This is getting frustrating.
A few minutes ago, Kaspersky popped up a warning:
"6/13/2008 2:01:49 PM C:\WINNT\Temp\SiteAdvisor\mcinst.exe Process is trying to register its copy as an autorun startup object. This behavior is typical of Trojans."
I got the banner notiec in the middle of my IE page advising me a new version had been downloaded.
I terminated the mcinst.exe process, using a choice in Kaspersky's warning pop up.
I had previously deleted the folder C:\WINNT\Temp\SiteAdvisor after the last debacle, so this is a new download. I deleted it again.
I did open my browser, and the SiteAdvisor icon had disappeared from the toolbar.
I reinstalled it from the setup file I downloaded a couple of days ago.
So, for feedback purposes to McAfee:
WHAT MAKES ME SUSPECT THIS IS A VIRUS OR SPYWARE:
(1) Kaspersky's warning.
(2) The banner notice in the middle of my IE page. McAfee has a perfectly good method of notification, the pop-out balloon from the toolbar icon if you visit a red page or instruct it to show balloon. I would assume that if this was really a notification from McAfee, it would appear there? If it did, I'd have a lot more confidence that this update was really from McAFee.
QUESTIONS I WOULD LIKE ANSWERED.
(1) There is nothing I can find on the site about a new version. Is SiteAdvisor in the process of distributing updates? If the answer is no, then I'd like a statement to that effect so I would know this must be a virus or spyware. If the answer is yes, then please post something (like an answer here), so I can add this item to Kaspersky's Trusted Zone.
(2) Is there a SiteAdvisor site that discloses information about new versions distribution and "definition" updates (ie: lists of new site ratings additions/changes IF they're downloaded to the local computer).
(3) When site ratings are changed/added to, does SiteAdvisor retrieve those lists and store them on the local machine for reference, or is SiteAdvisor constantly checking sites against a database at McAfee's site?
WHAT I WOULD LIKE TO ASK MCAFEE TO DO BEYOND THE ABOVE: Please talk to Kaspersky. I'm sure they'd be willing to include an exclusion for a valid update file or process from detection in a definition file soon.
Thanks,
Pat