McAfee w95/CTX False Positive

By Roger on March 11, 2006 8:30 PM | Permalink | Comments (1) | TrackBacks (0)

McAfee had a major false positive on Friday that effected a lot of applications.

I've see reports that effected aplications include:
Microsoft Excel 2000
Macromedia Flash Player 7
Oracle J-Initiator Client
Oracle Client Applications
Borland Database Engine Drivers
Sun Java Runtime Environment v2
ADP Payroll Applications
CA UniCenter Applications
ProComm Plus
And Many More...

McAfee is reporting the most common false positives are:
usersid.exe Windows XP file
imjpinst.exe Windows XP file
ecenter.exe Dell file
ntfstype.exe Utility
adobeupdatemanager.exe Adobe Update Manager
gtb2k1033.exe Google Toolbar Installer
43gcjvgahnu44.ths Macromedia Flash Player 7.0 r19
excel.exe Microsoft Excel
graph.exe Microsoft Excel

If the files are in quarantine, you can restore them after updating to a later virus definition. If you've let McAfee delete them, you need system restore or backups.

0 TrackBacks

Listed below are links to blogs that reference this entry: McAfee w95/CTX False Positive.

TrackBack URL for this entry: http://www.infosecblog.org/mt-tb20071121.pl/126

1 Comments

Austin Mann said:

This hurt.
Our secondary action was 'delete' not quarantine, b/c quarantine popped up windows for us and users and wore out the help desk.
Today - we paid the price, we're manually reinstalling Excel, Java run time 1.4.2 across our entire county & we will for the rest of the week.

NAI ran fine for us for four years but they act like it never happened.
Corporate Lawyers have surely gagged them.

This absolutely sucks.

March 13, 2006 5:44 PM