Hello,
Tonight I update SD and my McAfee antivirus blocked the update of "Keylogger Guard Component" with detection of Trojan BackDoor-AWQ...
FP by their part,surely, but could you do something???
Regards,
Jérôme.

Hi,

Its probably best to contact McAfee directly since this is a fault on their side.

Cheers,
Chippa

I just starting this too. It must have come from a McAfee update.

BackDoor-AWQ (Trojan)
C:\Program Files\Spyware Doctor\klg.dat


There's no point in contacting McAfee, they list Spyware Doctor as an incompatible product (see my previous post).


CHIPPA - Unfortunately, you are probably going to be told by people here that you should just get rid of McAfee. I didn't want to take this route.


I like Spyware Doctor but it's becoming impossible to keep it. Now that I am getting this trojan error, I'm about to give up.
:(

I just starting this too. It must have come from a McAfee update.

BackDoor-AWQ (Trojan)
C:\Program Files\Spyware Doctor\klg.dat


There's no point in contacting McAfee, they list Spyware Doctor as an incompatible product (see my previous post).


CHIPPA - Unfortunately, you are probably going to be told by people here that you should just get rid of McAfee. I didn't want to take this route.


I like Spyware Doctor but it's becoming impossible to keep it. Now that I am getting this trojan error, I'm about to give up.
:(

I wonder if this would happen with Behavior Guard installed? Since BG has better Keylogger detection wouldn't it be worth a try?

You would rather keep McAfee's bloatware and get rid of Spyware Doctor PaulQ?

You would rather keep McAfee's bloatware and get rid of Spyware Doctor PaulQ?


I know a lot of people disagree but I paid for 2 more years of McAfee. I know that doesn't make it better per se but I did do some research last week and McAfee is rated higher than PC Tools for AV protection. I have seen no particularly slow down with it. It's been fine. Of course, I did tweak it a bit.

Admittedly, there are clearly better AV programs. It looks like Symantec and Bit Defender lead the pack. Symantec is expensive!

All this talk is pushing me toward dumping McAfee Security Suite and switching to my employer provided McAfee Enterprise AV. For some reason, it doesn't seem to have a problem with SD. Then get a freeware firewall... blah blah. Ugh.

======================


Oh, and regarding the Behavior Guard. I don't have it installed. In the previous discusson on this topic, we discovered FILE GUARD (only SD v6) was a big problem with McAfee. It's disabled now. Now it looks like the plain old keylogger is a problem. You could set McAfee to ignore the keylogger but this is getting kinda crazy.

Hello,
I already had an old conflict experience with SD and McAfee but I don't remember what...
Here are my emails with McAfee:
Of course the first one is at the end...
Jerome/McAfee and responses:

Hello,
how do you wand I send you a sample as this update of Spyware Doctor is blocked by MaAfee?
I do not know wich kind of file I have to send? I have no file infected and the scan is perfectly clean with last DAT 5361!
The only way would be to disable McAfee to allow this Spyware Doctor update but I don't want to do that!
I it just a conflict beetwen you and Spyware Doctor and on thei forun link you can see I am not alone!
http://www.pctools.com/forum/showthread.php?t=53240
Regards,
Jérôme
----- Original Message -----
From: "Virus Research" <Virus_Research@avertlabs.com>

Sent: Friday, August 15, 2008 1:32 AM
Subject: RE: problem with Spyware Doctor by PC tools and McAfee


Dear Jérôme,

Unfortunately, we are unable to investigate this issue further without the file(s) being detected submitted to us for analysis.

Virus Research accepts file-samples for analysis and possible inclusion into AV signature DAT sets. We are also prepared to answer general virus questions.

All product-related questions and comments can be addressed through technical support and customer service, including:

* Product installation and update questions
* Product usage questions
* Specific operating system/version questions
* Assistance with detection and cleaning or removal of viruses or trojans

Use the following link to reach online technical support for McAfee products.

