Excel = Virus … At Least to McAfee

63 comments to "Excel = Virus … At Least to McAfee"

1. Alan says:

   “False positives aren’t uncommon”? Are you kidding? This is an inexcusable error — basic testing should have caught this.

   March 11th, 2006 at 5:37 am

2. Michael Santo says:

   I agree with you there, and actually, rethinking it, I might have been a little “too kind” to them. I will reword the last paragraph.

   March 11th, 2006 at 6:31 am

3. jb says:

   Scary as hell. Good reason to stay away from McAfee.

   March 11th, 2006 at 6:46 am

4. jb says:

   While flagging Norton as spyware is sad, it does you no real damage. Removing/flagging OFFICE components does real damage to a business user.

   March 11th, 2006 at 6:48 am

5. Norm says:

   This “BAD” dat file deleted hundreds of thousands of executables on our network, took the entire business down. Excel was the least of our worries.

   Releasing a good dat file a few hours later was pointless, because it doesn’t put the exe’s back. This is not the end of this story, believe me.

   March 11th, 2006 at 12:36 pm

6. Andy says:

   This is the worst virus outbreak in the history of our company. It will be interesting to hear what the total estimated cost this virus caused.

   March 11th, 2006 at 2:19 pm

7. Andy says:

   The last statement was a little vague. The “virus” I’m refering to, is the .dat file.

   March 11th, 2006 at 4:32 pm

8. Tom says:

   Is this a record for the trojan with the most expensive licensing costs or do we count MS applications and OSes as trojans?

   March 11th, 2006 at 5:35 pm

9. Joe says:

   Wait till Monday. That’s when its really gonna hit the fan.

   March 11th, 2006 at 6:21 pm

10. Jack Lawton says:

    McAfee rep stated that “incorrect detection occurred only if the user ran a manual virus scan or during a scheduled scan, not during idle time or background scanning”. This was not the case for us. With On-Access scanning active we lost many executable files throughout our network.

    Monday the real extent of damage will be known. Especially since many organizations get their DAT updates once a day and most servers scan at night.

    I hope Network Associates has some good lawyers.

    March 11th, 2006 at 8:08 pm

11. texd says:

    Luckily, our settings were to ask before acting. I came back to the office around midnight last night (way home from a movie) to pick something up and saw the dialogue box asking what to do; I left it alone for later. This morning I found out about the error, went to the office and went around cancelling action and updating the DAT file. I can’t imagine what companies with automatic quarantine/delete settings are going through right now.

    Tex

    March 11th, 2006 at 9:15 pm

12. Jeff says:

    This bad dat quarantined more than excel. It quarantined random Dell Openmanage files, random compaq files, Brightstore Arcserve CA files, and it looks like their new dat still has not correct false positives in certain SWF files. Fortunately we have a brilliant programming team that were able to write us a script to restore the files to their original location! I think this story will have more teeth to it on Monday.

    Jeff

    March 12th, 2006 at 7:25 am

13. Bill says:

    Just another reason to avoid McAfee and Symantec. Want a good program? Use AVG. 1/3 the cost for corporate licenses and free to home users.

    March 12th, 2006 at 7:58 am

14. CBWFQ says:

    This DAT ripped apart directories on our Oracle servers. Check your databases before production starts!! Someone should be sued over this.

    March 12th, 2006 at 1:50 pm

15. Norm says:

    If you want a quick heads up of the major stuff we noticed.

    Excel.exe, graph9.exe, java.exe, javaw.exe

    The total was about 180 different exe and dll files. Anything running java got torn up.

    March 12th, 2006 at 5:57 pm

16. AJ says:

    my photoshop dll’s and exe’s got deleted, as did dll’s in the system32 folder, now i get that screen where it says to reinstall the dll, or windows wont function!!! grr. it also deleted wmrecorder, and premierpro2, as well as adobeupdate manager.

    March 12th, 2006 at 10:34 pm

17. RF says:

    To not have an enterprise method of restoring quarantined files is inexcusible - especially if this type of ‘false positive’ is expected quarterly (http://news.zdnet.com/2100-1009_22-6048709.html).

    To leave all business users to develop their own FIX for McAfee’s blunder, is atrocious! “Sorry - we know what the problem is, because we caused it… please enjoy defusing the timebomb we sent you.”

