This computer has McAfee Internet Security on it. After Spybot finished a scheduled scan today, and before I closed the interface, McAfee updated. When I closed the McAfee update finished notification, it popped up a window saying it removed an infection. I then closed Spybot. The McAfee alert closed right away so I had to open the McAfee program and find the log to see what all it said. It listed a real-time scan:

Generic.dxlqin(Trojan)
Status: Repaired(removed)
File: C:\Program Files\Spybot-Search & Destroy\SDShred.exe
Process: C:\Windows\system32\werfault.exe
Process description: Windows Problem Reporting

I searched McAfee virus information/database for this trojan and it could not find it. It showed zero results. Can you possibly give me some insight if this was a false positive or did Spybot actually catch a trojan? I cannot find the Shredder in Spybot using the interface or through Windows Explorer and looking at the Program Files directory. Have you removed this tool or is it gone now because McAfee removed it? I know it used to be there. :confused:

thanks.

Windows Vista Home Basic SP2 IE8

I too received a virus notification regarding this file while using McAfee VirusScan Ent + AntiSpyware 8.5i
Scan Eng (32bit) 5400.1158
DAT Version: 5938.0000
DAT Created on: April 1, 2010
Buffer Overflow and Access Protection DAT Version: 493

The application was: \windows\explorer.exe

Just happened to me too. I updated Spybot and did a minor Windows software update. Upon reboot McAfee immediately identified sdshred.exe as containing trojan Generic.dx!gln and deleted it. I checked the program files and Spybot and there's no sign of SDShred. Maybe this is McAfee's idea of an April Fool's joke?

I have the same Mcafee specs as yours rjr7665 and just got the same notice about sdshred.exe and it was deleted by virusscan. Not sure when exactly, but it happened after I logged off at work , so in the last 4 hours or so.

McAfee sometimes loses it`s mind i suppose. yesterday i also got an old version of Ccleaner (227) flagged by McAfee, crazy. McAfee should straiten this kind of mess out. Not much Spybot SD can do about this i assume.

i even cannot mark this shredder .exe as trusted by McAfee. I have a free version of McAfee with my internet provider, that is the only reason i`m using it. otherwise i would use NOD32 i guess.

I'm getting this too - both my laptop and PC.

The laptop tells me the virus has been deleted.
The PC tells me the virus has been quarantined (i.e. not deleted).

Have not tried to use Spybot yet, didn't know if it was safe to do so.

Hi guys,
I think it's another false postive as the sdshred.exe refers to Spybot SHREDDER, that is a safe way to delete Your files from the hard drive deleting them writing on several 0 and 1 random data (such as PGP's WIPE.exe). My current version of Mcafee Total protection has put it in quarantine, saying its a generic trojan dx!gln. Well I dont' think so as I used sdshred.exe in the past and it never had problem. Anyway I sent the file to Mcafee and I'm waiting for their response. If You everybody don't need to delete Your file in a sure way, Spybot will work fine, although the file has been deleted. The only trouble is that the link under START/PROGRAMS/SPYBOT "FILE SHREDDER" will no longer work.
As soon as Mcafee will send the response, I'll post it hear.
Bye

Live long and prosper

Anyway I sent the file to Mcafee and I'm waiting for their response.

Thanks Mega Tornaconto, I will be watching for that result. Your posting it would really be appreciated. I couldn't find a way to reach McAfee about this other than paid support, which I am not going to do being that it is their mess up....obviously.

This is just peachie. :devil: At least it wasn't a crucial file. I don't like McAfee anyhow and this subscription was just renewed. If this was my computer I'd cancel it anyhow.

Is there some way of getting Shredder back without reinstalling the whole program? That would not be worth it.

I got the same thing this morning and did a search for this problem and found this thread.

Looking forward to hearing what McAfee says.

Hi Eric,
I don't know if its possible or not. May be it could be an Spybot's add on and perhaps You can add it from the installation program: You can try to ask to the staff support. In any case just wait a while as soon as someone will tell if it's really a false positive.
Anyway it's not a critical file for the Spybot and, if I've understood, if You don't have the necessity to use it so far. So I think its better wait for some news. To contact Mcafee without paying: I've sent the file directly from the quarantine window but they need time, at times two or three days: as a registered user they will send me an answer by e-mail. Maybe You can try this way if You have a similar Mcafee product installed.
Bye

Live long and prosper

Looking forward to hearing what McAfee says.

Me too. :)

Me too. :)

It's not funny, but that is funny....Me to.

I have just posted in McAfee Community also. I'll see what kind of response I get there. Should be interesting. I discovered the small "l" in the supposed trojan name is an exclamation mark: Generic.dx!qin--not like that's gonna make a difference.

