Possible Trojan horse re

autobyke · Post by **autobyke** » 02 Feb 2006 17:01

Hi folks,
I have had gedcom census on my pc for a while now and it has workred ok.I use McAfee virus protection and firewall.
This morning out of the blue, McAfee put up a message to say that it had found a trojan in Gedcomcensus .exe and that it had deleted the said file.
Has anyone else had experience of this? Is there really a trojan or is McAfee being too sensitive....Regards...Autobyke

ID:1325

Post by **NickWalker** » 02 Feb 2006 18:16

Well there certainly isn't any kind of virus or trojan in the Gedcom Census that you originally downloaded if it was from this site (which is the only place it should be available). If there is one in it now then it has somehow become infected since it has been on your PC. Check the modify date on Gedcom Census to see if it has changed recently. My guess is that McAfee is reporting a 'false positive'

Post by **NickWalker** » 02 Feb 2006 18:17

I wonder if the title of this forum post should be changed. I would hate people to read it as though it is a headline reporting a fact and be put off using Gedcom Census.

[Edit:Title was later changed so thanks for that]

autobyke · Post by **autobyke** » 02 Feb 2006 20:06

Nick, thanks for your prompt reply. I have had no problems at all up to now. Can you explain about 'false positive' so that I can take take corrective action.
I appreciate the vast amount of work and effort you have put in to develop such an excellent programme.
I would be only too happy to rename the topic. (though I'm not sure if I do that or is it to be done by someone in Admin).
I sense my message may have caused you some discomfort or offence, it was never my intention to do this. If I have unintentionally done so, I unreservedly appologise.
As an enthusiastic 'layman' with computers, the message I received was rather frightening and I posted my query to try and determine what action I should take to continue using the programme...Best Regards...Autobyke

Post by **NickWalker** » 02 Feb 2006 21:31

No offence caused, I understand completely your concern, it was just the forum title I felt could be misleading.

Sorry for the jargon: False positive refers to the anti-virus software wrongly thinking a file has a virus in it. Anti-virus has to look at a file and in a small fraction of a second compare it to the signatures of tens of thousands of viruses. Some combination of the binary code in the gedcomcensus.exe may have a similarity to part of a trojan and McAfee wrongly diagnosed it. Presumably this must be a recent virus or it would have made the same mistake in the past. I've not has this reported by anyone else so far. If you 'right-click' on the gedcomcensus.exe file that it refers to and look at the modify date, if it is very recent it might suggest it has somehow become infected by a virus on your computer.

Elizabeth · Post by **Elizabeth** » 02 Feb 2006 23:10

I use McAfee and to date it has found no virus or trojan in the Gedcom Census.
Elizabeth

YouTube · Post by **Jane** » 03 Feb 2006 09:50

Autobyke,
Could I suggest downloading Gedcom census again and installing it again.

You can then see if McAffee takes objection again. If it does perhaps you could send it over to McAfee reporting a possible misdiagnosis.

David_Herrick · Post by **David_Herrick** » 03 Feb 2006 15:54

Just to say that I had this problem yesterday when I ran a virus check immediately after updating the definition file on McAfee VirusScan. Unfortunately I'm not entirely certain which release of GedcomCensus I had, but looking at the release pages I think it wasn't the most recent release but the one before last. I have yet to try reinstallingGC and running the virus check again.

Dave

TimM · Post by **TimM** » 03 Feb 2006 16:01

I also had my McAfee virus programme report a trojan, and it deleted Gedcomcensus.exe yesterday, quite out of the blue.
It must be the first time I have had McAfee report a virus. (I'm not in the habit of acquiring viruses!) So, like Autobyke, I was somewhat surprised by this.
I thought it was unlikely that Nick's file would have come with a virus.
There was an update to my McAfee DAT files yesterday which probably targeted something in Gedcomcensus.exe.
My McAfee privacy service is now telling me that there is a problem, and to either restore a backup or uninstall. No backup, so I have uninstalled. But now I cant find my CDs or the downloaded updates. Their website doesnt help much either!! The saga goes on..

Tim

Post by **NickWalker** » 03 Feb 2006 20:15

It seems that this has happened to other people before. Apparently one software developer sued them for £50,000 a year or so ago because it wrongly reported a virus in his software.

Now there's an idea

It would be useful to know which version of the GedcomCensus.exe is getting the false positives.

Post by **NickWalker** » 03 Feb 2006 21:28

Using the McAfee website=based virus scanner I can confirm that it is wrongly reporting an earlier version of Gedcom Census (4.0.7 and only this version I think) as having a virus 'Startpage-fq'. This virus has been known about since March last year but an update for the virus signature was released on the 1st Feb 2006, which is why the problem has suddenly appeared.

I have sent the file to McAfee to look at and hope they will fix the problem and send me an apology

I suggest users of McAfee should download the most recent version of Gedcom Census (4.2.1) off this website.

autobyke · Post by **autobyke** » 04 Feb 2006 19:45

Hi folks, I have done as Jane suggested, I uninstalled Gedcom census then downloaded it again. Everything seems OK as yet. Sorry Nick, ,I cannot tell you which version I had as McAfee deleted one file then I uninstalled the rest.
Thanks for your help Jane and Nick...Best regard...Autobyke

Family Historian User Group