F-Prot DOS new version 312D

L

Laura Fredericks

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As of the time of this posting, this F-Prot web site
has not yet been updated to state the latest version
available:
http://www.f-prot.com/products/currentversions.html

Version 312D can be downloaded from:
ftp://ftp.f-prot.com/pub
Click to expand...

And 312E just came out! Here's what the change is:

* * * * *

We had to make a minor engine change to detect some
replicants of the Bagle.P virus.

When the /SERVER or /PARANOID switches are used,
F-PROT will alert on encrypted files in ZIP archives
in more cases than previously.

* * * * *

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
Comment: MY PUBLIC KEY www.queenofcyberspace.com/laurafredericks.asc

iQA/AwUBQFjDaqRseRzHUwOaEQI3LgCgkjyMDV3vdpiQur6+Rbu5HVS4SBIAn3Se
HpK2JGu1YBynW2xF8aUT94xm
=kS/i
-----END PGP SIGNATURE-----

--
Laura Fredericks
PGP key ID - DH/DSS 2048/1024: 0xC753039A

alt.comp.virus photo gallery:
http://www.queenofcyberspace.com/acvgallery/

usenet flamewars:
http://www.queenofcyberspace.com/usenet/

Remove CLOTHES to reply.
 
N

null

And 312E just came out! Here's what the change is:

* * * * *

We had to make a minor engine change to detect some
replicants of the Bagle.P virus.

When the /SERVER or /PARANOID switches are used,
F-PROT will alert on encrypted files in ZIP archives
in more cases than previously.

* * * * *
Click to expand...

Interesting. I don't recall ever having seen such a rapid parade of
new versions.


Art
http://www.epix.net/~artnpeg
 
B

Bart Bailey

In Message-ID:<[email protected]> posted on
And 312E just came out! Here's what the change is:
Click to expand...

3.12e crashes on my win98se!

error report:
---begin---
CauseWay DOS Extender v3.49 Copyright 1992-99 Michael Devore.
All rights reserved.

Exception: 0E, Error code: 0004

EAX=84260450 EBX=8454EEA8 ECX=849641A2 EDX=845553C8 ESI=00FF0000
EDI=00000000 EBP=8454EEA8 ESP=8441CAE4 EIP=843EB4E9 EFL=00010216

CS=018F-7BC86000 DS=0197-7BC86000 ES=0197-7BC86000
FS=0197-7BC86000 GS=019F-xxxxxxxx SS=0197-7BC86000

CR0=00000000 CR2=00000000 CR3=00000000 TR=0000

Info flags=00008018

Program Linear Load Address: 8437A000

CS:EIP > 0F B6 89 5E 4E 00 00 0B 34 24 09 CE B9 08 00 00
00 2B 48 43 D3 EE 81 E6 FF FF 00 00 89 B0 83 00
00 00 8B 83 EC 00 00 00 8B 88 83 00 00 00 81 E1
FE FF 00 00 3B 4A 24 0F 83 AE 00 00 00 3B 4A 14
0F 83 74 00 00 00 3B 4A 0C 73 5C 3B 4A 08 73 50
B8 01 00 00 00 8B B3 EC 00 00 00 8B 7E 43 01 C7
C1 EF 03 01 7E 3F 8B 9B EC 00 00 00 8B 73 43 01
C6 83 E6 07 89 73 43 89 CE B9 10 00 00 00 2B 34
82 29 C1 D3 EE 89 F1 03 4C 82 44 3B 0A 72 02 31
C9 8B 84 8A 84 00 00 00 83 C4 04 5F 5E 59 5B C3
B8 02 00 00 00 EB AE 3B 4A 10 73 07 B8 03 00 00
00 EB A2 B8 04 00 00 00 EB 9B 3B 4A 1C 73 13 3B
4A 18 73 07 B8 05 00 00 00 EB 8A B8 06 00 00 00
EB 83 3B 4A 20 73 0A B8 07 00 00 00 E9 74 FF FF
FF B8 08 00 00 00 E9 6A FF FF FF 3B 4A 34 73 37
3B 4A 2C 73 19 3B 4A 28 73 0A B8 09 00 00 00 E9


