You wrote that, per your 'fix', you "can no longer use most or all of the Creative Labs Sound Blaster Audigy software"
For some [most?] users, this would not be considered an acceptable 'solution'.
Also: Once you "turn-off" the items you mention via MSCONFIG, can you easily 'restore' them if you later decide to do so?
EDIT: Looks like your second post just answered this, in the affirmative. But I'd still suggest 'caution' in-general here, as I believe some versions of MSConfig offer a "Clean-Up" option, which in fact remove references to disabled programs.
If not, a far preferable approach would be to use an enhanced startup manager, such as WinPatrol,
which will allow you to DISABLE items (rather than REMOVE them) from start up, with the ability to easily re-ENABLE them at any time that you wish.
lastly (for now), there have been some reports that
Rundll32 CTMBHA.DLL,MBMon
is the only "offending" line, generating the ClClean file...
that is to say, it might suffice to disable this one line alone, rather than all 3 (2 start-up + 1 service) that you've suggested.
If you're in a position to test this, it would be interesting to learn your results.
Message Edited by ky331 on 03-08-2007 11:20 AM
it has been reported (by another forum member) that Trend Micro has confirmed, and fixed, the false positive here.
Unfortunately, false positives are a potentially a part of any anti-virus, anti-malware scanner ---- particularly those using heuristic scanning. This time, it was Trend Micro. But in the past, it's been Symantec/Norton, McAfee, Ad-Aware, and SpyBot --- just to name a few. Some of these have even claimed HiJackThis contained a virus!
Fortunately, the file being singled-out was not a "critical" file for your system to run... but suppose it had been an essential file required for Windows to boot: in such a case, you/we would have no choice but to put up with the (temporary) "nagging" popup from the Anti-virus, until the false positive were fixed. In other words, I'm saying that a false positive is not, in my opinion, a good reason to turn-off a legitimate program.
whether you want to run licensing programs, or auto-updater programs, or programs that "phone home" to check-up on things, is certainly a separate matter that you can decide [and disable] on your own.
Another question:
The two links you've included above (one of which I was familiar with) associate the clclean file with Macrovision... presumably for their InstallShield progam... and possibly due to the presence of certain Intel hardware.
If so, what is the connection between Macrovision, and Creative Audigy Soundblaster cards??? Unless you can establish such a connection, it might just be a fluke coincidence that both products might be using files with the same name.
P.S. I have the SoundBlaster Audigy software, and ClClean file, on my laptop as well. I do not use Trend Micro, so I have not encountered the false positive popup that has plagued you. But I am nonetheless interested in determining the real status of these files.
"Why should this be considered a false positive?" No, the answer to this is NOT "simply that the clclean stuff comes from a "trusted source", Creative Labs", but rather, it is a false-positive --- at least, in terms of it being a VIRUS/TROJAN --- because:
1) the file has been submitted to VirusTotal, which asserted it was clean according to 31 different anti-virus scanners... see the 3rd posting in this thread:
2) TrendMicro, by virtue of its updated definitions which [allegedly] no longer pick-up on this file, has by this change, admitted it to be a false-positive.
-----------------
"If a program is accessing the internet without my knowledge, I personally consider it malware." And you indeed have every right to [provided this was not adequately disclosed in their EULA]. But if so, the file should have been picked up as SPYWARE, by an anti-spyware program, rather than as a TROJAN, by an anti-virus program.
very interesting... so now, we have another potential cause/basis for this problem...