I did a google search and the only place it showed up was here: http://vil.nai.com/vil/content/v_262768.htm and it just showed it was McAfee's and the definition date was 3/31/10.

Mega:
There was no quarantine window. Only the log after the notification window popped up then disappeared right away. There is no way of posting the file from the program that I can find, it removed it anyhow. This is McAfee Internet Security and I can find no way inside that program to submit it. Maybe there might be if it didn't remove it without asking me first. :mad: I can't even find a setting to let me know it found something and ask me first before it removes it. This program is awful. Thank goodness it was not a critical file, then I would be really upset.

We'll see what they say.

I am having the same problems as all Windows7/Mcafee users'. This is a new Dell that I upated the McAfee and as of that update a flash alert from Mcafee appears to quickly to read and my shredder has disappeard from Spybot.

Hello everybody:
first I was on work but I'm at home, now, and I've Norton 360 on my laptop. What a surprise: :D: I've also here Spybot installed but Norton 360 didn't found any "infected" file.
I launched sdshred.exe manually and it worked perfectly (it chopped away the files I wanted to delete). No trojan activity from firewall.
What does it mean? I think it could be a bug in the last Mcafee's DAT files.:confused: If Mcafee says "infected" and Norton don't say anything I can think about a false positive;)
All the guys in this post just talk about Mcafee, nobody with Norton meets problem: so or Norton is a junk or Mcafee is wrong.
(Jason Bourne use Norton Internet security on his laptop and he survived the trilogy.......):D:
Anyway ....still waiting for Mcafee's response and eventually an updated DAT file.
Have a good Eastern everybody

Live long e prosper

What a pity. The version I have lets me to put the files or cookies in quarantine before deteleting them so well I can send them to Mcafee just right clicking on them. Its version 9 of the Internet Security or Total Protection. If You need a file shredder my version of Mcafee have also it installed under "manutenzione computer" ( I don't know how does it is named in english version). :confused:
Or You can also download a very good one by PGP corporation (pretty good privacy): its works well and it's free in lite version.:bigthumb:
Bye

Live long and prosper

Hello everybody:
first I was on work but I'm at home, now, and I've Norton 360 on my laptop. What a surprise: :D: I've also here Spybot installed but Norton 360 didn't found any "infected" file.
I launched sdshred.exe manually and it worked perfectly (it chopped away the files I wanted to delete). No trojan activity from firewall.
What does it mean? I think it could be a bug in the last Mcafee's DAT files.:confused: If Mcafee says "infected" and Norton don't say anything I can think about a false positive;)
All the guys in this post just talk about Mcafee, nobody with Norton meets problem: so or Norton is a junk or Mcafee is wrong.
(Jason Bourne use Norton Internet security on his laptop and he survived the trilogy.......):D:
Anyway ....still waiting for Mcafee's response and eventually an updated DAT file.
Have a good Eastern everybody

Live long e prosper

This is my first ever forum posting.. here goes.
A scheduled scan by McAfee returned the following messages.
"Detection name: Generic.dx!gln(Trojan), Generic.dx!gln(Trojan)
File: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}
\RP723\A0294428.EXE" and the next item "Detection name: Generic.dx!gln(Trojan), Generic.dx!gln(Trojan)
File: c:\Program Files\Spybot - Search & Destroy\SDShred.exe" and finally
"Generic.dx!gln(Trojan), Generic.dx!gln(Trojan)
File: C:\Program Files\Spybot - Search & Destroy\SDShred.exe
Process: C:\Program Files\Secunia\PSI\psi.exe
Process description: Secunia PSI"

One difference to the other posts I have read is the mention of Secunia PSI which I use to help me keep programs up to date. I am running Windows XP, and McAfee provided as part of the BT Yahoo ISP service. I hope that this is useful to someone!

:thanks:

If Mcafee says "infected" and Norton don't say anything I can think about a false positive;)

My sentiments exactly. I have free AVG on my XP at home. And it accidently has my old Norton realtime still running. I thought I had it turned off when I installed AVG but evidently it wasn't. But no harm so far. (I know you're not suppose to run two anti-virus but it was not intentional). Anyway, neither Norton nor AVG found any infected files either and I would expect Norton to find something before AVG does. But nothing. So it has got to be McAfee.:D:

I just checked my post in McAfee forum. I posted in the wrong section but I still got a reply. There is a posted reply from a member, not McAfee itself. But this is a response I have received:

Apr 2, 2010 2:51 PM in response to: memgal
Re: Trojan in Spybot Search & Destroy??
This is a False Positive. We manage over 1700 systems via McAfee EPO. Have had about 15 systems report this sdshred.exe as being detected as that same trojan. This morning, I submitted the file to McAfee and am still waiting for a response. The problem still exists with todays DAT version 5939.

