Trojan in Spybot?
- Thread starter Eric38137
- Start date
I sent the file to Virustotal and Jotti and here are the results:
http://www.virustotal.com/es/analis...265e13a5d624887fb1ef189d89b2b31860-1270242057
http://virusscan.jotti.org/es/scanr...4b87/6413131f98fe7ee9b1c84ca2e056ab420d09105f
In Virustotal it seems that another antivirus like Antiy-AVL 2.0.3.7 reported SDShred.exe as positive (Virus/Win32.Daum.gen). Surprisingly McAfee din't say anything. Could you explain?
Jotti said the file in entirely safe. I'll be expecting the McAffe answer too.
Regards
kudo
http://www.virustotal.com/es/analis...265e13a5d624887fb1ef189d89b2b31860-1270242057
http://virusscan.jotti.org/es/scanr...4b87/6413131f98fe7ee9b1c84ca2e056ab420d09105f
In Virustotal it seems that another antivirus like Antiy-AVL 2.0.3.7 reported SDShred.exe as positive (Virus/Win32.Daum.gen). Surprisingly McAfee din't say anything. Could you explain?
Jotti said the file in entirely safe. I'll be expecting the McAffe answer too.
Regards
kudo
It's in System Volume Information folder because System Restore made a checkpoint with backup files which included Shredder in which makes that file in System Volume Information folder a false positive, too. There're some posts saying that trojan was detected in System Volume Information folder.
VirusTotal still didn't updated McAfee after 4 days...
VirusTotal still didn't updated McAfee after 4 days...
Goblinizer
New member
AVg does not appear to have this problem, so it might only be McAffee. Could use some further investigation though.
Why can't I laugh about this joke?Is this McAfee's idea of an April Fools joke
Goblinizer
New member
April Fool's Joke? . . . That's some sick humor
Hi,
I checked a reply I had in the McAfee Community and this user posted this reply:
"It appears that this issue has been fixed with DAT 5940.
Logged into work and rescanned the quarantined file SDSHRED
on my system. It reported that it was clean which allowed me to reatore it.
The bad thing is that I have yet to receive any email response
from McAfee. When I initially submitted the false positve they
gave me a case number. This is another failing on McAfee since
we have a gold support account with them. Anyhow, at least it
is fixed about 2 days after it was detected."
I restored my file this morning and it has not been detected. Yet.
That's really bad that McAfee wouldn't answer them, even at least with a "checking on it" answer. Their Community site kept crashing the browser on another computer this weekend. That's really strange. (no it wasn't infected with anything.) I too submitted the file to VirusTotal on Sat. and McAfee still had a 3/31 date. Wow.
Mega Tornaconto:
I found all of the quarantine, send file to McAfee, etc., settings this morning that you mentioned to me earlier. It is buried deep into the McAfee program. This is the first I've had McAfee on any computer I've used so I'm still learning it. Came with their computer so I have not much choice.
Everyone have a great day.
I checked a reply I had in the McAfee Community and this user posted this reply:
"It appears that this issue has been fixed with DAT 5940.
Logged into work and rescanned the quarantined file SDSHRED
on my system. It reported that it was clean which allowed me to reatore it.
The bad thing is that I have yet to receive any email response
from McAfee. When I initially submitted the false positve they
gave me a case number. This is another failing on McAfee since
we have a gold support account with them. Anyhow, at least it
is fixed about 2 days after it was detected."
I restored my file this morning and it has not been detected. Yet.
That's really bad that McAfee wouldn't answer them, even at least with a "checking on it" answer. Their Community site kept crashing the browser on another computer this weekend. That's really strange. (no it wasn't infected with anything.) I too submitted the file to VirusTotal on Sat. and McAfee still had a 3/31 date. Wow.Mega Tornaconto:
I found all of the quarantine, send file to McAfee, etc., settings this morning that you mentioned to me earlier. It is buried deep into the McAfee program. This is the first I've had McAfee on any computer I've used so I'm still learning it. Came with their computer so I have not much choice.
Everyone have a great day.
Mega Tornaconto
New member
Still waiting from Mcafee........
hello everybody,
still nothing received by mail about the "infected" files sent wednsday, so this morning I ask by phone to the telephone support; they said I have still to wait cause during these days they were on holidays (!!!) and so noone at laboratories could have a look at any files sent (no comment). Mcafee is astonishingly slow in this, Spybot's forum is really faster! Anyway I'm curious to see how many time they take to solve the problem although when the renewal of their license is near, they take my money one month first (and with no holidays problems).
Live long and prosper
hello everybody,
still nothing received by mail about the "infected" files sent wednsday, so this morning I ask by phone to the telephone support; they said I have still to wait cause during these days they were on holidays (!!!) and so noone at laboratories could have a look at any files sent (no comment). Mcafee is astonishingly slow in this, Spybot's forum is really faster! Anyway I'm curious to see how many time they take to solve the problem although when the renewal of their license is near, they take my money one month first (and with no holidays problems).
Live long and prosper
Mega Tornaconto
New member
To Eric: reinstalling shredder
Hi, Eric
I'm happy You at last found the quarantine window; if you have time, have a look as there're many other useful function "buried deep into the McAfee program".
Anyway, when this morning I talked with telephonic technical support about the possibility of taking back the files from the quarantine, they said me that "it could not work as first!!!":bomb:, so, in the case I have to erase it cause it doesn't work I'd like to know how you reload it on your system (reinstalling all Spybot or adding Shredder in some other ways).
Thanks for your attention
Live long and prosper
Hi, Eric
I'm happy You at last found the quarantine window; if you have time, have a look as there're many other useful function "buried deep into the McAfee program".
