Jump to content

Horrific McAfee False Positive


Guest MBfan

Recommended Posts

Just updated to Databse version 1711, 69481 is the fingerprints number if that matters, date is 01/30/2009.

There is a very bad problem in the latest build. Here's the log.

Malwarebytes' Anti-Malware 1.33

Database version: 1711

Windows 5.1.2600 Service Pack 3

Registry Keys Infected: 2

Files Infected: 1

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7db2d5a0-7241-4e79-b68d-6309f01c5231} (Trojan.FakeAlert) -> No action taken. [354148305383807566791539667670347770838513018468837481858183808990]

HKEY_CLASSES_ROOT\CLSID\{7db2d5a0-7241-4e79-b68d-6309f01c5231} (Trojan.FakeAlert) -> No action taken. [354148305383807566791539667670347770838513018468837481858183808990]

Files Infected:

c:\Program Files\McAfee\VirusScan\scriptsn.dll (Trojan.FakeAlert) -> No action taken. [354148305383807566791539667670347770838513018468837481858183808990]

Here's the problem: scriptsn.dll is the script-scanning portion of McAfee. {7db2d5a0-...6309f01c5231} is the BHO for Internet Explorer. I don't believe this is Trojan.FakeAlert-- compared file sizes between two machines, they're the same, exactly 58,688 bytes.

Took a look at the file-- has a Thawte and VeriSign certificate jammed in it (not to mention a bunch of others).

Why was this marked as Trojan.FakeAlert? As far as I can see what it's scriptproxy, and it'd break McAfee and force a re-install if users went through with the removal.

Link to post
Share on other sites

It's a FP. Please select ignore for now, We'll get it fixed with the next update.

If by chance users did remove it, simply going to quarantine and restoring it will fix things.

Sorry for any inconvenience this might have caused anyone.

Link to post
Share on other sites

It's a FP. Please select ignore for now, We'll get it fixed with the next update.

If by chance users did remove it, simply going to quarantine and restoring it will fix things.

Sorry for any inconvenience this might have caused anyone.

If you have a lot of quarantined files, be sure to sort the list by date so you can find it easily. I didn't find it in my list, and had to work quite a bit harder (but not too hard) to make McAfee fix itself via virtual technician and auto-update. :D

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.