McAfee: ZeroAccess false positive?

[Jimmy9190]

One of our IT guys at work last week sent me an email saying IT had received notification of a virus on my work laptop. IT said to stop using my laptop until they had time to look at it. We have Mcafee virus enterprise at work. IT put part of the notice from Mcafee in the email they sent me last week, it said "threat name zeroaccess-feq!6d4f5e55d491 threat handled:true". There was some other data on their report too like my ip address and laptop ID and other info.

IT scanned my laptop today and found no virus, no zeroaccess or any other rootkits or malware at all. Laptop is clean and has never had any malware. Is it possible Mcafee found a false positive or some other weird variant of zeroaccess or is this just a case of Macafee being a substandard AV program? I am just wondering what might have triggered the virus alert..

 

[Rand]

what did you scan it with. its an advanced rootkit

I would try safe mode scans with

eset online scanner

and something designed to remove that threat.

 

[Jimmy9190]

I did not scan it. IT guy scanned it with MBAM Pro on a USB stick. I don't know if it was in safe mode, nor do I know if he used any other removal/scanner tools. He just told me there was no virus found after he was done. Our IT guy is not very talkative and will not give you much info about what he does.

 

[Rand]

mbam misses stuff.

start in safe mode

http://www.eset.com/int/home/products/online-scanner/

go there run that.

 

[Jimmy9190]

It's my work laptop. I am not allowed to run MBAM or any other program, also not allowed to download anything, even legit program updates. IT has to do all of that. I have to take his word that he found no malware on my laptop today.

 

[Rand]

ah, then I wouldnt worry about it. Your IT dept is probably very good.

 

[JC1]

Originally Posted By: Jimmy9190
It's my work laptop. I am not allowed to run MBAM or any other program, also not allowed to download anything, even legit program updates. IT has to do all of that. I have to take his word that he found no malware on my laptop today.


Jimmy,

I have the same issue at my work. Laptops are locked up tighter than a drum. You can't change any settings, download anything and they have misc bloatware hogging up resources. They found s threat so let them deal with it. Are you able to use the USB ports on your work pc to install a thumbdrive? If so, just make sure your home pc isn't infected.


Originally Posted By: Rand
ah, then I wouldnt worry about it. Your IT dept is probably very good.


I work in IT as well, but on the programming side. The guys that do the network/PC work are a mix of some ok people, 50% mediocre and some that you don't want touching your machine, cause you know they are going to botch it. They are just doing what they are told by their corporate policy. IMO, the larger the company, the less equipped they are to try using other virus software to ensure the virus is properly removed. The are reactive and not proactive.

Regards, JC.

 

[Jimmy9190]

Well I believe I won't hear anything else about it. IT said there is no virus so no one will worry about it. If IT had found a virus or rootkit or other malware on the laptop, I probably still would not hear much else other than IT saying they had cleaned the laptop. Our computers are all locked down tight too, I can not download or run any programs. They use MacAfee Virus Enterprise where I work and to me this is just one more shining example of how bad MacAfee really is. I am glad to be running ESET NOD32 here at home.

 

[daman]

Boy being "smart" IT personnel one would think they would know there's better protection out there then Mcjunk.