    As with others, thanks to some brilliant scripting from our technical team - we were able to recover 5500+ desktops and 200+ servers - with very few calls to our ServiceDesk.

    Thank God this happened over a weekend! During the week - this would have been devastating.

    March 13th, 2006 at 5:56 am

18. RonW says:

    I’ve thought that Excel was probably a virus or trojan for years, I think McAfee finally just started catching it. ; )

    March 13th, 2006 at 6:20 am

19. Khannez says:

    Why the negative attacks? Let’s give McAfee the time to respond properly and may they will offer something. Don’t be quick to judge and remember that we all make mistakes. The sad part is when we do not admit to them.

    March 13th, 2006 at 7:00 am

20. Privacy Digest: Privacy News (Civil Rights, Encryption, Free Speech, Cryptography) says:

    Slashdot | McAfee Anti-Virus Causes Widespread File Damage

    March 13th, 2006 at 7:03 am

21. Andy Z says:

    While they (McAfee) are certainly to blame for this problem, remember, they, like the other companies out there Grisoft, Norton, CA, and Webroot, are filling in the holes that exist in an Operating System that is first and formost, the REAL PROBLEM! It is WAY too easy to attack, compromise, and manipulate Microsoft products than it should be.
    Just another 2 cents.

    March 13th, 2006 at 7:26 am

22. Jim says:

    Can you say “class action lawsuit?” I’m sure that there are going to be plenty of lawyers looking into this and how to make money for themselves.

    March 13th, 2006 at 7:39 am

23. just me says:

    Given the choice, I much rather be dealing with a few lost exe’s then “important” data files n00bs I assist never back up… “What do you mean System Restore won’t bring back my kids Christmas Photo Desktop???!!!” I get screamed at ‘nuf for BS like that. This is actually a slow day. Come to think of it, McAfee has done me a great service… The n00bs can’t open any non-backed-up Excel files and delete half their data from them as long as Excel is missing! W00T!

    just me (the professional wise-ass)

    March 13th, 2006 at 8:15 am

24. RonM says:

    Class action lawsuit is right !

    Not just excel.exe is affected. I have several 3rd party apps that are not working now because of this. I have corrupt data because a dbsrvr.exe file was deleted while the db server was running. Even a re-install isn’t going to fix this, the db is now corrupted…FUBAR !

    I’m experiencing a SERIOUS LOSS OF PRODUCTIVITY in my organization !

    I discovered this, this Monday morning, my alert manager sent me hundreds of emails for vaious files that were deleted from my network.

    ANY amount of testing would have caught this problem before the DAT was released. THERE IS NO EXCUSE FOR THIS IGNORANCE !

    MCAFFEE SCREWED UP MAJOR !

    I’m switching to Trend Micro.

    March 13th, 2006 at 8:18 am

25. NoSleep says:

    McAfee lists this as low risk!!!

    March 13th, 2006 at 9:14 am

26. NoSleep says:

    This is worse damage than any virus my company has ever been infected with and we paid for it!!!

    Over 25,000 files deleted firm wide.

    March 13th, 2006 at 9:21 am

27. Tim says:

    I think this makes for a good case to NEVER, EVER allow AV apps to delete files on its own. Quarantine them. Usually (and you should check functionality, too) it is trivial to release files from a quarantine. Recovering deleted items? Not so easy. While McAfee surely made an oopsie that will not go unnoticed by many, intelligent systems design would suggest a bit more thought be placed into AV strategy next time around for those who are looking for their executables only to find them permanently deleted.

    March 13th, 2006 at 9:22 am

28. Dan says:

    I can’t believe the number of companies that don’t verify the downloads before distrubuting them to the company aa a whole. Every virus update in our company gets tested on a bank of machines. Prior to releasing them for downloads. We have installed our virus software to update from a local, in house server, to make sure that only the tested updates are distrubuted. All so to have everything automated and then not quarantining the files is asking for something like this to happen. I would not put that much faith in anyone’s software.

    March 13th, 2006 at 9:27 am

29. Tom Guilliam says:

    I am not sure that all McAffee products were effected, we run 8.0i Enterprise and saw none of the problems seen here. Our anti-virus only downloads once a day, and that is overnight, so the bad one had already been replaced when our server downloaded the dat. MCAfee 8.0i is the greatest peiece of software I have seen in a long time. It is not without flaws, it also removes TightVNC, but allows WinVNC, go figure. It deleted Tight VNC even when it was listed in the exceptions.