Microsoft Windows 2003 Standard SP2
EPO Server 4.0.0.1298 (Patch 5)
EPO Agent 4.0.0.1494 (Patch 3)
McAfee VirusScan 8.0i - Patch 15 - about 3 slower computers - starting to remove due to EOL on March 2010
McAfee VirusScan 8.5i - Patch 7/8 plus HotFix 458640 x over 300 systems
McAfee VirusScan 8.7i with Patch 2 x over 1200 systems & growing

This is the link in the post if anyone is interested: http://community.mcafee.com/message/122616

Somewhat of a confirmation at least. ;)

Add me to the list. McAfee 8.5i Enterprise started reporting SDShred.exe as a trojan. I have two other Windows machines, one running AVG the other running Microsoft Security Essentials. Neither of those complains about SDShred. McAfee DAT 5939.0000 (April 2, 2010) still "catches" the file.

This has to be a false positive.

From VirusTotal's analysis (http://www.virustotal.com/analisis/7730c1cae7f64bf72de0d7a06d3f27265e13a5d624887fb1ef189d89b2b31860-1270242057) for Shredder, only Antiy-AVL detected "Virus/Win32.Daum.gen" (another false positive) while McAfee didn't found anything.

However, by some reason, McAfee is out-dated on VirusTotal (lastest definitions which was used in analysis was 3-31-2010, this is on all other online file scanners), while your definition date says lastest April 2, 2010.

Edit: Saw Eric38137's post and link (http://vil.nai.com/vil/content/v_262768.htm). It must be false positive.

Has someone already uploaded the file to VirusTotal? :laugh:

Edit:
Tom.K did... ;)

I sent the file to Virustotal and Jotti and here are the results:

http://www.virustotal.com/es/analisis/7730c1cae7f64bf72de0d7a06d3f27265e13a5d624887fb1ef189d89b2b31860-1270242057

http://virusscan.jotti.org/es/scanresult/1e0d92701219797ea3c3c52c0c7ef7b403bf4b87/6413131f98fe7ee9b1c84ca2e056ab420d09105f

In Virustotal it seems that another antivirus like Antiy-AVL 2.0.3.7 reported SDShred.exe as positive (Virus/Win32.Daum.gen). Surprisingly McAfee din't say anything. Could you explain? :confused:

Jotti said the file in entirely safe. I'll be expecting the McAffe answer too.

Regards

kudo

Has someone already uploaded the file at VirusTotal? :laugh:


I sent the file to Virustotal and Jotti and here are the results:

http://www.virustotal.com/es/analisis/7730c1cae7f64bf72de0d7a06d3f27265e13a5d624887fb1ef189d89b2b31860-1270242057

http://virusscan.jotti.org/es/scanresult/1e0d92701219797ea3c3c52c0c7ef7b403bf4b87/6413131f98fe7ee9b1c84ca2e056ab420d09105f:rotfl:

Read through the whole thread and you'll get the answers you need. ;)

Read through the whole thread and you'll get the answers you need.

Sorry, I must be very dummy :red:, but reading the entire thread the only thing I can discover is the possibility of a false positive, and reallly I think it must be, but need a confirmation.

Regards,

kudo

I also had McAfee quarantine the same Spybot file but in addition to the shred file it also said the same trojan was in my system volume information restore file. Did anyone else experience this same scan result?

It's in System Volume Information folder because System Restore made a checkpoint with backup files which included Shredder in which makes that file in System Volume Information folder a false positive, too. There're some posts saying that trojan was detected in System Volume Information folder.

VirusTotal still didn't updated McAfee after 4 days...

AVg does not appear to have this problem, so it might only be McAffee. Could use some further investigation though.

For anybody wonder why McAfee doesn't report SDShred on VirusTotal: According to the posters, VirusTotal is using the 3/31/2010 DAT. The false positive started with the 4/1/2010 DAT. Is this McAfee's idea of an April Fools joke ;)

Is this McAfee's idea of an April Fools joke ;)
Why can't I laugh about this joke? ;)

April Fool's Joke? . . . That's some sick humor

Hi,

I checked a reply I had in the McAfee Community and this user posted this reply:

"It appears that this issue has been fixed with DAT 5940.
Logged into work and rescanned the quarantined file SDSHRED
on my system. It reported that it was clean which allowed me to reatore it.

The bad thing is that I have yet to receive any email response
from McAfee. When I initially submitted the false positve they
gave me a case number. This is another failing on McAfee since
we have a gold support account with them. Anyhow, at least it
is fixed about 2 days after it was detected."

I restored my file this morning and it has not been detected. Yet. :) That's really bad that McAfee wouldn't answer them, even at least with a "checking on it" answer. Their Community site kept crashing the browser on another computer this weekend. That's really strange. (no it wasn't infected with anything.) I too submitted the file to VirusTotal on Sat. and McAfee still had a 3/31 date. Wow.

