Vista component mistakenly dubbed a Trojan virus
McAfee’s security software has mistakenly identified part of Windows Vista as a Trojan virus. The blunder meant the firm’s anti-virus packages thought the component was actually an attempt to steal user information such as passwords.
The affected file is titled conime.exe and is part of Vista’s Input Management Editor (IME), a feature for typing in characters which don’t appear on a standard Western keyboard such as Japanese or Chinese lettering. You may have encountered the component if you customize which applications start automatically in Windows (either through MSCONFIG or a third-party system).
A McAfee update this week (with the reference 5409 DAT) mistakenly labelled the file as containing the PWS-LegMir virus. This name covers a variety of Trojans, which are designed to find passwords on a user’s machine and send them to a hacker. It can also steal details about a user’s experience on the online game Legend of Mir (hence the name.)
Most users should have had the problem fixed by a subsequent update (5410 DAT). A CNET forum poster points out that if you haven’t had this for any reason, you can download http://www.mvrsupport.com/extra.zip and then extract the file to C:\Program Files\McAfee\Virus Scan\DAT\5409.0\
Depending on the particular set-up of their system, some McAfee users may find their conime.exe file was deleted rather than quarantined. This won’t be a major hassle for users who don’t need to use non-standard characters. However, anyone who does need the feature, or experiences glitches with Vista caused by the file’s absence (it should be in Windows’ System32 folder), should be able to reinstall it from the original disc. It’s also available to download from McAfee at www.Mvrsupport.com/conime.zip
‘False positives’ such as this are clearly embarrassing, but they also risk undermining confidence in security products. The problem facing anti-virus software producers is that they need to find ways of cut down on wrongly identifying legitimate software as a virus, without running the risk of missing out a genuine security threat.
Related Posts:
November 7th, 2008
Windows is *not* a virus – viruses are small and efficient.