    March 13th, 2006 at 10:11 am

30. Mike says:

    In my opinion, McAfee isn’t doing themselves any favors by downplaying the impact or significance of these issues. The McAfee website only lists 9 files that were mistakenly quarantined/deleted by the 4715 DAT and they STILL haven’t made their rollback SuperDAT patch (CTX-UNDO.EXE) available to the general public. Those corporate customers that DID receive the rollback tool weren’t contacted until Sunday afternoon. THIS WAS ALMOST 48 HOURS from the time McAfee claims to have discovered the issue. Any system administrator who’s dealing with this problem is insulted by the fact that McAfee spokespeople continue to downplay the significance of these issues instead of owning up to their mistake and communicating the resolution. I can only speak for my organization to say that we will be giving McAfee’s competitors a long, hard look before investing further in the this product.

    March 13th, 2006 at 10:15 am

31. Stephen says:

    hahahah!

    One more reason to not use Windows.

    March 13th, 2006 at 10:41 am

32. Mike says:

    Stephen - You laugh, but this could have just as easily occurred with ANY operating system. The problem was caused by poor QA testing on McAfee’s part, and not a security whole in MS Windows. Like most of the others who’ve posted comments, we haven’t had a significant virus outbreak in a few years. In this case, McAfee DAT 4715 IS the virus.

    March 13th, 2006 at 11:23 am

33. Chris says:

    We are looking at renewing our corporate antivirus and can safely say McAffee is scratched off our list now.

    March 13th, 2006 at 12:06 pm

34. Mark says:

    Actually, it *couldn’t* occur on just any operating system: I run ClamAV on my Linux system in its own user account, while all important applications are owned by the administrator, and data files are owned by the respective users. The most damage a malfunction (say, a dat file that identifies everything as viruses) could do is fill up the virus scan logfile and clear out /tmp.

    March 13th, 2006 at 12:10 pm

35. Greg says:

    While this is completely inexcusable - it could happen with any AV vendor. A few years ago Trend also had a similiar problem.

    March 13th, 2006 at 12:32 pm

36. Peter says:

    Its about time anti-virus developers identified, and removed, true malicious code, ie. Microsoft.

    March 13th, 2006 at 2:27 pm

37. yada says:

    “I can’t believe the number of companies that don’t verify the downloads before distrubuting them to the company as a whole.”

    I think it’s reasonable to expect DAT updates not to misbehave as grossly as this one. Some people are willing to take the risk that occaisional files will be misidentified, and quarantined. Noone ever expects a blunder of the scale of this one, and there is no sense in planning for it. Should I also test the foundations of my office block myself? No, I pay an engineer who is qualified to build a building, and I have a right to sue him if he proves to be incompetent. That is the basis of our modern civil society, for what little it’s worth. You want to throw that away and hand-develop everything yourself, go and live in Africa.

    March 13th, 2006 at 3:31 pm

38. yada says:

    or her .. it could be a lady engineer

    March 13th, 2006 at 3:33 pm

39. Brian says:

    Yes, it’s true that McAfee made a mistake, and its not very polite to state such negative things about them, but because of this error, companies(quite possibly all over the globe) were put at risk, and this risk could have cost thousand, maybe millions to those businesses. I believe that this event cannot go unpunished.

    March 13th, 2006 at 4:46 pm

40. Sean says:

    Quote “are filling in the holes that exist in an Operating System that is first and formost, the REAL PROBLEM! It is WAY too easy to attack, compromise, and manipulate Microsoft products than it should be.”

    Did you realize that this also effected systems running the Linux version of McAfee? Funny how people are quick to blame MS for another developers mishap.

    Here is the KB article on the issue: http://knowledgemap.nai.com/KanisaSupportSite/search.do?cmd=displayKC&docType=kc&externalId=KBkb47387xml&language=en_US

    March 13th, 2006 at 7:26 pm

41. Mac says:

    This is FUNNY REAL FuNnY

    NOW you know why I say

    McAfee is a virus

    I stopped using Mcafee when they stopped
    supporting version 4

    LOL somebody is finally waking up and smelling the roses..
    It is not joe smuck program that is saying is a virus..
    IT is the big dog that they are causing havoc with,,,,,,

    I was ROLMFAO at number 5 comment
    [quote]
    This “BAD” dat file deleted hundreds of thousands of executables on our network, took the entire business down. Excel was the least of our worries.

