You are here

My McAfee found two trojans in ClamWin?

12 posts / 0 new
Last post
biker_bob
Offline
Last seen: 12 years 5 months ago
Joined: 2010-01-05 17:58
My McAfee found two trojans in ClamWin?

As above really, can anyone tell me if they have had this problem?

Tim Clark
Tim Clark's picture
Offline
Last seen: 11 years 2 months ago
Joined: 2006-06-18 13:55
Much more information is

Much more information is needed.

What happens and when?

Often I have found that McAfee will find a problem in a file that CWP is SCANNING, not with CWP itself.

Does CWP still launch?
Does the "event" occur after CWP has been scanning for a while?
If you scan CWP directly with McAfee [while CWP is NOT running] does anything happen.

Are the files detected by McAfee in a /tmp type directory?

What def version are you using for McAfee [5851.000 or something like that]?

If your situation is like what I have described [CWP itself is found to be clean by McAfee] the situation is harmless. It just means that McAfee is suspicious of a file that CWP has just unpacked to scan. I have never been able to determine if CWP ever gets a chance to scan the file itself. It is therefore hard to determine if CWP would have found a problem too. I have on occasion tracked down the files in question and scanned them separately and neither CWP or McAfee has found a problem in them.

This is NOT to say that the files in question are safe in your situation if they are not actually CWP files themselves. That is a judgment call.

Please read this comment:
https://portableapps.com/node/19645#comment-121299

Again if you could look at the questions I have asked above and give us more information it would help.

Tim

Things have got to get better, they can't get worse, or can they?

biker_bob
Offline
Last seen: 12 years 5 months ago
Joined: 2010-01-05 17:58
Sorry im a bit vague, im very

Sorry im a bit vague, im very much a beginner at all this!

It happened when CWP was scanning its own folder, CWP didn't find anything but McAfee found and quarantined two Trojans?

Thanks for your reply!

Edit: Also Mcafee does not find anything when I scan CWP?

Tim Clark
Tim Clark's picture
Offline
Last seen: 11 years 2 months ago
Joined: 2006-06-18 13:55
If McAfee is not finding

If McAfee is not finding anything on a direct scan of CWP then it is likely that CWP clean.

McAfee should have told you where it found the trojans, was it in a tmp/temp dir?

I am trying a scan with both now, will report back soon.

[edit]
I found the same thing:
C:\Documents and Settings\tim\Local Settings\temp\clamav-cff7d631b850c285647ddfdfdb36a39f.00000e08.clamtmp

was the location.
It appears that McAfee is having a question about a file being unpacked by CWP at least using my current defs, i will try an update.

At this point, just to assure you, it is highly unlikely there is an actual virus

Tim

Things have got to get better, they can't get worse, or can they?

biker_bob
Offline
Last seen: 12 years 5 months ago
Joined: 2010-01-05 17:58
Thanks for keeping me

Thanks for keeping me posted

While we are on the anti virus subject, my McAfee anti virus is going to run out soon (I got it free with my laptop). Can you recommend a free anti virus program that is up to the job or even a way to get McAfee free or cheaper?

Cheers, Bobby

Tim Clark
Tim Clark's picture
Offline
Last seen: 11 years 2 months ago
Joined: 2006-06-18 13:55
Test Complete with new defs

No change, There is not easy way to deal with this however.

As McAfee is not finding a problem in CWP when it does it's scan of CWP there is no file to report to McAfee to check.

My way of dealing with this is to know that I downloaded CWP from a clean source and that McAfee is always running and found no problem in it's files or updates. If I run a memory scan or scan other files there is not problem, so it is not CWP itself.

Excluding CWP from McAfee scans won't likly work because the problem is occurring in a temp directory which changes it's name each time it's created, and I would never recommend excluding temp directories from scans even if I could.

I'm not sure how likely it is to get McAfee or any other product vendor, to test their defs against another av product while it is running to track down the problem, they would have to do it with each release.

It comes down to a judgment call for you.
Trust that it is a false positive and ignore it
Don't scan the CWP directory [though this problem can still occur when other files are scanned]
Don't use CWP

Sorry I can't give better/easier feedback.

As far as another product, I don't know what to say. I have used McAfee since I first started using computers [decades ago, I'm old] and swear by it.

[At All: Do not start a AV bashing session, to each their own]

When It comes to my AV protection I am willing to pay for what I get, but I have the money to spend on it. There are other good products out there, some cost money some do not.

