More on mc21.tmp and mc22.tmp

A lot of people are coming to this site looking for help for Symantec Antivirus Backdoor.Graybird detections on mc21.tmp or mc22.tmp. My post on my experience last Friday has been picked up by Google. Unfortunately they are linking to my main page instead of the article itself and that post is about to fall off the front page. (To be fair, blogsearch.google.com does have the correct link).
I have continued to see a few new detections of this at work. I need to check if those systems are up-to-date on their virus definitions. If they do have defs where this false positive is supposedly fixed, then there is still an issue.
By popular demand, I’m posting the email Symantec sent out last week. It is my belief that this information is considered public and not under any NDA. In other words Symantec please do not sue.
—–Original Message—–
> From: [email protected] [mailto:[email protected]]
> Sent: Friday, September 16, 2005 4:49 PM
> To: Me
> Subject: Unscheduled LiveUpdate definitions to be published in response to a FP
>
>
>
> Symantec Security Response will post LiveUpdate virus definitions today, September 16, 2005.
>
> This posting is to correct a false positive with Backdoor.Graybird detections.
>
> An additional message will be sent approximately 30 minutes before the LiveUpdate virus definitions are available for download.
>
>
> ———-
> For additional information, visit our website at
> http://securityresponse.symantec.com