no longer being flagged as malware.
--
Zephyr
<its_faiz DeleteThis @hotmail.com> wrote in message
news:1176467034.276901.42840@n59g2000hsh.googlegroups.com...
> On Apr 13, 1:12 pm, "Marcin Domaslawski" <mila... DeleteThis @wp.pl> wrote:
>> Hi,
>>
>> McAfeedetected an malware code inside your file. Question is if on every
>> system file is detected or only on some.
>> First case is caused by similiar malware signature inMcAfee'sdatabase -
>> you can contact withMcAfeeand register a false positive
>> 2nd case: can be caused by incorrect work of antivirus e.g. by damaged
>> virus
>> signatures database. I met with that situation with Kaspersky AV. Try
>> re-download all database.
>>
>> Marcin Domaslawski
>>
>> Uzytkownik <its_f... DeleteThis @hotmail.com> napisal w
>> wiadomoscinews:1176448629.245440.276850@e65g2000hsc.googlegroups.com...
>>
>>
>>
>> > Hi All,
>>
>> > We have aprogramdeveloped in VB6 and installed on hundreds of users
>> > scattered around the world. Thisprogramis automatically run by an NT
>> > service once a day. It's been running fine for the last 4-5 years.
>>
>> > Please note that all the users have exactly the same operating
>> > environment, i.e.McAfeevirus scan 8.0, OS is Windows XP SP2 and MS
>> > office 2003 SP1.
>>
>> > Now SOME of the users have experienced a problem. TheMcAfeeVirus
>> > scan ismovingtheprogram'sexeintoC:\Quarantinefolderand
>> > renaming it to *.vir
>>
>> > Can you please advise why this problem is caused?
>>
>> > Regards,
>>
>> > FK- Hide quoted text -
>>
>> - Show quoted text -
>
> I have just come to know that the executable is being detected as
> malware just because it is using "RegCreateKeyEx" API to add a value
> under "RunOnce" registry key.
>
> Can you please tell a solution to this? I need to enter an entry under
> "RunOnce" key.
>
> Regards,
>
> FK
> >> Stay informed about: McAfee is moving program's exe into Quarantine folder |
|
| Back to top |
|
| |
External
Since: Jul 04, 2003
Posts: 1728
|
(Msg. 6) Posted: Fri Apr 13, 2007 9:27 pm
Post subject: Re: McAfee is moving program's exe into Quarantine folder [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
|
|
| Back to top |
|
| |
External
Since: Apr 14, 2007
Posts: 1
|
(Msg. 7) Posted: Sat Apr 14, 2007 8:13 am
Post subject: Re: McAfee is moving program's exe into Quarantine folder [Login to view extended thread Info.]
Archived from groups: alt>belgique>securite>virus, others (more info?)
|
|
|
It is my best shot.
inf0.DeleteThis@sofutoinc.com
<its_faiz.DeleteThis@hotmail.com> wrote in message
news:1176448629.245440.276850@e65g2000hsc.googlegroups.com...
> Hi All,
>
> We have a program developed in VB6 and installed on hundreds of users
> scattered around the world. This program is automatically run by an NT
> service once a day. It's been running fine for the last 4-5 years.
>
> Please note that all the users have exactly the same operating
> environment, i.e. McAfee virus scan 8.0, OS is Windows XP SP2 and MS
> office 2003 SP1.
>
> Now SOME of the users have experienced a problem. The McAfee Virus
> scan is moving the program's exe into C:\Quarantine folder and
> renaming it to *.vir
>
> Can you please advise why this problem is caused?
>
> Regards,
>
> FK
> >> Stay informed about: McAfee is moving program's exe into Quarantine folder |
|
| Back to top |
|
| |
External
Since: Apr 25, 2007
Posts: 1
|
(Msg. 8) Posted: Tue Apr 24, 2007 1:17 pm
Post subject: Re: McAfee is moving program's exe into Quarantine folder [Login to view extended thread Info.]