Mega Tornaconto:

I found all of the quarantine, send file to McAfee, etc., settings this morning that you mentioned to me earlier. It is buried deep into the McAfee program. This is the first I've had McAfee on any computer I've used so I'm still learning it. Came with their computer so I have not much choice.

Everyone have a great day.:)

hello everybody,
still nothing received by mail about the "infected" files sent wednsday, so this morning I ask by phone to the telephone support; they said I have still to wait cause during these days they were on holidays (!!!) and so noone at laboratories could have a look at any files sent (no comment). Mcafee is astonishingly slow in this, Spybot's forum is really faster! Anyway I'm curious to see how many time they take to solve the problem although when the renewal of their license is near, they take my money one month first (and with no holidays problems).

Live long and prosper

Hi, Eric
I'm happy You at last found the quarantine window; if you have time, have a look as there're many other useful function "buried deep into the McAfee program".
Anyway, when this morning I talked with telephonic technical support about the possibility of taking back the files from the quarantine, they said me that "it could not work as first!!!":bomb:, so, in the case I have to erase it cause it doesn't work I'd like to know how you reload it on your system (reinstalling all Spybot or adding Shredder in some other ways).
Thanks for your attention

Live long and prosper

Hello,

With it's latest virus definitions (5939, 2-Apr-2010) McAfee detects the SDShred.exe of Spybot Search & Destroy as Generic.dx!qln (Trojan).

This is a false positive from McAfee that has already been fixed.
Please search for new updates (5940, 3-Apr-2010) for your McAfee version.

In case McAfee has deleted any of our files, to get Spybot - Search & Destroy back, please uninstall according to this guide (http://www.safer-networking.org/en/howto/uninstall.html).
Then download a fresh copy of Spybot-S&D 1.6.2. here (http://www.spybotupdates.com/files/spybotsd162.exe).

P.S.: Sorry for the late response, but our office was closed for the easter holidays.

Best regards
Sandra
Team Spybot

Hi Sandra,
thanks for the response: effectly the problem begun with the 5938 DAT files. This morning was downoladed the 5942 version, so it ought to be all right. I hope I can recond the file from quarantine, otherwise I'll follow Your indications about uninstalling and then reinstall it again.
Have a good day

Live long and prosper

Hi, Eric
I'm happy You at last found the quarantine window; if you have time, have a look as there're many other useful function "buried deep into the McAfee program".
Anyway, when this morning I talked with telephonic technical support about the possibility of taking back the files from the quarantine, they said me that "it could not work as first!!!":bomb:, so, in the case I have to erase it cause it doesn't work I'd like to know how you reload it on your system (reinstalling all Spybot or adding Shredder in some other ways).
Thanks for your attention

Hi Mega,
I don't know what McAfee meant by that but I just used the "Restore" in McAfee and it put it back where it was, in C:\Program Files\Spybot-Search & Destroy\SDShred.exe (Vista). My computer did not :bomb:. Do you think McAfee just does not like Spybot:tease: Before I tried the restore I did copy the SDShred.exe file out of Spybot from my other computer and put it on disk and was going to copy it into Spybot on this computer instead of reinstalling it. Its a standalone program so it should work. But then I found the restore setting.

Spybotsandra gave you the links to uninstall and reinstall if need be. But the restore should work fine. In my right-click menu I have Scan with Malwarebytes, Spybot and McAfee for individual files. So after I restored it, just to be on the safe side:), I scanned with each one and the file is just fine. Then just scanned my whole system. All is well.

I have DAT 5942 from 4/5/10 and still so far no infections. I did finally get a response from McAfee in their community yesterday but that was links to how to submit a file and two other links for something else, I forgot what they were now. So they aren't actually telling you anything but to submit the file.

At least its fixed now and glad its over. Everyone have a great day.:beerbeerb:

Eric, thanks for Your time.
I restored succesfully SHREDDER, at it likes to be all OK.
It seems like a joke as Mcafee tech support said "yes, you can try to restore, but maybe it will not work properly (WHY???) and your system could become unstable".
I restored it and it works. No trouble. Bah!!
Anyway still no payment new from Mcafee on my mail: but instead a free new directly from Sandra on my personal mail. That's incredible: not only Sandra found time to write on this forum but also wrote me personally. And it's all free: Spybot it's really another world.
Thank You all at Spybot for Your continuous work.

(May You) live long and prosper

Hi,

That is fantastic. Mega, you are quite welcome. No problem. Glad I could help in a small way.


I restored it and it works. No trouble. Bah!!

LOL. That is funny. Double Bah!!!
That would be a very sick joke.

Yes, this forum is the best. They are all very helpful.

Be safe out there.