SS:ESP > 00 FF 00 00 00 00 00 00 A8 EE 54 84 17 00 00 00
92 5B 2D 00 C9 E1 3E 84 30 01 26 84 A8 EE 54 84
00 00 00 00 A8 EE 54 84 52 01 00 00 1D 04 26 84
F5 B0 3E 84 53 FA 54 84 17 43 3E 84 1C 7E 3E 84
30 01 26 84 20 60 23 84 9B F2 3B 84 CF 03 26 84
DC 5E 40 84 21 1C 39 84 C0 00 26 84 00 01 00 00
08 02 26 84 7B 0D 0A 84 CD 20 56 84 04 00 00 00
54 00 00 00 07 00 26 84 70 22 00 00 F0 01 26 84
97 01 26 84 00 80 40 00 56 84 00 00 08 00 40 00
88 CB 41 84 00 00 00 00 97 01 00 00 00 00 40 00
C8 FF 13 00 08 00 40 00 A0 CB 41 84 40 00 00 00
00 00 00 00 00 10 40 00 01 05 00 00 9F 01 00 00
97 01 40 00 97 01 13 00 97 01 00 00 08 00 40 00
01 00 00 00 38 80 56 84 08 80 56 84 7A CC 3F 84
F8 0F 40 00 08 80 56 84 34 80 56 84 5B 01 00 00
8A 05 40 84 C8 0F 40 00 00 00 40 00 C8 FF 13 00


00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 71 2E 00 00
SS:EBP > 00 38 C0 54 84 52 01 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 35 00 00 00 01 00 00
00 00 00 00 00 CF 41 84 24 02 26 84 00 00 00 00
00 54 58 54 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 20 60 23
84 00 30 01 26 84 C8 00 EA 02 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 81 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 50 04 26 84
00 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00



Application resource tracking details
===========================================


Selectors
=========

sel base limit type D mem count
----------------------------------------
0177 84229000 00004000 DATA 32 Y xxxx
0187 84229B0C 000001C8 DATA 32 Y xxxx
018F 00000000 FFFFFFFF CODE 32 N 0001
0197 00000000 FFFFFFFF DATA 32 N 0002
019F 84229CE0 00000047 DATA 32 Y xxxx

Total selectors: 0005


Linear memory blocks
====================

handle base length
--------------------------
8437A000 8437A000 000A4000
84229B0C 84229B0C 000001CC
84229CE0 84229CE0 00000048

Total Linear memory: 000A4214 (000A8000) in 00000003 blocks


Linear memory locked
====================

base length
-----------------
A2A4843F 0000000B
EC20843F 000000A0
EB80843F 000000A0


DOS memory blocks
=================

sel base length
----------------------


Protected mode interrupt vectors
================================

No sel offset
----------------
1B 018F 843FEC20
23 018F 843FEB80
24 018F 843FBBE4


Protected mode exception vectors
================================

No sel offset
----------------


Real mode interrupt vectors
===========================

No seg offset
-------------


Call-Backs
==========

real target
 
L

Laura Fredericks

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

3.12e crashes on my win98se!
Click to expand...

Hmm...

I have Win98 and it ran fine in a DOS window; ditto
directly from DOS. (Used our friends Eicar and Eddie
on a floppy as a test.)

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
Comment: MY PUBLIC KEY www.queenofcyberspace.com/laurafredericks.asc

iQA/AwUBQFjeuqRseRzHUwOaEQLNLACgqHYZuvL7LuQhGxncx1yDVYddxlUAoJ7z
aNe5bwiQOn7oNbH9pul5MGlK
=9vzZ
-----END PGP SIGNATURE-----

--
Laura Fredericks
PGP key ID - DH/DSS 2048/1024: 0xC753039A

alt.comp.virus photo gallery:
http://www.queenofcyberspace.com/acvgallery/

usenet flamewars:
http://www.queenofcyberspace.com/usenet/

Remove CLOTHES to reply.
 
L

Laura Fredericks

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

...So on my PC the problem only shows up while in
Windows and then only when using the user interface.
Click to expand...

I should've specified, but I used the program's user
interface in both instances, with no problem.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
Comment: MY PUBLIC KEY www.queenofcyberspace.com/laurafredericks.asc

iQA/AwUBQFjfQqRseRzHUwOaEQLwXwCg0nvNGEntucGwYvYzH8YaI7X8IqAAn01b
cTBkc+tWr0dHHZH7trkxAM/a
=/+iM
-----END PGP SIGNATURE-----

--
Laura Fredericks
PGP key ID - DH/DSS 2048/1024: 0xC753039A

alt.comp.virus photo gallery:
http://www.queenofcyberspace.com/acvgallery/

usenet flamewars:
http://www.queenofcyberspace.com/usenet/

Remove CLOTHES to reply.
 
H

Heather

Just tried it in DOS after booting using a WIN ME system disk and it
worked ok both ways. So on my PC the problem only shows up while in
Windows and then only when using the user interface.
Click to expand...

Hi Art.....