    Releasing a good dat file a few hours later was pointless, because it doesn’t put the exe’s back. This is not the end of this story, believe me[/quote]

    Believe me when I say I have seen the small issue with Mcafee
    that cause havoc and they never get fixed even when you try to communicate with mcafee.. they tell you that you are sick-’o’

    LOL ROLMFAO……. you get what you sooooooooow
    macfee you s**ck…………..

    March 14th, 2006 at 1:51 am

42. Mac says:

    if you ever wonder why you don’t see bad reviews about macfee
    is cause they used to have in there EZULA that they can sue you for bad comments…….. and I am wonder if Mcafee still has in there EZULA that if you bad mouth them or post bad comments about them they can sue you…….

    LOL I would love to see them sue the world users now……….

    March 14th, 2006 at 2:15 am

43. Betty says:

    New listing

    W32/Mcafee.c@MM

    March 14th, 2006 at 3:27 am

44. XGtcChkX says:

    Despite this ‘Minor *cough* error’, I’ll still stand by McAfee being a good Firewall/Anti-Virus Program. Yeah, Business lost files but they should have been backing up files on Differential or Incremental like any good Business Should have been doing. Also, what user in there right mind sets Virus Protection to Automatically Delete files?! It’s a program wrote by people meaning It’s not perfect.

    To those of you who hate McAfee and Are proud users of Norton, I’m sorry you guys are so dumb

    March 14th, 2006 at 8:23 am

45. Betty says:

    Then if we are all so DUMB please explain in detail how to get any Mcafee product to run correctly without causing havoc on any system I try to run it on…..

    Norton Systemworks premier 2005 is the only AV that will run on windows XP PRO SP2 VLK without any issues…………

    The many issue that I see when I run macfee goes away when I stop using Mcafee …… So what does that tell ya! there mate…….

    March 14th, 2006 at 11:59 am

46. XGtcChkX says:

    Explain in Detail? There’s really not much to it. Don’t mess up your system, quarantine before deleting, update it and there ya go. McAfee Removes and re-installs insanely easily unlike Symantic.

    You don’t know how much it made me laugh when That Microsoft Virus protection Beta recognized it as a Virus/Spyware. I’ve heard a few Rumors Norton’s put out virus’s just so you’ll buy there Anti-Removal stuff.
    When trying to get Norton off of you computer, Not only I, but quite a few people I know have had nothing but problems getting it off with out reformatting your whole system.

    The many Issues I see with Norton go away by editing the registry and striping it off of my system. One of those would be to many Unhidden ports =x

    March 14th, 2006 at 12:30 pm

47. Betty says:

    LOl norton removal is easy if you know what you are doing

    so the laugh is back on you there mate………

    Besides who would want to remove NORTON in the first place for……….

    March 14th, 2006 at 3:27 pm

48. XGtcChkX says:

    Trust me Betty, I’m pretty sure I know what I’m doing. I’m not the only one either. Removing Norton is an Idea in quite a few peoples mind. Norton is just not for me. I’m a gamer in my spare time so me constantly dealing with Port Forwarding from my Router only so Norton can go off and screw something else up isn’t my Idea of a good time. Norton makes me mad. Its almost as frustrating as iTunes haha.

    March 15th, 2006 at 8:58 am

49. ich says:

    I’m a computer consultant. I started treating McAfee as worse than useless about two months ago and I’ve been recommending to any of my customers that it should be replaced whenever I run across it.

    Back story:
    About March of 2005 I stopped recommending Norton because of the huge drain on system resources - installing Norton AV 2005 on a slightly aged system will just bring it to it’s knees. Because I needed to be able to recommend something I did a bunch of research and started recommending Kaspersky AV.

    Present day:
    I had a customer that was running McAfee and their subscription had run out 5 days before my visit. Keeping in line with my policy, I recommended Kaspersky. I uninstalled McAfee (current as of 5 days previously) and installed Kaspersky, ran a scan, and found 18 infected files that McAfee had ignored during multiple system scans. I related this story to another customer a couple days later and, being the paranoid person he was, he decided to unstall McAfee (still had a couple months on his subscription, so completely up to date) and install Kaspersky - 98 infected files were found!

