McAfeeFire.exe is trojan?

McAfee Desktop Firewall's McAfeeFire.exe also a trojan? I was using my wife's company laptop a Dell Inspiron with Windows XP Pro SP3, McAfee antivirus 8.5i enterprise edition and McAfee Desktop Firewall 8.5 connected to the Internet via our home network. I also booted alongside my HP Pavilion laptop with Fedora core 11. Suddenly her Dell laptop's McAfee antivirus popup instrusion detection like DDOS alarm saying 192.168.1.123 (which is the Fedora 11 laptop). In the Dell laptop I clicked the detail of instrusion...:

Blocked by port blocking rule C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\McAfeeFire.exe Anti-virus Standard Protectionrevent mass mailing worms from sending mail 192.168.1.123:25

Also showing IP # 224.0.0.251.

I uninstalled McAfee Desktop Firewall right away and enabled Windows firewall. Is this McAfeeFire.exe some trojan?
:confused

 

I assume 192.168.1.123 is the address of one of the computers on your home network. The 25 behind it refers to port 25. Lots of ISPs block port 25 because it is used to send spam.
The firewall was telling you it was blocking port 25 so that no computer you use could be used to send mass mailings/spam.
Go here http://www.commercestreet.com/Blocking_Port_25.htm
and scroll down to What's this all about? and Why block Port 25?

Your firewall was trying to protect you.

 

My question IS if this McAfeeFire.EXE is trojan? Of course I know 192.168.1.123 is my laptop and port 25 is SMTP.

 

McAfee Desktop Firewall is a legitimate product from Network Associates. If you need to remove it from your system use the Add/Remove Programs uninstaller or remove it by hand by following these instructions.

 

If the computer is reconnected to the intranet at your wife's company, the system administrator may be unhappy to find that his expensive virus protection software has been removed - especially if he tracks down a company wide infestation as having come from a thumb drive plugged into that computer ! !

Alan

 

The person who responded was giving that information just in case you didn't know it.

All the other responses are accurate and helpful to you as well.

1. mcafeefire.exe is the name of an executable file used by McAfee/Network Associates and so is reputable - *IF* the file in question relates to a valid McAfee program installed on that system. Since you already confirmed that, then you can assume it is safe.
2. Removing McAfee Desktop Firewall from your wife's company laptop was therefore inadvisable.

As far as whether a trojan could be masquerading on your system under the file name mcafeefire.exe, that is something no one here can have the slightest chance of answering.
This is not the malware forum.
If you are at all concerned about malware on any of your systems, then you need to scan your systems with the programs listed in the 'Read & Run me First malware Removal Guide' over in the MajorGeeks Malweare Removal Forum.

 

Somehow they gave away the laptop to my very pregnant wife she left the company for good. Her laptop is now mine, LOL.

I'm just wondering, did this McAfeeFire.EXE responsible why Citibank cancelled my card at least three times? The McAfeeFire.EXE was attempting to mass mail via regular SMTP while the port 25 is closed in my laptop. I use SSL SMTP.

 

So it having been a company laptop is not relevant after all then. OK

1. There is no way anyone can answer this question either.
2. Again that doesn't sound right since it was the McAfee software sending out the alert.

The same answer still applies:
Carry out the MajorGeeks 'Read & Run Me First Malware Removal Guide' steps on whichever system (or all of them) you are worried about.

As far as Citibank is concerned, why don't you just speak to them and ask them why they cancelled your card 3 or more times???

 

I did scan using Malwarebytes and later SuperAntiSpyware (whatever) before uninstalling McAfee Desktop Firewall, it didn't find anything. To me if a supposedly legit commercial software McAfee Desktop Firewall's component "McAfeeFire.EXE" would be triggering mass mailing worms while their enterprise antivirus initiated "port blocking rule C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\McAfeeFire.exe Anti-virus Standard Protectionrevent mass mailing worms from sending mail 192.168.1.123:25" this kinda strange. I'll go get an Apple computer for my wife...