Trojan in Spybot?

[tashi]

Looking forward to hearing what McAfee says.

Me too.

[Eric38137]

Me too.

It's not funny, but that is funny....Me to.

I have just posted in McAfee Community also. I'll see what kind of response I get there. Should be interesting. I discovered the small "l" in the supposed trojan name is an exclamation mark: Generic.dx!qin--not like that's gonna make a difference.

I did a google search and the only place it showed up was here: http://vil.nai.com/vil/content/v_262768.htm and it just showed it was McAfee's and the definition date was 3/31/10.

Mega:
There was no quarantine window. Only the log after the notification window popped up then disappeared right away. There is no way of posting the file from the program that I can find, it removed it anyhow. This is McAfee Internet Security and I can find no way inside that program to submit it. Maybe there might be if it didn't remove it without asking me first. I can't even find a setting to let me know it found something and ask me first before it removes it. This program is awful. Thank goodness it was not a critical file, then I would be really upset.

We'll see what they say.

[bucki]

I am having the same problems as all Windows7/Mcafee users'. This is a new Dell that I upated the McAfee and as of that update a flash alert from Mcafee appears to quickly to read and my shredder has disappeard from Spybot.

[Mega Tornaconto]

Hello everybody:
first I was on work but I'm at home, now, and I've Norton 360 on my laptop. What a surprise: I've also here Spybot installed but Norton 360 didn't found any "infected" file.
I launched sdshred.exe manually and it worked perfectly (it chopped away the files I wanted to delete). No trojan activity from firewall.
What does it mean? I think it could be a bug in the last Mcafee's DAT files. If Mcafee says "infected" and Norton don't say anything I can think about a false positive
All the guys in this post just talk about Mcafee, nobody with Norton meets problem: so or Norton is a junk or Mcafee is wrong.
(Jason Bourne use Norton Internet security on his laptop and he survived the trilogy.......)
Anyway ....still waiting for Mcafee's response and eventually an updated DAT file.
Have a good Eastern everybody

Live long e prosper

[Mega Tornaconto]

What a pity. The version I have lets me to put the files or cookies in quarantine before deteleting them so well I can send them to Mcafee just right clicking on them. Its version 9 of the Internet Security or Total Protection. If You need a file shredder my version of Mcafee have also it installed under "manutenzione computer" ( I don't know how does it is named in english version).
Or You can also download a very good one by PGP corporation (pretty good privacy): its works well and it's free in lite version.
Bye

Live long and prosper

[Mega Tornaconto]

Hello everybody:
first I was on work but I'm at home, now, and I've Norton 360 on my laptop. What a surprise: I've also here Spybot installed but Norton 360 didn't found any "infected" file.
I launched sdshred.exe manually and it worked perfectly (it chopped away the files I wanted to delete). No trojan activity from firewall.
What does it mean? I think it could be a bug in the last Mcafee's DAT files. If Mcafee says "infected" and Norton don't say anything I can think about a false positive
All the guys in this post just talk about Mcafee, nobody with Norton meets problem: so or Norton is a junk or Mcafee is wrong.
(Jason Bourne use Norton Internet security on his laptop and he survived the trilogy.......)
Anyway ....still waiting for Mcafee's response and eventually an updated DAT file.
Have a good Eastern everybody

Live long e prosper

[keohouse]

This is my first ever forum posting.. here goes.
A scheduled scan by McAfee returned the following messages.
"Detection name: Generic.dx!gln(Trojan), Generic.dx!gln(Trojan)
File: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}
\RP723\A0294428.EXE" and the next item "Detection name: Generic.dx!gln(Trojan), Generic.dx!gln(Trojan)
File: c:\Program Files\Spybot - Search & Destroy\SDShred.exe" and finally
"Generic.dx!gln(Trojan), Generic.dx!gln(Trojan)
File: C:\Program Files\Spybot - Search & Destroy\SDShred.exe
Process: C:\Program Files\Secunia\PSI\psi.exe
Process description: Secunia PSI"

One difference to the other posts I have read is the mention of Secunia PSI which I use to help me keep programs up to date. I am running Windows XP, and McAfee provided as part of the BT Yahoo ISP service. I hope that this is useful to someone!

[Eric38137]

If Mcafee says "infected" and Norton don't say anything I can think about a false positive

My sentiments exactly. I have free AVG on my XP at home. And it accidently has my old Norton realtime still running. I thought I had it turned off when I installed AVG but evidently it wasn't. But no harm so far. (I know you're not suppose to run two anti-virus but it was not intentional). Anyway, neither Norton nor AVG found any infected files either and I would expect Norton to find something before AVG does. But nothing. So it has got to be McAfee.

I just checked my post in McAfee forum. I posted in the wrong section but I still got a reply. There is a posted reply from a member, not McAfee itself. But this is a response I have received:

Apr 2, 2010 2:51 PM in response to: memgal
Re: Trojan in Spybot Search & Destroy??
This is a False Positive. We manage over 1700 systems via McAfee EPO. Have had about 15 systems report this sdshred.exe as being detected as that same trojan. This morning, I submitted the file to McAfee and am still waiting for a response. The problem still exists with todays DAT version 5939.

Microsoft Windows 2003 Standard SP2
EPO Server 4.0.0.1298 (Patch 5)
EPO Agent 4.0.0.1494 (Patch 3)
McAfee VirusScan 8.0i - Patch 15 - about 3 slower computers - starting to remove due to EOL on March 2010
McAfee VirusScan 8.5i - Patch 7/8 plus HotFix 458640 x over 300 systems
McAfee VirusScan 8.7i with Patch 2 x over 1200 systems & growing

This is the link in the post if anyone is interested: http://community.mcafee.com/message/122616

Somewhat of a confirmation at least.

[Marcr]

Add me to the list. McAfee 8.5i Enterprise started reporting SDShred.exe as a trojan. I have two other Windows machines, one running AVG the other running Microsoft Security Essentials. Neither of those complains about SDShred. McAfee DAT 5939.0000 (April 2, 2010) still "catches" the file.

This has to be a false positive.

[Tom.K]

From VirusTotal's analysis for Shredder, only Antiy-AVL detected "Virus/Win32.Daum.gen" (another false positive) while McAfee didn't found anything.

However, by some reason, McAfee is out-dated on VirusTotal (lastest definitions which was used in analysis was 3-31-2010, this is on all other online file scanners), while your definition date says lastest April 2, 2010.

Edit: Saw Eric38137's post and link (http://vil.nai.com/vil/content/v_262768.htm). It must be false positive.