Re: SPR/Madtol.C program
From: Kayman (Kayman_at_discussions.microsoft.com)
Date: 07/13/05
- Previous message: sfn: "Problem windows XP SP2 firewall FTP"
- In reply to: David H. Lipman: "Re: SPR/Madtol.C program"
- Next in thread: Kayman: "Re: SPR/Madtol.C program"
- Reply: Kayman: "Re: SPR/Madtol.C program"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 13 Jul 2005 02:21:03 -0700
Hi David:
Prior to downloading AV-CSL I definitely permitted my (Norton 2003) security
system to let pass AV-CSL (Trend, Sophos and McAfee) through the firewall.
Anyway, I deleted the McAfee folder, disabled my firewall and re-downloaded
McAfee. After reboot tried to scan without success, the same error message
popped up.
I then deleted the entire AV-CSL folder and started from scratch. I again
disabled my firewall prior downloading and left it disabled during the entire
download operation. (This time I downloaded McAfee first, Trend second and
Sophos third).
I am able to perform scans with Trend and Sophos.
McAfee however produces the same old error message.
I downloaded Rootkitrevealer.exe. The scan result revealed that there were
no discrepancies found.
I accessed the virustotal website and send a message explaining my plight.
The message sent was identical to the one I sent to (you) the Discussion
Group. They responded that the (my) original message had no attachment.
I am at a loss here. I really don't know which attachment I could have send
to virustotal. The only evidence I have is the warning sign generated by
AntiVir. I guess I somehow could send them a screen print??
Thanks again for your patience.
With best regards,
"David H. Lipman" wrote:
> From: "Kayman" <Kayman@discussions.microsoft.com>
>
> | Hi David:
> | Here are the scan results:-
> | 1. TREND (F8 % clean boot):
> | 33303 files read, 33303 files checked, 29440 files scanned, 39817 files
> | scanned (incl. files in archived), 0 files containing viruses, found 0
> | viruses totally, maybe 0 viruses totally; scan time 24 min. 46 sec.
> | 1a. TREND (normal mode):
> | 33205 files read, 33205 files checked, 29891 files scanned, 38760 files
> | scanned (incl. files archives), 0 fileas containing viruses, found 0 viruses
> | totally, mayby 0 viruses totally; scan time 17 min. 37 sec.
> |
> | 2. SOPHOS (F8 & clean boot):
> | 40199 files swept in 1 hour 27 min. 11 sec., 56 errors encountered,
> | noviruses discovered, 46 encrypted files were not checked; ending Spohos
> | anti-Virus.
> | 2a. SOPHOS (normal mode):
> | 40119 files swept in 59 min. 41 sec., 59 errors encountered, no viruses were
> | discivered, 46 encrypted files were not checked; ending Sophos Anti-Virus.
> |
> | 3. MCAFEE (both in F8 & clean boot and notmal mode):
> | Unable to perform scans. When hitting #3 in the AV Command Line Scanner Menu
> | the following message appears:
> | c:\AV-CLS\McAfee\update.ini not opened foe read, error code [0]
> |
> | David, should I delete the McAfee folder and try to downlowd one more time?
> |
> | For you information, after scanning with Trend and Sophos, I clicked on to
> | Spyware Doctor and the AntiVir Warning sign popped up again indicating that
> | the SPR/Madtol.C program is still present, the number has changed to MC2104.
> |
> | With best regards,
> |
>
> The error message...
> "update.ini not opened foe read, error code [0]" idicates that the FTP.EXE program was
> unable to access the McAfee FTP site and downnload the needed files. The UPDATE.INI is
> parsed for the verion information of the McAfee files. Without it the utility does not what
> is the name of the Mcafee SuperDAT.
>
> Usually this error is caused by the FireWall blocking FTP.EXE from getting to the site.
> Either the FireWall needs to be disabled or FTP.EXE needs to be allowed to go through the
> FireWall.
>
> Since both Trend and Sophos come up clean... It could be well hidden andf only revealed via
> RotKit Revealer
> http://www.sysinternals.com/utilities/rootkitrevealer.html
>
>
> There is also a possibility that this is a False Positive declaration.
>
> There must be SOME file that is being flagged as having this.
>
> Please submit the suspect file to Virus Total --
> http://www.virustotal.com/flash/index_en.html
> The submission will then be tested against several different AV vendor's scanners.
>
> Another way to submit is to send the suspect file to the following email address
> scan<at>virustotal.com
> { replace <at> with @ } with only the word SCAN as the subject.
>
> Please post back the EXACT results.
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
- Previous message: sfn: "Problem windows XP SP2 firewall FTP"
- In reply to: David H. Lipman: "Re: SPR/Madtol.C program"
- Next in thread: Kayman: "Re: SPR/Madtol.C program"
- Reply: Kayman: "Re: SPR/Madtol.C program"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
