McAfee is moving program's exe into Quarantine folder

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi All,

We have a program developed in VB6 and installed on hundreds of users
scattered around the world. This program is automatically run by an NT
service once a day. It's been running fine for the last 4-5 years.

Please note that all the users have exactly the same operating
environment, i.e. McAfee virus scan 8.0, OS is Windows XP SP2 and MS
office 2003 SP1.

Now SOME of the users have experienced a problem. The McAfee Virus
scan is moving the program's exe into C:\Quarantine folder and
renaming it to *.vir

Can you please advise why this problem is caused?

Regards,

FK


Re: McAfee is moving program's exe into Quarantine folder

Hi,

McAfee detected an malware code inside your file. Question is if on every
system file is detected or only on some.
First case is caused by similiar malware signature in McAfee's database -
you can contact with McAfee and register a false positive
2nd case: can be caused by incorrect work of antivirus e.g. by damaged virus
signatures database. I met with that situation with Kaspersky AV. Try
re-download all database.

Marcin Domaslawski


Quoted text here. Click to load it



Re: McAfee is moving program's exe into Quarantine folder

Quoted text here. Click to load it

I have just come to know that the executable is being detected as
malware just because it is using "RegCreateKeyEx" API to add a value
under "RunOnce" registry key.

Can you please tell a solution to this? I need to enter an entry under
"RunOnce" key.

Regards,

FK


Re: McAfee is moving program's exe into Quarantine folder

Hello,

Assuming the program is not malware I would not attempt to make any changes
to it.

Instead, follow David's advice and contact McAfee. If the program is not
malware they should be willing to update their definitions so the program is
no longer being flagged as malware.

--
Zephyr


Quoted text here. Click to load it




Re: McAfee is moving program's exe into Quarantine folder


| Hello,
|
| Assuming the program is not malware I would not attempt to make any changes
| to it.
|
| Instead, follow David's advice and contact McAfee. If the program is not
| malware they should be willing to update their definitions so the program is
| no longer being flagged as malware.
|

Correct.  They can create a negative Extra DAT that will disable the false
declaration as
well subsequently update the next DAT revision to correct the mistaken
identification.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: McAfee is moving program's exe into Quarantine folder

I think Soooo
Quoted text here. Click to load it


Re: McAfee is moving program's exe into Quarantine folder


| Hi All,

| We have a program developed in VB6 and installed on hundreds of users
| scattered around the world. This program is automatically run by an NT
| service once a day. It's been running fine for the last 4-5 years.

| Please note that all the users have exactly the same operating
| environment, i.e. McAfee virus scan 8.0, OS is Windows XP SP2 and MS
| office 2003 SP1.

| Now SOME of the users have experienced a problem. The McAfee Virus
| scan is moving the program's exe into C:\Quarantine folder and
| renaming it to *.vir

| Can you please advise why this problem is caused?

| Regards,

| FK



Assuming your author created a good ptrogram and not malware, submit the files
being
falsely detected to McAfee via the email addtress virus_research@avertlabs.com
and in the
subject of the email use "False Positive on VB6 software" and in the body of the
email
state your case why you believe the attached files are not malware.

Attach all the files deemed malware (and you haven't posted what they were
declared as) in
password protected ZIP file with the password being;  infected  { password =
infected }



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Site Timeline