Main Area and Open Discussion > General Software Discussion

False Positive on Software (Generic.Dx) by McAfee Today: McAfee Response and Fix

(1/13) > >>

mouser:
Today's update of McAfee virus definitions has suddenly started alerting people that there is the Generic.Dx trojan found, whereupon the program exe is automatically deleted.

There is absolutely no malware in any of our programs -- it's a false alarm by an over eager antivirus company, which has a history of doing this software authors (see the funny articles in the linked thread).

We've gotten an official reply today confirming that it's a false alarm and there is no virus/trojan:

AVERT(tm) Labs, APAC
Thank you for submitting your suspicious file.
Synopsis -
Our Senior Virus Research Engineers have examined the file in question
and no virus was found.
Solution -
Attached is an extra.dat with correct detection.  This correction will
be included in the next DAT update.
--- End quote ---

Hopefully a new update will be pushed through to users very soon.


If you can't bear to wait i'm attaching the Extra.DAT update file I was sent, and instructions for installing it can be found here: http://vil.mcafeesecurity.com/vil/systemhelpdocs/extradat.aspx

mouser:
I can confirm that using the Extra.DAT file it seems to stop alerting on all of our programs, so at least their temporary fix works -- and hopefully their new definitions will go out with fix this right away.

mouser:
If you ever get a virus alert, you should know that it is very common to get false positives from over-aggressive antivirus tools which aren't very concerned about falsely identifying something as a virus.

I've complained a lot in the past about the failure of antivirus tools to usefully inform users when some new detection is more of a guess than a sure thing.  In cases where a brand new update detects something, it should be a no-brainer that the user should be told a little more about the possibility that it's a false alarm, and given more help and information for how to figure out if the threat is real.

If you get a virus alert one thing you can do is visit a few of the very cool free websites which will scan the file using a wide variety of different antivirus engines.  If your antivirus is the only one that detects something then chances are it's probably a false alarm.

Here are the reports for a file that McAfee started alarming on today:

From virustotal.com:

(the annotation is mine)

And another from http://virusscan.jotti.org/:

iphigenie:
maybe they are all wrong and mcafee is the lone ranger, and you are the most cunning virus writer ever, creating a whole persona over several years to fool the entire world into trusting your software  :eusa_naughty:

(couldnt resist)

xcopy:
Thanks for the quick cure, mouser. Running Launchbar Commander with the new Extra.dat works fine.  :Thmbsup:

Navigation

[0] Message Index

[#] Next page