Adaware and Mcafee sobig false positive?

[7zero4]

After a *lot* of testing today, it looks like Adaware6 is creating a temp
file during scans which Mcafee V8 def4288 is reporting as sobig. Anyone else
seen this? I've got nothing in registry, and both regular scans and stinger
report nothing, but Adaware trips Mcafee to warn during a scan. The file
isnt there before the scan and only appears to exist during the scan - bit
difficult to check when Mcafee wont do anything but delete or move.

I've been backwards and forwards and *almost* convinced myself its a false
alarm, but I really like to hear someone else has the same problem??
(cross posted for both Adaware and Mcafee experts)

many TIA

 

[Dr Halonfires LesGirl]

Better idea. : Get a decent antivirus such as Vexira (d/l from Tucows link
at my site.) or Sophos.( http://www.sophos.com ) Just a suggestion.

 

[Sonny]

I finally took my life in my hands and just turned it off while AdAware
ran - the file in temp reappeared, AdAware scanned, and when it finished,
the temp file vanished, presumably deleted after the run. I cant think of
any other explanation, but it seems a bit coincidental,. I guess that Mcafee
have given a really wide range to sobig detection to allow for the next
morph?

I had a similar problem and fix.
I use KAV 3.5

 

[Trog Dog]

After a *lot* of testing today, it looks like Adaware6 is creating a temp
file during scans which Mcafee V8 def4288 is reporting as sobig. Anyone else
seen this? I've got nothing in registry, and both regular scans and stinger
report nothing, but Adaware trips Mcafee to warn during a scan. The file
isnt there before the scan and only appears to exist during the scan - bit
difficult to check when Mcafee wont do anything but delete or move.

I've been backwards and forwards and *almost* convinced myself its a false
alarm, but I really like to hear someone else has the same problem??
(cross posted for both Adaware and Mcafee experts)

many TIA

Just noticed that there is a new Adaware reference file that contains new
definitions for sobig - maybe this is the cause of the problem.

A new referencefile (01R21223.08.2003) is now available.

Included are newly added signatures for VX2.BetterInternet, Queep, Densmail,
W32.SoBig.F.

Updated signatures for RemanentBHO, I-Toolbar, ScBar, TIB Browser, Lop.com,
Hi-Wire, VLoading Dialer, Newton Knows, several new tracking cookies.

Reference Number : 01R21223.08.2003
Internal build : 85
Total size : 534252 Bytes
Signature data size : 524184 Bytes
Reference data size : 10004 Bytes
Signatures total : 12055
Target categories : 10
Target families : 249