    In my book, this makes McAfee worse than useless because you THINK you’re being protected.

    March 15th, 2006 at 9:14 am

50. XGtcChkX says:

    Ok… you win Ich

    March 15th, 2006 at 2:36 pm

51. ich says:

    But I don’t WANT to win - I just want a decent, dependable product that does what it’s supposed to without doing things it isn’t supposed to!!

    March 15th, 2006 at 4:03 pm

52. XGtcChkX says:

    Well to bad, you win.
    But alas, doesnt everyone want that?

    March 15th, 2006 at 4:45 pm

53. Robin Good's Latest News says:

    Infected By Anti-Virus: McAfee Triggers False Positives

    A faulty update of the popular McAfee antivirus definition file, distributed last week, cancelled numerous Microsoft Office files and also other applications on computers utilizing McAfee’s own antivirus solution. The error was due to the McAfee antiv…

    March 17th, 2006 at 2:10 am

54. Bharat Bhardwaj says:

    While i fully realise the disaster that mcafee’s non-sense caused to the people worldwide, i can’t imagine such a big blunder being committed by a company like mcafee. but even despite this disaster, i would like to ask the critiques of mcafee, hasn’t there been a mistake by any anti-virus company ever?? & despite all this, haven’t you still been tollerating or shall i say, literally sponssoring the existence of the most inefficient companies like symantec?? the makers of norton & other, equally rubbish products??

    according to me, it is not good to judge the efficiency rate of any of the companies by just one mistake on their part but while reaching any conclusions, always, an effort at judging the overall performance must be undertaken.

    of course, my personal view!!

    March 18th, 2006 at 10:23 am

55. Brian says:

    What happened to the mind set of using a test environment. We can blame Mcafee all day long, but because we are in such a hurry to upadate and not test before updating, problems like this occur. Security should be perform using a layered approach. Hopefully other devices are in place at the front end or border of your companies scanning the traffic that’s entering and leaving. I know that a number of threat agents are releast almost daily, but that does not mean to deviate from the basic principles of security. I bet that every company that was affected will be revisiting their roots of testing. It’s easier to stop a virus, worm or whatever else that attacks 10 - 100 devices than to shut down the whole company with one DAT file.

    March 21st, 2006 at 12:36 pm

56. HItesh says:

    It Happens sometimes, Dont worry, Be Happy

    March 26th, 2006 at 4:45 am

57. MacUser says:

    ROTFLMFAO!!!!!!! I have 3 Macs at my desk, no problems here!!! (Sorry, this is just TOO GOOD TO RESIST!!!!!!) Anyone who is gullible enough to rely solely on Windoze deserves this…..

    March 27th, 2006 at 3:05 pm

58. Brian says:

    Sorry, but its not worth the 30 seconds to Hack-a-Mac. Just sit in your little shell called “False sense of security”.

    April 2nd, 2006 at 9:15 pm

59. craps table says:

    craps table craps table

    July 27th, 2006 at 2:07 pm

60. loyuvoqafucn says:

    loyuvoqafucn…

    nice post…

    July 27th, 2007 at 1:51 pm

61. sunny says:

    Due to by virus my data was lost mostly words and excel files. One of my friend who already recoverd her data in their, he advice me to go there. When i went their i though that i came at right place. They gave me my data as useul condition. Due to by virus files are courrpt and not back our own form, but they do it well. Please check the www.hdrconline.com.

    August 16th, 2007 at 4:10 am

62. CA Antivirus Software IDs Windows Component as Malware | Etixet Tag Cloud Archive 10.000 Web Site Feed says:

    […] It’s not uncommon to see false positives in AV and anti-spyware software … for example, McAfee IDing Excel as a virus, Microsoft Anti-Spyware IDing Norton Antivirus. ‘Course, that doesn’t give companies an excuse. And IDing part of Windows as malware … now that’s even more inexcusable than IDing Excel. The problem was that eTrust Antivirus was mistakenly flagging the Windows Lsass.exe process, said Bob Gordon, a CA spokesman. “CA quickly discovered and fixed an issue which temporarily caused some customers to detect a problem in their Lsass.exe files,” he said in an e-mail. Source: InfoWorld […]

    January 7th, 2008 at 1:24 pm

63. 情趣用品 says:

    QQ

    December 17th, 2008 at 2:49 am

Leave a comment