Jump to content

McAfee flags two trojans that MBAM scans do not


Recommended Posts

Yesterday, I ran a scan with my anti-virus software, McAfee. It claimed to have identified and deleted two trojans, cCopyFile.u32 and CCOPYFILE.U32. The first was supposedly in c:\unzipped\Arin_WHOIS\Arin_WHOIS, and the second was in a similarly named location except in all uppercase letters. Both were said to be detected as Generic.dx Type Trojan. I might note that I think I downloaded and installed this WhoIs program in 2007, and it has never triggered any warnings before.

Since McAfee had deleted the trojan files, it was pointless to run a Malwarebytes scan to see if it could find them. I did try to use a restore point to return to a time earlier that day before McAfee had run to see whether a scan on the system at that point would find something. A full scan with MBAM turned up nothing, nor did another scan with McAfee. I'm tempted to assume that this was a false positive from McAfee, though I don't think I've ever before had a fp from McAfee. The only thing that makes me a little uneasy is that I also then cleaned the registry with JVPowerTools and found many strange entries with Values such as C:\Users\Angel\Desktop\Downloads\BalckBerrySuite.exe. As far as I know, there is no C:\Users\ or c:\Users\Angel\ directory on my computer, and I've never heard of BlackBerrySuite.exe. As I said, there were a lot of entries like this, all mentioning this same myterious directory and all bearing the same date and time: 15.04.2009 13:33 (i.e., the day before I ran the scan, at 1:33 p.m.). JVPowerTools got rid of all these registry entries, since in each case the file or folder did not exist.

Since I have Anti-Malware Pro installed with the Protection Module enabled, shouldn't that have prevented this from happening?

I should add that I have run scans with McAfee and MBAM again, and they've turned up nothing.

Link to post
Share on other sites

Well, after I posted the message above, I found that McAfee had backed up the two files it deleted and had put them in quarantine, where I could rescan them, restore them, etc. Since I now had a new set of definitions, I decided to rescan them. Sure enough, the rescan said that the two items were clean! So I guess yesterday's result was a McAfee false positive.

I'm still puzzled and a bit concerned about all those strange registry entries. True, JVPowerTools deleted them all because the files to which they referred didn't exist, but why were the registry entries there to begin with, and why did they all bear the same date and time? Should MBAM have noticed them? Prevented them from being made? I'd welcome some help in understanding exactly what Anti-Malware Pro (including the protection module) does and does not do.

Thanks in advance.

Link to post
Share on other sites

Hiya,

The C:\users\angel reference is to another user on your computer, who may have created a user called "Angel" in the beginning, but then changed the username to something else, however the reference to the original username will still be kept on the computer. Do you have any other users/usernames on your computer?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.