Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

McAfee Identifies all rkill derivatives as trojans


  • Please log in to reply
2 replies to this topic

#1 llama2200

llama2200

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 10 June 2011 - 12:08 AM

Shortly after downloading a new version of File Shredder for my computer, McAfee identified all of my stored derivatives of rkill as trojans and quarantined/deleted them. Subsequent attempts to download rkill from this site were listed as "failed".

Conducted full scan on Malwarebytes, Hitman Pro 3.5, but everything came up clean. Not sure if McAfee suddenly got cranky about rkill, or if there's something hiding out on the computer. Please note that I use Windows 7.

Help would be appreciated!

BC AdBot (Login to Remove)

 


#2 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:02:45 PM

Posted 10 June 2011 - 12:35 AM

It's actually not uncommon for anti-malware scanners to flag many of the tools used to disinfect computers. This is due to the fact that in order to undo what the malware has done the repair tool has to make changes to many of the same files and settings that the malware does. This means that the detection signatures for tools like rkill will be very similar to the detection signatures for malicious programs. Usually, this false positives will be corrected in the next signature updates.

As you can see at this report, several anti-virus scanners identify the latest version of rkill as malicious whereas the majority do not. While this does not prove that rkill is benign or malicious it does illustrate the point that no scanner is 100% accurate.

#3 llama2200

llama2200
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 10 June 2011 - 12:38 AM

Thank you very much for the info!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users