Corporate Customers:
https://support.mcafee.com

Single User/Retail Customers:
http://service.mcafee.com/default.aspx

Regards,

Brant Yaeger
Virus Research Analyst
McAfee® Avert® Labs
A division of McAfee, Inc.
--------------------------
McAfee® Avert® Labs Blog <http://www.avertlabs.com/research/blog/>
AudioParasitics - The Official PodCast of McAfee® Avert® Labs <http://podcasts.mcafee.com/audioparasitics>
--------------------------
Safe online? Avoid dangerous web sites using McAfee SiteAdvisor(tm) - a FREE download from http://www.siteadvisor.com?cid=27092. Don't search or surf without it!


-----Original Message-----

Sent: Thursday, August 14, 2008 4:28 PM
To: Virus Research
Subject: Re: problem with Spyware Doctor by PC tools and McAfee

Hello,
and thank you for your quick answer.
The only problem is that when I want to run an update of Spyware Doctor by PC tools, which is wellknown, McAfee in real time blocks this update of "Keylogger Guard Coponent" with a notice telling that trojan Backdoor-AWB has been suppressed.
It is in:
C:\ Program Files\Spyware Doctor\~tmp\~... with different numbers... if I run several updates...
Processus C:\Program Files\Spyware Doctor\update.exe Description of processus: PC Tools Smart Update

So I have no file to send for analysis.

My computer works perfectly well.
I cannot send you any report as McAfee does not deserve to edit one!!!
I have run a complete scan with DAT 5361 (the last one) which is perfectly clean.
My idea is: could you have a contact soon with Pc tools developpers to fix this problem. Waiting your solution, I will not run this update of Spyware Doctor, and only take Database updates.
It will be very kind of you:
1. to find the solution,
2. to send me an email to tell me how to behave with this problem as you follow this case.
Thank you an regards,... and sorry for my poor english!
Jérôme
----- Original Message -----
From: "Virus Research" <Virus_Research@avertlabs.com>

Sent: Friday, August 15, 2008 12:17 AM
Subject: RE: problem with Spyware Doctor by PC tools and McAfee


Dear Jérôme,

In order for us to research this question, please send us a sample for analysis, in a password-protected ZIP file (password - infected). You can find detailed instructions for how to do this at <http://vil.mcafeesecurity.com/vil/submit-sample.aspx>

If you have a system where you can do a test scan, you may first wish to try
our beta DailyDATs to get the latest detection available. You can find
this on our web-site at:
<http://vil.mcafeesecurity.com/vil/averttools.aspx>

Please include a description of the symptoms your system is experiencing, and any pertinent information about what AV Products you are using including company, version number (engine/dat numbers for McAfee Products) and results of the scan.

Note -

Due to the prevalence of network gateway AV products it is important that all submissions be zipped and the zip file password protected (password - infected). Some products will reject an email that contains a virus that is not sent in this way. In addition, often we receive a file that appears not to have been infected, to find later that the file was infected when it left the sender, and was cleaned somewhere along the line.

For additional information, our Virus Information Library page can be found at <http://vil.mcafeesecurity.com/vil/default.aspx>

All product-related questions and comments can be addressed through technical support and customer service, including:

* Product installation and update questions
* Product usage questions
* Specific operating system/version questions
* Assistance with detection and cleaning or removal of viruses or trojans

Use the following link to reach online technical support for McAfee products.

Corporate Customers:
https://support.mcafee.com

Single User/Retail Customers:
http://service.mcafee.com/default.aspx

Regards,

Brant Yaeger
Virus Research Analyst
McAfee® Avert® Labs
A division of McAfee, Inc.
--------------------------
McAfee® Avert® Labs Blog <http://www.avertlabs.com/research/blog/>
AudioParasitics - The Official PodCast of McAfee® Avert® Labs <http://podcasts.mcafee.com/audioparasitics>
--------------------------
Safe online? Avoid dangerous web sites using McAfee SiteAdvisor(tm) - a FREE download from http://www.siteadvisor.com?cid=27092. Don't search or surf without it!

