threat - query

Discussion in 'other anti-virus software' started by C.S.J, Jun 14, 2008.

Thread Status:
Not open for further replies.
  1. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    hello,

    need to pick someones brains.

    my antibot has changed its configuration from 199 > 201, so im guessing there was an update somewhere.

    today, it popped up automatically with a threat.

    ....related to McAfee?

    im on my new-latest laptop here, and the only Mcafee this machine has ever had, is from all the pre-installed stuff that was installed on it, which im supposed to have removed, and with Your Uninstaller! 2008.

    ive never had any pop ups till now,




    but is mcafee still phoning home on my machine? o_O


    Untitled.jpg

    Untitled2.jpg

    Untitled3.jpg
     
  2. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello C.S.J,

    Provided that the file in question(MCUPDATE.EXE) checks out as clean by Dr.Web, VirSCAN(http://www.virscan.org/) or VirusTotal(http://www.virustotal.com/), chances are good that this is a false positve on NAB's part. Assuming that this is the case, all you need to do is restore this file from quarantine, report this fp to (support [at] sanasecurity [dot] com);(*Note: Include the checksum of MCUPDATE.EXE) and permanently delete it if you so choose. Hope this helps.


    Peace & Gratitude,

    CogitoErgoSum
     
    Last edited: Jun 14, 2008
  3. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    I don't know what that thing does, but I've had cases when that file remained after the uninstallation of McAfee in some machines (I think the machines had viruscan enterprise 2004). However, since it is related to McAfee, I think it won't harm removing it.
     
  4. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    yep, i have no problem removing it.

    i just think its a little cheeky to leave an update file that phones home on my machine.

    if not for antibot, i wouldn't have known about this unwanted process.
     
  5. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    Chris,

    I use NIS 2008 at times, my question is how "light" is Anti-Bot on your machine as say compared to Prevx?
     
  6. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    i dont notice either of them on my machine, whenever ive used them.

    AB is very light.
     
  7. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    I'll give AB a try.
     
  8. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Shouldn't your software firewall have noticed this?
    ellison
     
  9. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    probably, if i used one :)
     
  10. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Ahh i see.....How has antibot performed for you?.I noticed its licensed technology from sana however their version is about 3 times the price that symantec is selling it for (for UK buyers anyway).Have you had any problems with it?.I dont like threatfire so im looking for something like this thats more stable.
    ellison
     
  11. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    its fine,

    i own many types of those kinda programs, and i think they are all great.

    so really, cant do much comparing.
     
  12. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Good to hear.....Will antibot continue to function if licence isnt renewed?.I know you woulnt get upgrades but i guess the current version would still work fine?
    ellison
     
  13. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    no idea, but i highly doubt it.

    im guessing it would be greyed out (tray icon) with a highlighted message saying protection has expired.
     
  14. vtn54

    vtn54 Registered Member

    Joined:
    Jan 23, 2006
    Posts:
    13
  15. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    so MC stands for Media Center? :D
    But in some machines (xp) it was mcafee's update. This could also be verified by the mcafee icon appearing sometimes in the taskbar, which would disappear immediately if the mouse would hover on it.o_O
     
  16. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    To make it even lighter, check the monitored programs with non-green rating squares. Google around when you trust them, manually allow them.

    Regards Kees
     
  17. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    The retail version of McAfee used to leave mcupdate_some_random_digits.exe in startup. I'm not sure about the latest versions. But the file name always had some random numbers. Its the same trick used by antirootkit programs to avoid directed attacks from rootkits. :D
     
  18. computer geek

    computer geek Registered Member

    Joined:
    Oct 6, 2007
    Posts:
    776
    Probs a false positive, remember antibot is heuristic detection.
     
  19. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    For what it's worth, I have seen other McAfee products (firewall) leave pieces of itself behind after an uninstall, and actually leave drivers loaded with reg entries and so on, so I would not be surprised that the AV left stuff behind also.
     
Loading...
Thread Status:
Not open for further replies.