Jump to content

Conflict with McAfee: all scanned files were deleted


Recommended Posts

I just did an update to mbam followed by a quick scan and VirusScan 8.7 (p2) deleted all .exe files in c:\windows\SysWOW64 that mbam scanned. It thought they were the dx trojan. I assume there is no problem with mbam since I used it last year to get rid of an "antivirus 2009" that McAfee could not delete and all I did was update to the latest database this morning. I stopped the mbam scan so not all .exe's were deleted, just ones in alphabetical order from "1033b.exe" thru "APOMngrg.exe"

Is this a case of "false positives"?

A known problem?

The system seems to be working fine even though most of the files starting with "A" have been deleted from SysWOW64. Can I find them somewere and restore them?

mbam_problem.png

Link to post
Share on other sites

Hi and Welcome -

Have you added the security patch from McAfee VirusScan 8.7 that was released - The details are Here if you wish to check -

Thank You -

Thanks - I looked at that patch. However, I have patch2 which should include all previous patches. They are up to patch 4 but I dont have those.

I am unsure what is happening. AFAICT my system has been clean for some time and I keep 8.7i P2 up to date with McAfee latest database. I cannot believe that only those .exe files in alphabetical order 1033b.exe thru APOMngrg.exe in that syswow64 had the dx trojan. When I canceled the MalwareBytes can, McAfee stopped reporting the dx trojan at APOMngrg.exe.

I ran some tests.

To start off, I following the following instructions on adding mbam support to McAfee

Basic Procedures to correct disappearing programs

I then brought up the mcafee quarantine manager and un-quaranteened (restored to syswow64) accessibilitycplw.exe. I then ran a McAfee scan on c:\system\syswow64 and accessibilitycplw.exe was reported as a dx trojan and re-quaranteened. None of the other 100+ exes in the syswow64 directory had a problem, just that one I pulled out of the quarantine. I then restored another, accessibilitycpls.exe, went to the command prompt and changed to c:\system\syswow64 and copied "write.exe" and "accessibilitycpls.exe" to a new subdirectory I created, "c:\scanx". The executable "write.exe" was copied, but not accessibilitycpls.exe. It was re-quaranteened.

I then brought up MalwareBytes and scanned c:\scanx and it scanned "write.exe" just fine and McAfee did not find anything wrong after the scan completed.

I then brought McAfee back up and un-did all the changes that were recommended in that link above and then scanned c:\scanx. There was no problem.

I cannot account for why the first "quick scan" after the update to mbam created all those trojans (if indeed it did). The fact that that McAfee stopped reporting trojans the instant I stopped the mbam scan is suspicious. However, running mbam again just a few minutes ago on the directory c:\scanx did not cause any trojans to appear in the executable "write.exe"

I am looking for another vista64 system so I can restore those files. I am unsure if I reboot if microsoft will restore them for me.

mbam_problem2.png

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.