Just tried it in WindowsME and while I had some strange things happen, I
didn't crash. It stopped dead several times on really odd, small things,
such as JV Power Tools, Stinger and Startup List. But by pure fluke, I
found that hitting the Ctrl key got it going again. (was using CAD to see
if it froze and discovered that)

But it went a little berserk on Spybot's Recovery files. Specifically,
C:Windows\All Users\applications\Spybot Recovery. Filled the whole screen
with each entry. Didn't do that with AdAware tho.

I don't understand one bit what caused the above, but thought that you would
and should know. But I am not about to use it again until it is sorted out.

Heather
 
B

Bart Bailey

In Message-ID:<[email protected]> posted on
I have Win98 and it ran fine in a DOS window; ditto
directly from DOS.
Click to expand...

I haven't tried it from a DOS boot up, as Art did, nor tried it on my
95b box yet, is your 98 the first or second edition? ...and wonder why
it zaps ME as well?
 
B

Bart Bailey

In Message-ID:<[email protected]> posted on
I should've specified, but I used the program's user
interface in both instances, with no problem.
Click to expand...

I just snagged the zipped file and its PGP sig from the FTP site.
After confirming the sig, unzipped to a folder within another Quarantine
directory on the desktop, and ran from there.
The error log I posted was located:
C:\WINDOWS\Application Data\CW.ERR
 
B

Bart Bailey

In Message-ID:<[email protected]> posted on
I don't understand one bit what caused the above, but thought that you would
and should know. But I am not about to use it again until it is sorted out.
Click to expand...

Same here,
I just reverted to the previous 3.14b until they get it sussed out.
 
B

Brian J Goggin

In Message-ID:<[email protected]> posted on


3.12e crashes on my win98se!
Click to expand...

I installed it on Win XP Pro. A complete scan of the entire hard disk
ran OK and finished within the expected time. I did not test it
against EICAR or a floppy drive. I ran a scan of a small number of
directories or folders from the user interface; no problems
encountered.

bjg
 
J

joke0

Salut,

Laura Fredericks:
And 312E just came out! Here's what the change is:
Click to expand...

It seems that F-Prot is able to scan inside upx-packed PE now?

I've test that with an old Kitro.e and it works just fine:

KITROE_1.EXE Infection: W32/Kitro.B@mm (exact)
KITROE_2.EXE->(UPX) Infection: W32/Kitro.B@mm (exact)

Is this new or I missed something?
 
L

Laura Fredericks

F

Fridrik Skulason

Just tried it in DOS after booting using a WIN ME system disk and it
worked ok both ways. So on my PC the problem only shows up while in
Windows and then only when using the user interface.
Click to expand...

We have been getting a few reports of strange behaviour of the latest
DOS version - I'm trying to reproduce them at the moment. There could
be several different explanations for this, but if you (or anyone
else) obseerve the program crashing on a particular file, please send
that file to me directly.

-frisk
 
B

Bart Bailey

In Message-ID:<[email protected]> posted on
We have been getting a few reports of strange behaviour of the latest
DOS version - I'm trying to reproduce them at the moment. There could
be several different explanations for this, but if you (or anyone
else) obseerve the program crashing on a particular file, please send
that file to me directly.

-frisk
Click to expand...

I just tried the DOS versions 3.14d and 3.14e over on my w95b system and
they both crashed on it as well as this w98se, however the recent defs
from the 3.14e zip when inserted into 3.14b didn't cause any problems,
suggesting the engines themselves. I'll run them again and try to see if
I can spot which file they crash on.
 
N

null

We have been getting a few reports of strange behaviour of the latest
DOS version - I'm trying to reproduce them at the moment. There could
be several different explanations for this, but if you (or anyone
else) obseerve the program crashing on a particular file, please send
that file to me directly.
Click to expand...

The crash problem I'm seeing is unrelated to the user making any
attempt to scan a file. It happens simply by invoking F-Prot with no
switches. The user graphic interface appears, but then it is covered
with a couple of lines of the crash message.

When invoked with switches, it seemed fine. I scanned a folder
containing a virus collection and the result seemed normal. I also let
it start scanning the entire C: drive and it looked normal ... but I
didn't let it go for long. I just did quick tests.

I'll look at it more extensively this morning.


Art
http://www.epix.net/~artnpeg
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

F-Prot for DOS updater problem 13
ftp://ftp.f-prot updates taking forever to download 5
F Prot 2
F-Prot for DOS & Windows 3.14a Released 3
F-Prot for DOS 3.16a released 5
F-Prot virus submissions 16
F-Prot for DOS vers. 3.14e 3
AV Defs Updater: Correct behaviour detects *unreleased* F-PROT for DOS 3.15a 2

Top