Trojan in Spybot?

E

Eric38137

New member
This computer has McAfee Internet Security on it. After Spybot finished a scheduled scan today, and before I closed the interface, McAfee updated. When I closed the McAfee update finished notification, it popped up a window saying it removed an infection. I then closed Spybot. The McAfee alert closed right away so I had to open the McAfee program and find the log to see what all it said. It listed a real-time scan:

Generic.dxlqin(Trojan)
Status: Repaired(removed)
File: C:\Program Files\Spybot-Search & Destroy\SDShred.exe
Process: C:\Windows\system32\werfault.exe
Process description: Windows Problem Reporting

I searched McAfee virus information/database for this trojan and it could not find it. It showed zero results. Can you possibly give me some insight if this was a false positive or did Spybot actually catch a trojan? I cannot find the Shredder in Spybot using the interface or through Windows Explorer and looking at the Program Files directory. Have you removed this tool or is it gone now because McAfee removed it? I know it used to be there. :confused:

thanks.

Windows Vista Home Basic SP2 IE8
 
Same problem here!

I too received a virus notification regarding this file while using McAfee VirusScan Ent + AntiSpyware 8.5i
Scan Eng (32bit) 5400.1158
DAT Version: 5938.0000
DAT Created on: April 1, 2010
Buffer Overflow and Access Protection DAT Version: 493

The application was: \windows\explorer.exe
 
Just happened to me too. I updated Spybot and did a minor Windows software update. Upon reboot McAfee immediately identified sdshred.exe as containing trojan Generic.dx!gln and deleted it. I checked the program files and Spybot and there's no sign of SDShred. Maybe this is McAfee's idea of an April Fool's joke?
 
Same thing here..booooo

I have the same Mcafee specs as yours rjr7665 and just got the same notice about sdshred.exe and it was deleted by virusscan. Not sure when exactly, but it happened after I logged off at work , so in the last 4 hours or so.
 
me to

McAfee sometimes loses it`s mind i suppose. yesterday i also got an old version of Ccleaner (227) flagged by McAfee, crazy. McAfee should straiten this kind of mess out. Not much Spybot SD can do about this i assume.

i even cannot mark this shredder .exe as trusted by McAfee. I have a free version of McAfee with my internet provider, that is the only reason i`m using it. otherwise i would use NOD32 i guess.
 
Me Too

I'm getting this too - both my laptop and PC.

The laptop tells me the virus has been deleted.
The PC tells me the virus has been quarantined (i.e. not deleted).

Have not tried to use Spybot yet, didn't know if it was safe to do so.
 
False positive

Hi guys,
I think it's another false postive as the sdshred.exe refers to Spybot SHREDDER, that is a safe way to delete Your files from the hard drive deleting them writing on several 0 and 1 random data (such as PGP's WIPE.exe). My current version of Mcafee Total protection has put it in quarantine, saying its a generic trojan dx!gln. Well I dont' think so as I used sdshred.exe in the past and it never had problem. Anyway I sent the file to Mcafee and I'm waiting for their response. If You everybody don't need to delete Your file in a sure way, Spybot will work fine, although the file has been deleted. The only trouble is that the link under START/PROGRAMS/SPYBOT "FILE SHREDDER" will no longer work.
As soon as Mcafee will send the response, I'll post it hear.
Bye

Live long and prosper
 
Anyway I sent the file to Mcafee and I'm waiting for their response.
Click to expand...

Thanks Mega Tornaconto, I will be watching for that result. Your posting it would really be appreciated. I couldn't find a way to reach McAfee about this other than paid support, which I am not going to do being that it is their mess up....obviously.

This is just peachie. :devil: At least it wasn't a crucial file. I don't like McAfee anyhow and this subscription was just renewed. If this was my computer I'd cancel it anyhow.

Is there some way of getting Shredder back without reinstalling the whole program? That would not be worth it.
 
I got the same thing this morning and did a search for this problem and found this thread.

Looking forward to hearing what McAfee says.
 
getting Shredder back without reinstalling the whole program

Hi Eric,
I don't know if its possible or not. May be it could be an Spybot's add on and perhaps You can add it from the installation program: You can try to ask to the staff support. In any case just wait a while as soon as someone will tell if it's really a false positive.
Anyway it's not a critical file for the Spybot and, if I've understood, if You don't have the necessity to use it so far. So I think its better wait for some news. To contact Mcafee without paying: I've sent the file directly from the quarantine window but they need time, at times two or three days: as a registered user they will send me an answer by e-mail. Maybe You can try this way if You have a similar Mcafee product installed.
Bye

Live long and prosper
 
tashi said:
Me too. :)
Click to expand...

It's not funny, but that is funny....Me to.

I have just posted in McAfee Community also. I'll see what kind of response I get there. Should be interesting. I discovered the small "l" in the supposed trojan name is an exclamation mark: Generic.dx!qin--not like that's gonna make a difference.

I did a google search and the only place it showed up was here: http://vil.nai.com/vil/content/v_262768.htm and it just showed it was McAfee's and the definition date was 3/31/10.

Mega:
There was no quarantine window. Only the log after the notification window popped up then disappeared right away. There is no way of posting the file from the program that I can find, it removed it anyhow. This is McAfee Internet Security and I can find no way inside that program to submit it. Maybe there might be if it didn't remove it without asking me first. :mad: I can't even find a setting to let me know it found something and ask me first before it removes it. This program is awful. Thank goodness it was not a critical file, then I would be really upset.

