[WT-support] FW: 3534400 - False Positive report since March 22 DAT
release
Paul Cassel
paul at ve3sy.com
Mon May 7 01:52:09 CEST 2007
I just submitted the wt.exe file to McAfee and received the following reply.
Hopefully they will add an exception as it is a real nuisance having to
restore wt.exe after every McAfee Virus Scan.
Paul VE3SY
> -----Original Message-----
> From: Virus Research [mailto:Virus_Research at avertlabs.com]
> Sent: Sunday, May 06, 2007 7:15 PM
> To: 'Paul Cassel'
> Subject: 3534400 - False Positive report since March 22 DAT release
>
> AVERT Labs - Beaverton
>
> Current Scan Engine Version:5100.0194
>
> Current DAT Version:5024.0000
>
> Thank you for your submission.
>
>
> Analysis ID: 3534400
>
> File Name Findings Detection
> Type Extra
> --------------------|------------------------------|----------------------
> --
> ----|------------|-----
> wt.exe |heuristic detection |new malware.bj
> |Trojan |no
>
> heuristic detection [wt.exe]
>
>
> The file received may contain a potential virus or trojan threat
> identified
> heuristically. This potential threat was identified with our most powerful
> set of
> heuristic DAT drivers. Heuristic drivers can cause false-positive
> identifications, as
> such, this issue is being escalated to Avert Labs for a thorough review.
>
>
> In the meantime, it is recommended that you update your DAT and engine
> files
> and scan
> your computer again. You will be contacted through e-mail with the results
> of our
> analysis.
>
>
> To find detailed information about viruses and other malware, please
> review
> AVERT's
> Virus Information Library:
>
>
> http://vil.mcafeesecurity.com
>
>
> In order to get the fastest possible response, you may wish to submit
> future
>
> virus-samples to:
>
>
> https://www.webimmune.net/default.asp
>
>
> In most cases it can respond almost instantly with a solution. This may
> also
> be the
> best option if you are having a problem with gateway scanners stripping
> your
> sample
> submission.
>
>
> If you believe your computer is infected, but are unsure which files
> should
> be
> submitted to AVERT for review, please visit:
>
>
> http://vil.mcafeesecurity.com/vil/submit-sample.aspx
>
>
> For other virus-related information, please review the AVERT homepage at:
>
>
> http://www.mcafee.com/us/threat_center/default.asp
>
>
> Support -
>
>
> Virus Research accepts file-samples for analysis and possible inclusion
> into
> AV
> signature DAT sets. We are also prepared to answer general virus
> questions.
> All
> product-related questions and comments can be addressed through technical
> support and
> customer service, including:
>
>
> * Product installation and update questions
>
> * Product usage questions
>
> * Specific operating system/version questions
>
> * Assistance with detection and cleaning or removal of viruses or trojans
>
>
> Use the following link to update your DAT and scan engine to the most
> current version:
>
> http://www.mcafee.com/apps/downloads/security_updates/dat.asp
>
>
> Use the following links to reach online technical support for McAfee
> products -
>
> Corporate Customers:
>
>
> http://www.mcafeesecurity.com/us/support/
>
>
> Single User/Retail Customers:
>
>
> http://www.mcafeehelp.com
>
>
> Note -
>
>
> Due to the prevalence of network gateway AV products, it is important that
> all
> submissions be zipped and the zip file password-protected (password -
> infected). Some
> products will reject an email that contains a virus that is not sent in
> this
> way. In
> addition, often we receive a file that appears not to have been infected,
> to
> find
> later that the file was infected when it left the sender, and was cleaned
> somewhere
> along the line.
>
>
> Regards,
>
>
>
>
> McAfee AVERT tm
>
> A division of McAfee, Inc
More information about the Support
mailing list