Anyway, when this morning I talked with telephonic technical support about the possibility of taking back the files from the quarantine, they said me that "it could not work as first!!!":bomb:, so, in the case I have to erase it cause it doesn't work I'd like to know how you reload it on your system (reinstalling all Spybot or adding Shredder in some other ways).
Thanks for your attention
Live long and prosper
spybotsandra
New member
Hello,
With it's latest virus definitions (5939, 2-Apr-2010) McAfee detects the SDShred.exe of Spybot Search & Destroy as Generic.dx!qln (Trojan).
This is a false positive from McAfee that has already been fixed.
Please search for new updates (5940, 3-Apr-2010) for your McAfee version.
In case McAfee has deleted any of our files, to get Spybot - Search & Destroy back, please uninstall according to this guide.
Then download a fresh copy of Spybot-S&D 1.6.2. here.
P.S.: Sorry for the late response, but our office was closed for the easter holidays.
Best regards
Sandra
Team Spybot
With it's latest virus definitions (5939, 2-Apr-2010) McAfee detects the SDShred.exe of Spybot Search & Destroy as Generic.dx!qln (Trojan).
This is a false positive from McAfee that has already been fixed.
Please search for new updates (5940, 3-Apr-2010) for your McAfee version.
In case McAfee has deleted any of our files, to get Spybot - Search & Destroy back, please uninstall according to this guide.
Then download a fresh copy of Spybot-S&D 1.6.2. here.
P.S.: Sorry for the late response, but our office was closed for the easter holidays.
Best regards
Sandra
Team Spybot
Mega Tornaconto
New member
Hi Sandra,
thanks for the response: effectly the problem begun with the 5938 DAT files. This morning was downoladed the 5942 version, so it ought to be all right. I hope I can recond the file from quarantine, otherwise I'll follow Your indications about uninstalling and then reinstall it again.
Have a good day
Live long and prosper
thanks for the response: effectly the problem begun with the 5938 DAT files. This morning was downoladed the 5942 version, so it ought to be all right. I hope I can recond the file from quarantine, otherwise I'll follow Your indications about uninstalling and then reinstall it again.
Have a good day
Live long and prosper
To Mega
Hi Mega,
I don't know what McAfee meant by that but I just used the "Restore" in McAfee and it put it back where it was, in C:\Program Files\Spybot-Search & Destroy\SDShred.exe (Vista). My computer did not :bomb:. Do you think McAfee just does not like Spybot:tease: Before I tried the restore I did copy the SDShred.exe file out of Spybot from my other computer and put it on disk and was going to copy it into Spybot on this computer instead of reinstalling it. Its a standalone program so it should work. But then I found the restore setting.
Spybotsandra gave you the links to uninstall and reinstall if need be. But the restore should work fine. In my right-click menu I have Scan with Malwarebytes, Spybot and McAfee for individual files. So after I restored it, just to be on the safe side, I scanned with each one and the file is just fine. Then just scanned my whole system. All is well.
I have DAT 5942 from 4/5/10 and still so far no infections. I did finally get a response from McAfee in their community yesterday but that was links to how to submit a file and two other links for something else, I forgot what they were now. So they aren't actually telling you anything but to submit the file.
At least its fixed now and glad its over. Everyone have a great day.:beerbeerb:
Hi Mega,
I don't know what McAfee meant by that but I just used the "Restore" in McAfee and it put it back where it was, in C:\Program Files\Spybot-Search & Destroy\SDShred.exe (Vista). My computer did not :bomb:. Do you think McAfee just does not like Spybot:tease: Before I tried the restore I did copy the SDShred.exe file out of Spybot from my other computer and put it on disk and was going to copy it into Spybot on this computer instead of reinstalling it. Its a standalone program so it should work. But then I found the restore setting.
Spybotsandra gave you the links to uninstall and reinstall if need be. But the restore should work fine. In my right-click menu I have Scan with Malwarebytes, Spybot and McAfee for individual files. So after I restored it, just to be on the safe side
, I scanned with each one and the file is just fine. Then just scanned my whole system. All is well.I have DAT 5942 from 4/5/10 and still so far no infections. I did finally get a response from McAfee in their community yesterday but that was links to how to submit a file and two other links for something else, I forgot what they were now. So they aren't actually telling you anything but to submit the file.
At least its fixed now and glad its over. Everyone have a great day.:beerbeerb:
Mega Tornaconto
New member
Succesfully restored
Eric, thanks for Your time.
I restored succesfully SHREDDER, at it likes to be all OK.
It seems like a joke as Mcafee tech support said "yes, you can try to restore, but maybe it will not work properly (WHY???) and your system could become unstable".
I restored it and it works. No trouble. Bah!!
Anyway still no payment new from Mcafee on my mail: but instead a free new directly from Sandra on my personal mail. That's incredible: not only Sandra found time to write on this forum but also wrote me personally. And it's all free: Spybot it's really another world.
Thank You all at Spybot for Your continuous work.
(May You) live long and prosper
Eric, thanks for Your time.
I restored succesfully SHREDDER, at it likes to be all OK.
It seems like a joke as Mcafee tech support said "yes, you can try to restore, but maybe it will not work properly (WHY???) and your system could become unstable".
I restored it and it works. No trouble. Bah!!
Anyway still no payment new from Mcafee on my mail: but instead a free new directly from Sandra on my personal mail. That's incredible: not only Sandra found time to write on this forum but also wrote me personally. And it's all free: Spybot it's really another world.
Thank You all at Spybot for Your continuous work.
(May You) live long and prosper