I know Avast has a version that is free for home use and I have used their portable version on a regular basis and find it to be good. I know that many folks recommend AVG which is also free, but I have never used it, I hear mixed reviews.

I'm sure others will chime in with their recommendations, I just request that a BASH McAfee/Norton/whoever session NOT be started

Tim

Things have got to get better, they can't get worse, or can they?

biker_bob
Offline
Last seen: 12 years 5 months ago
Joined: 2010-01-05 17:58
Thanks for your help, really

Thanks for your help, really appreciate it. If I could afford McAfee I would buy it as I think its great but I just cant Sad

Is there any reason I shouldn't download and run Avast and AVG at the same time?

Cheers, Bobby

Tim Clark
Tim Clark's picture
Offline
Last seen: 11 years 2 months ago
Joined: 2006-06-18 13:55
YES

You should never run two "Real Time" AV products at the same time.

The problem you are having now is a small example of what can occur if you run more than one at the same time all the time.

You are even more likely to have problems this way then running a real time scanner [McAfee/Norton/Avast/AVG] and an on demand scanner [CWP].

I highly recommend against this.

Tim

Things have got to get better, they can't get worse, or can they?

ZachHudock
ZachHudock's picture
Offline
Last seen: 4 years 5 months ago
Developer
Joined: 2006-12-06 18:07
Alternative Antivirus

Alternative Antivirus Apps

Avira AntiVir Free
Avast Home Edition
AVG Free
Microsoft Security Essentials (high detection rate, surprisingly good product)
Panda Cloud AV

http://www.downloadsquad.com/2009/10/24/six-free-antivirus-programs-made...

http://www.downloadsquad.com/2009/02/23/9-free-antivirus-programs-for-wi...

The developer formerly known as ZGitRDun8705

spg SCOTT
spg SCOTT's picture
Offline
Last seen: 10 years 1 day ago
Joined: 2008-08-26 14:11
My understanding:

McAfee is alerting on un-encrypted definitions in memory...this means that it is seeing what Clam compares files to, so this would cause issues...

I saw this a while ago with avast!, and it resulted in avast! changing something to make it work...
http://forum.avast.com/index.php?topic=47344.msg399322#msg399322

How do you exclude files in McAfee?
Can you exclude specific filetypes?

The solution posted by DavidR in the thread:
http://forum.avast.com/index.php?topic=45231

So if you could add: C:\*\clamav-*.clamtmp

This *should* exclude it...and prevent a whole in security

As for free AV, well you can guess what I use Wink Personally, I feel that it is down to yourself only to be honest, you really cannot know what an AV is like until you try it.

One thing I will say though, when you do choose which one, ensure that you don't leave yourself unprotected while switching, my usual take:

-Download the installer for the new AV (if it is avast! Don't choose the smaller 300KB online installer - Use the FULL one)
-Download the relevant removal tool (so McAfee's) from here:http://uninstallers.blogspot.com/ as many AVs will leave stuff behind and could mess with the install of a later one.
-Disconnect from the internet
-Uninstall old AV (with the use of the removal tool after using Add/Remvove)
-Install new AV
-Reconnect to the net.

“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

RMB Fixed
Offline
Last seen: 12 years 5 months ago
Joined: 2006-10-24 10:30
AV sucks big-time :

How do you like that, a malicious PDF and it's detected by
6 out of 40 AV's !!!!
http://isc.sans.org/diary.html?storyid=7867

And people actually BELIEVE what these idiotic AV-programs tell them ..
You download a app from it's original source (site), you check the MD5 or SHA1,
if they match it's clean, no matter what some stupid program tells you .

Don't surf from the admin-account, don't disable UAC, don't allow java-script,activeX and flash for untrusted (unknown) sites and don't blindly click everything you see that says download (and when you do download something have clamAV scan it) and you will be fine ..

No, I don't like AV-programs,
I believe they induce a false sense of security and thereby keeps the majority of users from learning how to practice "safe" computing . They also spread unnecessary fear and uncertainty with all the false positives .

Mir
Mir's picture
Offline
Last seen: 9 years 11 months ago
Joined: 2007-12-03 16:07
I am an admin on my computer

I am an admin on my computer and UAC blocked me from doing things i needed to do on a daily basis. UAC is a load of crock and only protects the ignorant people who have no qalms about opening or running everything that is seen dont or given to them. I consider UAC to be like a goat skin condom. it gives you the sense of protection but in reality it doesnt protect you from aids or even pregnancy (the pores on goatskin are just large enough).

Log in or register to post comments