[submix8c]

SHEESH, dude! Did you even read my posts? I DID THE SAME THING!

As for the OP having a virus, the OP willy-nilly chose his findings from the internet and NEVER said they uploaded ANYTHING (or did I really miss that). Those tools I mention WILL identify an "infected" one and even one RELATED to it (in the TEMP/Temp Inet). I have already done battle with these beasts so am knowledgeable else I wouldn't have suggested the "search", tools, or symptoms. The SERVICES.EXE one is a BEAR to get rid of - and it's not even THAT program that's infected!

And I must point out (re: the MS link) I said "just to point out" that I was, indeed, pointing out "false positives" (repeatedly)!
Try google

McAfee-GW-Edition false positive

FAIL!

What part of any of this is not being understand? I thought I was very clear in respect to the original "problem" which somehow transmogrified into Firewall Connections Logs (obviously misunderstanding "how stuff works") that were discussed in the OTHER topic. It appears obvious that the OP is testing out a newly minted install along with a brand spanky new router and firewall and going OMG MS HAS VIRUSES AND AM BEING ATTACKED FROM WITHOUT!

This must be one of these moments.

[PeterEl]

Quote

but it could happen that a virus running on his computer could have infected the downloaded svchost.exe right after downloading it (i've seen something similar about 10 years ago).

I thought about it just like you.


and that's why I asked you to try to download svchost.exe from microsoft.com and check it for viruses through virustotal.

and check your own svchost.exe from their computers.
and tell me results...

allen2, maybe you do this? please, it's not hard.

[allen2]

PeterEl, on 29 August 2012 - 11:13 PM, said:

and check your own svchost.exe from their computers.
and tell me results...

allen2, maybe you do this? please, it's not hard.

I did it and got the same false positive for the downloaded svchost from XP SP3. I did try also with the one from my running OS and this one didn't get the false positive but it is because it is in another language.

[PeterEl]

allen2, on 30 August 2012 - 12:12 AM, said:

PeterEl, on 29 August 2012 - 11:13 PM, said:

and check your own svchost.exe from their computers.
and tell me results...

allen2, maybe you do this? please, it's not hard.

I did it and got the same false positive for the downloaded svchost from XP SP3. I did try also with the one from my running OS and this one didn't get the false positive but it is because it is in another language.

Thanks.
Another language? what language you downloaded from XP SP3? and what language in your runnig OS?

[allen2]

I downloaded English XP SP3 and the false positive was from this. And my runing Os is in French.

[submix8c]

PLEASE look up the definition of TROJAN (what McAfee THINKS it is).

NOW look up the definition of VIRUS (what YOU think McAfee said it is).

NOW download, install, and RUN both
1 - MalwareBytes AND
2 - Spybot.
Find anything?

NOW go to the
3 - Free Panda Scan.
Find anything?

You want US to REPEATEDLY do something and YOU have NOT done ANY of those things. NUTZ on that!
DO WHAT WAS TOLD (#1, #2, and #3) and report back! PERIOD!

Now... KNOCK IT OFF!!!!

Attached File(s)

•  its-not-a-virus.jpg (32.29K)
  Number of downloads: 3
•  wasting-time.jpg (83.57K)
  Number of downloads: 1
•  timthumb.jpg (67.63K)
  Number of downloads: 1

This post has been edited by submix8c: 30 August 2012 - 08:20 AM

[PeterEl]

submix8c, on 30 August 2012 - 08:12 AM, said:

PLEASE look up the definition of TROJAN (what McAfee THINKS it is).

NOW look up the definition of VIRUS (what YOU think McAfee said it is).

NOW download, install, and RUN both
1 - MalwareBytes AND
2 - Spybot.
Find anything?

NOW go to the
3 - Free Panda Scan.
Find anything?

You want US to REPEATEDLY do something and YOU have NOT done ANY of those things. NUTZ on that!
DO WHAT WAS TOLD (#1, #2, and #3) and report back! PERIOD!

Now... KNOCK IT OFF!!!!

the guy does not get excited, calmer.
thanks for your variant of troubleshooting, i'll make it.... some later...
thanks again. Nice pic! just to the point!

[jaclaz]

allen2, on 29 August 2012 - 02:58 PM, said:

Also, just for the record, McAfee isn't the worst antivirus out there ....

JFYI (and for a seemingly needed quick laugh ):
http://www.msfn.org/...-xp-inst-v047z/
http://www.msfn.org/...post__p__951837
I think there are NO limits to "worse" , but quite frankly, I would be puzzled by a product that not only detects an "own" app as a virus, but additionally affirms that it has deleted it while it hasn't.....



jaclaz

[allen2]

jaclaz, on 30 August 2012 - 08:47 AM, said:

allen2, on 29 August 2012 - 02:58 PM, said:

Also, just for the record, McAfee isn't the worst antivirus out there ....