We'll see what they say.
 
same same

I am having the same problems as all Windows7/Mcafee users'. This is a new Dell that I upated the McAfee and as of that update a flash alert from Mcafee appears to quickly to read and my shredder has disappeard from Spybot.
 
good news

Hello everybody:
first I was on work but I'm at home, now, and I've Norton 360 on my laptop. What a surprise: :D: I've also here Spybot installed but Norton 360 didn't found any "infected" file.
I launched sdshred.exe manually and it worked perfectly (it chopped away the files I wanted to delete). No trojan activity from firewall.
What does it mean? I think it could be a bug in the last Mcafee's DAT files.:confused: If Mcafee says "infected" and Norton don't say anything I can think about a false positive;)
All the guys in this post just talk about Mcafee, nobody with Norton meets problem: so or Norton is a junk or Mcafee is wrong.
(Jason Bourne use Norton Internet security on his laptop and he survived the trilogy.......):D:
Anyway ....still waiting for Mcafee's response and eventually an updated DAT file.
Have a good Eastern everybody

Live long e prosper
 
To Eric38137

What a pity. The version I have lets me to put the files or cookies in quarantine before deteleting them so well I can send them to Mcafee just right clicking on them. Its version 9 of the Internet Security or Total Protection. If You need a file shredder my version of Mcafee have also it installed under "manutenzione computer" ( I don't know how does it is named in english version). :confused:
Or You can also download a very good one by PGP corporation (pretty good privacy): its works well and it's free in lite version.:bigthumb:
Bye

Live long and prosper
 
good news

Hello everybody:
first I was on work but I'm at home, now, and I've Norton 360 on my laptop. What a surprise: :D: I've also here Spybot installed but Norton 360 didn't found any "infected" file.
I launched sdshred.exe manually and it worked perfectly (it chopped away the files I wanted to delete). No trojan activity from firewall.
What does it mean? I think it could be a bug in the last Mcafee's DAT files.:confused: If Mcafee says "infected" and Norton don't say anything I can think about a false positive;)
All the guys in this post just talk about Mcafee, nobody with Norton meets problem: so or Norton is a junk or Mcafee is wrong.
(Jason Bourne use Norton Internet security on his laptop and he survived the trilogy.......):D:
Anyway ....still waiting for Mcafee's response and eventually an updated DAT file.
Have a good Eastern everybody

Live long e prosper
 
This is my first ever forum posting.. here goes.
A scheduled scan by McAfee returned the following messages.
"Detection name: Generic.dx!gln(Trojan), Generic.dx!gln(Trojan)
File: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}
\RP723\A0294428.EXE" and the next item "Detection name: Generic.dx!gln(Trojan), Generic.dx!gln(Trojan)
File: c:\Program Files\Spybot - Search & Destroy\SDShred.exe" and finally
"Generic.dx!gln(Trojan), Generic.dx!gln(Trojan)
File: C:\Program Files\Spybot - Search & Destroy\SDShred.exe
Process: C:\Program Files\Secunia\PSI\psi.exe
Process description: Secunia PSI"

One difference to the other posts I have read is the mention of Secunia PSI which I use to help me keep programs up to date. I am running Windows XP, and McAfee provided as part of the BT Yahoo ISP service. I hope that this is useful to someone!

:thanks:
 
Mega Tornaconto said:
If Mcafee says "infected" and Norton don't say anything I can think about a false positive;)
Click to expand...

My sentiments exactly. I have free AVG on my XP at home. And it accidently has my old Norton realtime still running. I thought I had it turned off when I installed AVG but evidently it wasn't. But no harm so far. (I know you're not suppose to run two anti-virus but it was not intentional). Anyway, neither Norton nor AVG found any infected files either and I would expect Norton to find something before AVG does. But nothing. So it has got to be McAfee.:D:

I just checked my post in McAfee forum. I posted in the wrong section but I still got a reply. There is a posted reply from a member, not McAfee itself. But this is a response I have received:

Apr 2, 2010 2:51 PM in response to: memgal
Re: Trojan in Spybot Search & Destroy??
This is a False Positive. We manage over 1700 systems via McAfee EPO. Have had about 15 systems report this sdshred.exe as being detected as that same trojan. This morning, I submitted the file to McAfee and am still waiting for a response. The problem still exists with todays DAT version 5939.

Microsoft Windows 2003 Standard SP2
EPO Server 4.0.0.1298 (Patch 5)
EPO Agent 4.0.0.1494 (Patch 3)
McAfee VirusScan 8.0i - Patch 15 - about 3 slower computers - starting to remove due to EOL on March 2010
McAfee VirusScan 8.5i - Patch 7/8 plus HotFix 458640 x over 300 systems
McAfee VirusScan 8.7i with Patch 2 x over 1200 systems & growing

This is the link in the post if anyone is interested: http://community.mcafee.com/message/122616

Somewhat of a confirmation at least. ;)
 
Add me to the list. McAfee 8.5i Enterprise started reporting SDShred.exe as a trojan. I have two other Windows machines, one running AVG the other running Microsoft Security Essentials. Neither of those complains about SDShred. McAfee DAT 5939.0000 (April 2, 2010) still "catches" the file.

This has to be a false positive.
 
From VirusTotal's analysis for Shredder, only Antiy-AVL detected "Virus/Win32.Daum.gen" (another false positive) while McAfee didn't found anything.

However, by some reason, McAfee is out-dated on VirusTotal (lastest definitions which was used in analysis was 3-31-2010, this is on all other online file scanners), while your definition date says lastest April 2, 2010.

Edit: Saw Eric38137's post and link (http://vil.nai.com/vil/content/v_262768.htm). It must be false positive.
 
You must log in or register to reply here.
Back
Top