Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account


Photo

Virus suspected in XP_INST_v04.7z


  • Please log in to reply
30 replies to this topic

#26
ilko_t

ilko_t

    MSFN Addict

  • Super Moderator
  • 1,718 posts
  • OS:none specified
  • Country: Country Flag
Does anyone have a registered McAfee AV? Would someone contact them and report for a false positive?

It's probably 10th email going back and forth and they keep asking me for registration email to move further on, although I keep explaining in those semi-automatic emails what the case is. Next I get referred to a web page to submit the sample, which web page doesn't re-analyse it as most other AV vendors did, but rather scans it using current signatures and supposedly gets detected.
Then I reply with the results to the semi-automatic email, where yet another guy puts his name on top of a similar answer and asks me again for registration :(

At least there is some progress, 19/43 a few days ago, now 13/43:
http://www.virustota...4671-1288757982

Install Windows from USB, boot Linux, multiboot and a lot more with WinSetupFromUSB



How to remove advertisement from MSFN

#27
ilko_t

ilko_t

    MSFN Addict

  • Super Moderator
  • 1,718 posts
  • OS:none specified
  • Country: Country Flag
Moving forward, slowly, but moving :D, AVG and Ikarus replied, awaiting Sophos, Symantec and the troublesome McAfee.

Install Windows from USB, boot Linux, multiboot and a lot more with WinSetupFromUSB


#28
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,256 posts
  • OS:none specified
  • Country: Country Flag
@ilko_t

If, for any reason, you don't do your computer properly seated on a chair :w00t:, please do take one and seat comfortably on it before accessing this :):
http://downloadcente...ols/foundstone/

Directory on McAfee site where free tools are available.

I was there getting a fresh copy of the excellent BinText utility (BinText303.zip) today, and noticed file (near the bottom of the list/page): warning.txt

I had a look at it:

PACKER DETECTION ALERT

The anti-virus scanner has detected a packer program. The file was not cleaned and has been removed.
Context: 'SharePointDiscovery.exe'
Detection(s): 'PE_Patch.Stolen.d (compressed file)'
See your system administrator for further information. Copyright 1999-2007 McAfee, Inc.All Rights Reserved.http://www.mcafee.com


Their Anti-virus detected a packer inside their own file!

...and obviously did NOT delete it as file SharePointDiscovery.exe has the same timestamp 21-Oct-2010 09:04 of warning.txt ...:whistle:

Posted Image

Posted Image

jaclaz

#29
ilko_t

ilko_t

    MSFN Addict

  • Super Moderator
  • 1,718 posts
  • OS:none specified
  • Country: Country Flag
Wow, well done McAfee, guess next step is the scanner to detect itself as a packer :lol:

For reference I am posting a link to one of the numerous attempts to report false positive to McAfee:
https://community.mc...om/thread/29747

Install Windows from USB, boot Linux, multiboot and a lot more with WinSetupFromUSB


#30
gangbang

gangbang
  • Member
  • 6 posts
  • OS:XP Home
  • Country: Country Flag
where is the download file.

#31
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,256 posts
  • OS:none specified
  • Country: Country Flag

where is the download file.

WHICH "download file"?

The XP_INST_v04.7z?

Here:
http://www.msfn.org/...aded-iso-image/

jaclaz




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users



How to remove advertisement from MSFN