________________________________


Sent: Thursday, August 14, 2008 2:31 PM
To: Virus Research
Subject: problem with Spyware Doctor by PC tools and McAfee


Hello,
I am a user of McAfee suite with virus scan 12.1 edition 12.1.11. motor 5200.2160 DAT 5361 I use also Spyware Doctor by PC Tools and untill today without any problem of incompatibility between the 2 softwares.
Today I have an update on Spyware Doctor of "Keylogger Guard Component"
wich is immediately detected by McAfee as trojan "BackDoor-AWQ"
I think it is a false positive...
Could you do something ?
I have already post on their forum (Pc Tools) to signale this point.
http://www.pctools.com/forum/showthread.php?t=53240
Regards,
Jérôme

Here we are!!
Jerome

Just one more information: I have run smart update of Database and I am now with database 5.10490 with 929.755 intelli-signatures and all this WITHOUT any problem by McAfee.
But I did not take the detected update.
A question to PC Tools: is there a problem to wait for this update? Does this will affect SD way to work?
Jérôme.

I just starting this too. It must have come from a McAfee update.

BackDoor-AWQ (Trojan)
C:\Program Files\Spyware Doctor\klg.dat


There's no point in contacting McAfee, they list Spyware Doctor as an incompatible product (see my previous post).


CHIPPA - Unfortunately, you are probably going to be told by people here that you should just get rid of McAfee. I didn't want to take this route.


I like Spyware Doctor but it's becoming impossible to keep it. Now that I am getting this trojan error, I'm about to give up.
:(

Yes you should contact Mcafee as they need to update there software to fix this false postitive,

I pretty much gotton the samething when i was using Spyware Terminator. and Spyware terminator support fixed it the next day with a new update in there software. And this happen to me on both computers i have having both Spyware doctor and Spyware terminator installed on both computers so i knew it was false plus a member in the spyware terminator forum also gotton the same message.

Hello,
good news for those who have the same problem I had:
After a lot of emails with McAfee they send me an extra.DAT which solved this false detection and I have been able to update "Keylogger Guard Component".
They have been quite quickly reactive on this case!
And SD + McAfee is a possible association!
I think that for everybody this will be fixed with DAT 5363 (5362 is not enough without their extra DAT).
So no worry, wait for a next McAfee update and then you will be able to update SD. But for me the problem is solved.
Regards,
Jérôme

Hello,
good news for those who have the same problem I had:
After a lot of emails with McAfee they send me an extra.DAT which solved this false detection and I have been able to update "Keylogger Guard Component".
They have been quite quickly reactive on this case!
And SD + McAfee is a possible association!
I think that for everybody this will be fixed with DAT 5363 (5362 is not enough without their extra DAT).
So no worry, wait for a next McAfee update and then you will be able to update SD. But for me the problem is solved.
Regards,
Jérôme

Hello Jérôme!

Would it be possible to attach the fixed DAT file? I am having the same problem, and it is a relief to see that it is just a false positive.

Thank you very much!

I have tried but for an attachement here it is an "invalid file" extension.
Even in private message it is not allowed. And that seems normal for eachone could send a corrupted file...
So I think you have to wait for next update 5363 probably on monday.
Sorry,
Jérôme.

I'm having a somewhat similar problem I've updated to SD 6 having tried to install it several times I always end up with a message C:\Program Files\Spyware Doctor\klg.dat is missing unable to move file. I do have McAfee total protection I choose to ignore this "missing file" and finally the install finishes runs smart update but will not install the key logger guard - I did however find a work around finally to installing this I temporarily disabled my McAfee and tried again.

Hello,
you had the same problem I have discribed upper. For me, because I had a long emails conversations with McAfee, they have sent me an extra DAT (and I could do the keylogger update of SD) which will be included in next virus scan update (5363 maybe tonight or tomorrow morning according where you stay and the local time).
In fact ,to take my part in the discussion SD/McAfee, the error has been done by McAfee but when I have contacted them, the false detection has been quickly fixed and they appologize several times in the emails. So it seems not necessary, according to me, to write angry words here about them!
Regards,
Jérôme