JFYI (and for a seemingly needed quick laugh ):
http://www.msfn.org/...-xp-inst-v047z/
http://www.msfn.org/...post__p__951837
I think there are NO limits to "worse" , but quite frankly, I would be puzzled by a product that not only detects an "own" app as a virus, but additionally affirms that it has deleted it while it hasn't.....



jaclaz

Of course McAfee is sometimes totally off but i've seen almost all other antivirus doing similar things or worse:
- Kaspersky is indexing files and stores its index in the file %windir%\system32\drivers\fidbox.dat and you can't change its location. Just google fidbox.dat to see the side effects.
- F-secure is well known for its memory leaks.
- Symantec AV or Endpoint is most likely one of the worst with it virus definitions using as much space as %systemdrive% can handle and then simply stoping working. Also its default settings are the worst.
- Sophos doesn't offer a good protection. It let some viruses bypass its protection even when it detect them (conficker for example).
- TrendMicro often get problem updating and older version might be detected as virus by the newer one's. But all in all it is not that bad.
- AVG is a little better than sophos but it let conficker spread on some computers.
For the others, i didn't had the opportunity to see them working in the real world so i can't tell.

Also, there are two important things that a good antivirus should be able (at least in my opinion):
- Properly detecting new viruses (most antivirus can do that properly). And it includes having a good virus definitions update scheme (that's were some are behind).
- Being able to remove viruses (quarantine or delete depending on your settings). And there, the gap between them might be huge.
Most of the time, end users still need to report strange behavior because their AV didn't properly do its job. For example, i'm pretty sure that almost all AV out there wouldn't be able to stop conficker (of course with some specials conditions like having a weak administrator password) as conficker has dictionnary attacks on admin$ shares.

[submix8c]

http://static.libsyn...ddf9/FbR632.gif

Market Share

I use Symantec. I don't say it's "the best" though. TWICE in SEVEN years and "stopped" both times.
1 - In reference to "default settings", what AV (or any software for that matter) doesn't require "tweaking"
2 - As far as the "space" there is a way to "clean" the "bloat". Got any STATS for space utilization on "the others"?
3 - Extremely opinionated, aren't you?

Back on Topic - FALSE FALSE FALSE POSITIVE! Live with it!

This post has been edited by submix8c: 30 August 2012 - 11:38 AM

[allen2]

I found this site with a lot of data and stats. In 2011 McAfee got the award of the lowest false positive detected and this is very strange.
But it doesn't have the size of virus defs. I looked the system requirement of many of them and for most of them the requirement is in the real the bare minimum.

Symantec endpoint virus defs take about 3GB (with the default number of virus defs: 3) and symantec say it only require 1GB.
Trend officescan virus defs take 700MB (still with 3 virus defs) and Trend say it only require 350MB.
McAfee Viruscan virus defs take 400MB (but with 2 virus defs) and McAfee say it only require 500MB.
Kaspersky virus defs take about 800MB (but with 2 virus defs) and Kasperky say it only require 500MB.

As i work everyday with different AV in production environments, i get to see many scenarii where each AV behave differently.
For example, sometimes symantec antivirus service will take 100% cpu for hours (or until we restart its service) just because it isn't able to update properly its virus defs.
This problem appear to have been corrected with symantec endpoint.

This post has been edited by allen2: 30 August 2012 - 01:20 PM

[PeterEl]

gays, what firewall you use?

[jaclaz]

jaclaz

[tomasz86]

jaclaz, on 31 August 2012 - 04:31 AM, said:

Spoiler

jaclaz

Mine is better





http://www.matousec....nge/results.php
http://www.matousec....-64/results.php

[submix8c]

I told you in your OTHER thread. SOME folks do NOT install a "firewall" but use "TCP/IP Filtering".

NO I will NOT go into "explaining that"! Do a little research ON YOUR OWN.

The whole POINT of this Forum is to HELP - NOT "Please hand it to me on a silver platter"...

BTW, there are MANY threads on MSFN about "Firewalls" and "Antivirus" Products. TRY SEARCHING FIRST rather than asking for something that's ALREADY THERE (See that "gear" at the top right? CLICK IT!).

[Tripredacus]

Submix8c, not sure why all the drama...

Anyways, it is obvious to me (in light of this research) that Windows XP is a virus!

Oh, and while I also use MSSE, I don't rely on it protecting anything. Last I checked version 1 of MSSE, it didn't even detect the EICAR file!

[submix8c]

Tripredacus, on 31 August 2012 - 09:26 AM, said:

Anyways, it is obvious to me (in light of this research) that Windows XP is a virus!

[jaclaz]

submix8c, on 31 August 2012 - 09:38 AM, said:

NO reason whatsoever to be happy , as the XP virus is an evolution (bloated) of the 2K one .



jaclaz