McAfee VirusScan Alert!

Submitted by ionreflex on October 26, 2007 - 4:49pm

Today's virus definition file (5150) for McAfee VirusScan detect registry.dll as a "Generic StartPage.r" when I start Thunderbird Portable 2.0.0.6; I'm pretty sure it's a false detect, I'll submit the case to McAfee and keep everyone posted here...

NB : I might forget, so if someone faster than me has info, please feel free to update this thread.

( categories:

Thunderbird Portable

)

http://portableapps.com/suppo

John Bentley - October 26, 2007 - 4:50pm

http://portableapps.com/support

aka MISIIM
What is worship without hard rock!

Thanks

Tim Clark - October 26, 2007 - 10:25pm

Thanks for the heads up.

I generally assume that a virus alert for an "offical" pa release is a false positive [not necessarily for anything else I've found here]

I will launch FFP and TBP before updating VirusScan.
If I get an alert after updating I'll choose to ignore it.

Thanks again for the heads up.

Tim

{EDIT: in checking my On Access scan settings I'm not seeing a setting for "let me choose what to do [e.g. ignore] so I am going to exclude "registry.dll" from scanning, since I don't know for sure if FFP will be able to run properly if the dll in question is deleted or quarantined }

"The wheels of John grind Slowly, But they grind Exceedingly Small" ;-)

Nothing

Ryan McCue (Homepage) - October 27, 2007 - 8:24pm

registry.dll is only a temporary file and will be recreated next time you run FFP. Delete at your will.

Warum, warum, ist die Bananae krumm?

I think he is asking what

rab040ma - October 27, 2007 - 9:50pm

I think he is asking what might happen if the AV deletes the DLL before the launcher has a chance to use it.

The laws and Constitution are designed to survive, and remain in force, in extraordinary times. Liberty and security can be reconciled; and in our system they are reconciled within the framework of the law. (Boumediene et al v. Bush)

False positive indeed...

ionreflex - October 26, 2007 - 5:29pm

VirusTotal confirmed that McAfee detects a virus in Thunderbird Portable, so is Sunbelt! I've submitted the case to WebImmune...

(what was MISIIM input anyway ?)

ion][reflex
[reflexion]

On the support page it says

John Bentley - October 26, 2007 - 5:34pm

On the support page it says don't report false positives.

aka MISIIM
What is worship without hard rock!

Also getting Generic.startpage.r with McAfee

RS.RODES - October 27, 2007 - 9:40am

I get four or five popup warnings in a row. It says:

Detection: Generic.startpage.r
Action: File deleted
Object: Registry.dll
Location: C:\Document...\Nsb213.tmp

So let me see if I understand.

1) We are now getting this warning from McAfee because of new definitions from McAfee. IOW, it is McAfee that has changed rather than Thunderbird portable.

2) It is a false positive. There is nothing wrong with Registry.dll.

And a question:

Q1) What damage is this (file deletion) doing to the execuction of Thunderbird Portable?

TIA.

Peter

Same

Caehan - October 27, 2007 - 11:46am

I am getting the same false positive for Clamwin, Firefox, and Abiword.

...But the gift of God is eternal life through Christ. Romans 6:23

Me too

zkam - October 27, 2007 - 12:13pm

Also getting the same virus report when launching FFP. Tried disabling all addons, then moving my Profile (creating a new one), then doing clean install. None of these steps made a difference.