Re: Fwd: ATTN: McAfee DAT 4715 problem - deleting .exe files

[Mark Wilson <wilsodm () AUBURN EDU>]

More info:
A  problem has been uncovered with McAfee AV and DAT 4715.  Immediate
attention is required.

This is what we know:

1) DAT file 4715 is bad.  It finds false positives for the W95/CTX
virus in a number of OS and 3rd party files.  The problem is when the
system is scanned, .exe files will be deleted.  Examples include but are
not limited to:

usersid.exe - Windows XP file
imjpinst.exe - Windows XP file
ecenter.exe - Dell file
ntfstype.exe - Utility
adobeupdatemanager.exe - Adobe Update Manager
gtb2k1033.exe - Google Toolbar Installer
43gcjvgahnu44.ths - Macromedia Flash Player 7.0 r19
excel.exe - Microsoft Excel
graph.exe - Microsoft Excel

2) If your machine has DAT file 4716 on it, then future scans should be
okay, but it's still important to check your scan log to see if your
machine ran a scan with 4715, and to see if any files were deleted.  If
files were deleted, they will need to be restored.

3) An EPO process has been started to push 4716 out to all machines on
campus.  This seems to have gone fairly quickly, but it won't touch home
machines, and even if a machine has 4716 on it, there is the possibility
that a scan of the machine has already taken place using 4715.
Users/Administrators should check their scan log.

4) There doesn't appear to be a way to keep scans from happening
through EPO or AD.


> > > wilsodm () auburn edu 3/11/2006 8:04:39 AM >>>
We have just uncovered a problem with McAfee DAT 4715. Apparently,
when
a system is scanned, .exe files are deleted.  It appears to be 3rd
party
software and no O/S files, but we are not certain. Servers and
Desktops
may be affected.

It is advisable that you check your systems ASAP for DAT 4715 and
update to DAT 4716 IMMEDIATELY.  If systems have already been scanned
with 4715, there could be .exe files deleted.

This is all we know at the moment.


Mark Wilson
GCIA, CISSP #53153
Network Security Specialist
Auburn University
(334) 844-9347