Member Panel

Rod-O-Matic

Greetings.

My AV (McAfee) just found a virus located in 'HijackThis.exe' located under the 'Program Files' folder.? The virus's name is 'W32/Generic.worm!p2p.'? Checked with McAfee and it iwas added on 5/30/2003 (a p2pWorm).? To clean it McAfee removed the offending executable file.? I then went to my backup copy of the downloaded Zip file.? I unzipped it and before I could move it to the 'Program Files' location McAfee discovered it again and cleaned/removed it, leaving the original zip file.

I then went to the 'Merijn' web site and downloade 3 copies of 'HijackThis.zip', one from each download site.? I then unzipped all 4 (my original being #4) in seperate folders.? Ran McAfee on all 4 executables and no virus was found.

I seldom get a virus, (must be the clean living), so I have very little experience dealing with them and very little understanding of how this one functions.

With that said, I have a question for anyone who might have an answer.

Is this a normal situation, that is to say; a virus was found in the 'HijackThis.exe' file and was cleaned/removed by an AV program.? The zip file, containing only the 'exe', also had the virus inside (?) it.? When unzipped a second time the virus was not there.? Is this a common occurance/situation ?

You opinion is wanted.

Thanks Guys

Rod-O-Matic

merlin

No its a false positive with the new hijack this

McAfee is at is again, unfortunately. Yes, I am aware of the fact that McAfee detects HijackThis 1.99.1 as a generic worm. For the fourth time. Yes, I am aware of the fact that McAfee detects the StartupList standalone as an mhtml exploit webpage. This makes respectively the fifth and sixth time McAfee has mistakenly detected one of my programs as some brand of virus. And I'm getting pretty tired of this. Am I supposed to email each and every new version of a program I publish to McAfee so they can verify that UPX compression does not automatically equal a scary virus??

joe5

I have made this a sticky and edited youre title Rod-O-Matic , hope you don't mind. :-)

Rod-O-Matic

Merlin.?
Cool new avatar!

This is where I apologise for rushing to conclusions and posting a question that had already been answered.? I know that the 'Quote' you quoted is from the 'Merijn' web site.? I did read that one but failed to read farther down where he referred to the same worm by name.? ?:oops

?:banghead:

Feb. 16,2005 [Update 1] It seems McAfee is detecting the new HijackThis version as W32/Generic.worm!p2p. It is not the first time this happened and probably not the last time either. There is no virus in HijackThis. McAfee incorrectly detects the PE compression method I use on all of my programs as a generic Kazaa worm. I will try to contact McAfee about this and see if the incorrect detection can be removed in their next update.
[Update 2] Success! McAfee has put out new definitions that no longer detect HijackThis 1.99.1 as a virus. ^_^

I just purchased McAfee VirusScan 9 2005 (for free, with rebates) and the 'detected virus' was after installation of the new version.? I guess VirusScan had to choke on it once.

Sorry

Rod-O-Matic

p.s.
Love the addition of the 'spell checker', I know I need it...thanks

Rod-O-Matic

Joe5.

I do not mind at all.? If other people read this and do not make the same mistake that I did (see previous posts) then all is well.? HijackThis is a great program and does not need to be maligned by me or anyone else.

McAfee should be embarrassed and sent to the corner for a 'time out' or until the light comes on? ::idea::.?

?I doubt either will happen!

I might write to them just to see what they have to say.

Later
Rod-O-Matic

Hengis

Humility is a very honorable quality Rod & I agree about McAfee

Thanks for your comments.

Member Panel

Sponsors and Ads

Join the Team

Live Tag Cloud