Archived from groups: alt>comp>anti-virus, others (more info?)
|
|
|
I think Soooo
"Zephyr" <usenet.TakeThisOut@zeppyster.com> wrote in message
news:gaednaueqNzvLYLbRVnyugA@giganews.com...
> Hello,
>
> Assuming the program is not malware I would not attempt to make any
> changes to it.
>
> Instead, follow David's advice and contact McAfee. If the program is not
> malware they should be willing to update their definitions so the program
> is
> no longer being flagged as malware.
>
> --
> Zephyr
>
>
> <its_faiz.TakeThisOut@hotmail.com> wrote in message
> news:1176467034.276901.42840@n59g2000hsh.googlegroups.com...
>> On Apr 13, 1:12 pm, "Marcin Domaslawski" <mila....TakeThisOut@wp.pl> wrote:
>>> Hi,
>>>
>>> McAfeedetected an malware code inside your file. Question is if on every
>>> system file is detected or only on some.
>>> First case is caused by similiar malware signature inMcAfee'sdatabase -
>>> you can contact withMcAfeeand register a false positive
>>> 2nd case: can be caused by incorrect work of antivirus e.g. by damaged
>>> virus
>>> signatures database. I met with that situation with Kaspersky AV. Try
>>> re-download all database.
>>>
>>> Marcin Domaslawski
>>>
>>> Uzytkownik <its_f....TakeThisOut@hotmail.com> napisal w
>>> wiadomoscinews:1176448629.245440.276850@e65g2000hsc.googlegroups.com...
>>>
>>>
>>>
>>> > Hi All,
>>>
>>> > We have aprogramdeveloped in VB6 and installed on hundreds of users
>>> > scattered around the world. Thisprogramis automatically run by an NT
>>> > service once a day. It's been running fine for the last 4-5 years.
>>>
>>> > Please note that all the users have exactly the same operating
>>> > environment, i.e.McAfeevirus scan 8.0, OS is Windows XP SP2 and MS
>>> > office 2003 SP1.
>>>
>>> > Now SOME of the users have experienced a problem. TheMcAfeeVirus
>>> > scan ismovingtheprogram'sexeintoC:\Quarantinefolderand
>>> > renaming it to *.vir
>>>
>>> > Can you please advise why this problem is caused?
>>>
>>> > Regards,
>>>
>>> > FK- Hide quoted text -
>>>
>>> - Show quoted text -
>>
>> I have just come to know that the executable is being detected as
>> malware just because it is using "RegCreateKeyEx" API to add a value
>> under "RunOnce" registry key.
>>
>> Can you please tell a solution to this? I need to enter an entry under
>> "RunOnce" key.
>>
>> Regards,
>>
>> FK
>>
>
>
> >> Stay informed about: McAfee is moving program's exe into Quarantine folder |
|
| Back to top |
|
| |
| Related Topics: | McAfee antivirus moving a VB6Program.exe into C:QUARANTINE.. - Hi All I am using a VB6Program.exe program which is run by a windows service twice a day in the hidden mode. For some reason, McAfee antivirus software has become more aggressive and is now seeing a harmeless VB6Program.exe as a virus and moving it to th...
McAfee: Exclude entire folder trees from scan - I'm using McAfee VirusScan Enterprise 7.0. Is there a way to exclude files and directory subtrees from the scan? Thanks.
McAfee VirusScan 10: How to exclude entire folder trees fr.. - In previous versions of VirusScan you used to be able to tell ActiveShield (or VirusGuard as it was once known) to ignore one or more folder trees, but I can't find any option to do this in version 10. Is it no longer possible?
McAfee Anti-virus program - Hi I'm using the latest version of McAfee. I've been having troubles connecting to the internet lately: it'll either connect but won't "do" anything (ie. a dead connection), or it won't connect at all. However, if I keep trying, it will even...
Less Intrusive, RAM-Eating AV Program Alternative to McAfe.. - I have about reached the saturation point with McAfee. I'm always jammed up against my RAM limits--which are high--and I have to reboot after freezes several times a day. I have been following this n/g for a while and have seen lots of recommendations. ... |
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
|
|
FAQ
Profile
Private Messages
Log in
