Content

W95/CTX

Type
-
SubType
-
Discovery Date
03/10/2006
Length
Varies
Minimum DAT
4715 (03/10/2006)
Updated DAT
4716 (03/10/2006)
Minimum Engine
N/A
Description Added
03/10/2006
Description Modified
03/12/2006 6:28 PM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Overview

Characteristics

-- Update March 12, 2006 - 15:28 PDT --

A complete list of files, which are known to trigger this incorrect identification, can be downloaded here.

-- Update March 10, 2006 - 18:50 PDT --
 The following files are the most common to trigger the incorrect identification (see detection requirements below):

  File Name  Description
 usersid.exe  Windows XP file
 imjpinst.exe  Windows XP file
 ecenter.exe  Dell file
 ntfstype.exe  Utility
 adobeupdatemanager.exe  Adobe Update Manager
 gtb2k1033.exe  Google Toolbar Installer
 43gcjvgahnu44.ths  Macromedia Flash Player 7.0  r19
 excel.exe  Microsoft Excel
 graph.exe  Microsoft Excel

Users who have moved detected files to quarantine should restore them to their original location.  Windows users who have had files deleted should restore files from backup or use System Restore .

Product-Specific Instructions

McAfee Managed VirusScan customers can restore quarantined objects via the McAfee Managed VirusScan Quarantine Viewer. 

To open the Quarantine Viewer:

  1. Hold down the Control and Shift key.
  2. Right-click the system tray icon. 
  3. Move the pointer Managed VirusScan .
  4. Click Quarantine Viewer .

For additional details on the McAfee Managed VirusScan Quarantine Viewer, please see our knowledgebase .

McAfee LinuxShield users can restore quarantined items by running the following command from the /opt/NAI/LinuxShield/bin directory:

     nails quarantine --recover []

For more details on LinuxShield, please consult the product documentation.

Virusscan Online users can restore the falsely detected file from the Manage Quarantined Files by clicking on the Restore button as shown below:


--

-- Update March 10, 2006 - 15:10 PDT --
 The 4716 DAT files have been posted to correct this issue.  If you are seeing W95/CTX detection, ensure that you are running the 4716 DAT files or newer.
--

The 4715 DAT files contain an incorrect identification on W95/CTX under the following products:

On Demand Scanner (ODS) Components Only
 (the detection does not occur with the On Access Scanner (OAS), nor with gateway or email scanners)

  • VirusScan Enterprise 8.0i
  • VirusScan Enterprise 7.1
  • VirusScan Enterprise 7.0
  • Managed VirusScan 4.0
  • Managed VirusScan 3.5
  • VirusScan Online 11
  • VirusScan Online 10
  • LinuxShield
  • VirusScan 7.03 (consumer)

These product may report certain executable files as being infected with a variant of W95/CTX.  At that point the files may be renamed as filename.exe.vir However, the point product's secondary action can result in the file being deleted.

Correct W95/CTX detections are reported as W95/CTX.6886 or W95/CTX.10853

Symptoms

Method of Infection

Removal

-

Variants and Aliases

Variants

    No known variants

Aliases