¨*·.¸ «.·°·..·°·.» ¸.·*¨
I was cleaning up a friend's computer today and tried to download HijackThis.
McAfee AV was running and it instantly deleted HijackThis claiming that it was a worm.
Sorry I did not copy down the exact species but I tried many times from different sources and the treatment was always the same.
Was just wondering if this is a known issue between HijackThis and McAfee?
I have no doubt that I can recreate the error if you'd like to see the specific worm ID.
Thanks for your time.
You guys are great!
Senior Member (Canada)
I have never heard or seen that. It is more plausible that some malware kicked in to attack or neutralize HJT and McAfee then got involved.McAfee AV was running and it instantly deleted HijackThis claiming that it was a worm.
In some cases, it may be necessary to download HJT to another PC and give it a completely different name (such as scan.exe or test.exe) that would not then be attacked by some program specifically designed to look for common names associated with that program.
¨*·.¸ «.·°·..·°·.» ¸.·*¨
Thanks for the reply and tip.
I will try this on my next house-call.
¨*·.¸ «.·°·..·°·.» ¸.·*¨
Interesting coincidence (this is not the local person I was helping):
http://www.d-a-l.com/help/showthread...657#post114657
Anyway I have HijackThis on CD and will try it on my next visit.
¨*·.¸ «.·°·..·°·.» ¸.·*¨
I found this:
http://www.merijn.org/May 22, 2005:
McAfee is at is again, unfortunately. Yes, I am aware of the fact that McAfee detects HijackThis 1.99.1 as a generic worm. For the fourth time. Yes, I am aware of the fact that McAfee detects the StartupList standalone as an mhtml exploit webpage. This makes respectively the fifth and sixth time McAfee has mistakenly detected one of my programs as some brand of virus. And I'm getting pretty tired of this. Am I supposed to email each and every new version of a program I publish to McAfee so they can verify that UPX compression does not automatically equal a scary virus??
Senior Member (Canada)
http://www.siteadvisor.com/sites/merijn.org
SA does not appear to have any CURRENT specific issues with that site (at the moment) even though, as we speak, there is a current BOX link showing a red to a security forum, CEXX. If you click the CEXX box you can find some confusion (in the finer details) for that site:
Although rated GREEN overall, it notes certain suspect downloads and has this easily missed notification:Two (2) of their key products (SA and AV) continue to create serious public relations and credibility problems which can be very confusing to end-users. Overall, 'Sitehound' is probably a better product because its browser addin alerts to bad sites BEFORE one can enter such sites. The SA tool may be more incomplete in this regard but probably more comprehensive in scope and attempted coverage.Security-related site
This is a security-related site that may link, as part of its analysis, to red sites.
