F-Prot DOS new version 312D

[null]

We have been getting a few reports of strange behaviour of the latest
DOS version - I'm trying to reproduce them at the moment. There could
be several different explanations for this, but if you (or anyone
else) obseerve the program crashing on a particular file, please send
that file to me directly.

To add to my other response to this post .... I did do more checking
this morning. Since yesderday, there was a new def which I downloaded.
After this, the first time I tried invoking f-prot.exe in a DOS window
I did get the crash. I decided to try a screen capture which I could
send you, but couldn't reproduce the crash. After exiting IrfanView
(my screen capture method) I still couldn't reproduce the crash. From
memory, back when I did get crashes, the graphic interface was frozen
with a "boot sector check" type message (plus three lines of error
message superimposed). I'm under the impression that the crashes
occured during the automatic boot check F-Prot does.

I have no idea why it has now quit crashing (for the time being, at
least). It may be possible I can get a screen capture of a crash if I
restart Windows and set up for a screen capture first ... before any
running of F-Prot. If so, I'll send you the GIF file.


Art
http://www.epix.net/~artnpeg

 

[Heather]

(e-mail address removed) wrote in message

We have been getting a few reports of strange behaviour of the latest
DOS version - I'm trying to reproduce them at the moment. There could
be several different explanations for this, but if you (or anyone
else) obseerve the program crashing on a particular file, please send
that file to me directly.

A suggestion, Frisk. Why not have a spot where we can download older
versions.....say, the last 3 or so. I had to get Bart to send me version
3.14b because I had stopped saving them long ago. I merely 'open' them when
downloading.

I checked www.oldversion.com but no F-Prot. I am using WinME and this
newest version caused a lot of problems, but no crash. (see prior post) I
never expected this to happen with your programs.......but will save them
from now on (something I used to do).

Just a thought......simply because I ran into that years ago with a
*problem* Zone Alarm update and couldn't get an earlier version from them.
I now stay well back from their latest and greatest ones.

Heather

 

[Bart Bailey]

I have no idea why it has now quit crashing (for the time being, at
least). It may be possible I can get a screen capture of a crash if I
restart Windows and set up for a screen capture first ... before any
running of F-Prot. If so, I'll send you the GIF file.

Last night I sent a capture of the crash screen, the error log, the file
that was being scanned, and the f-prot.ini showing where I had selected
the C:\ drive. I haven't received any acknowledgement yet that they got
any of it. Maybe they're too busy.
BTW: you don't need Iview running to capture the crash field, just hit
the print screen key and then open Iview and hit paste.

 

[null]

Last night I sent a capture of the crash screen, the error log, the file
that was being scanned, and the f-prot.ini showing where I had selected
the C:\ drive. I haven't received any acknowledgement yet that they got
any of it. Maybe they're too busy.
BTW: you don't need Iview running to capture the crash field, just hit
the print screen key and then open Iview and hit paste.

That is better. There's another oddity with the latest version. I was
trying the /paranoid switch and password protected zips when I noticed
that F-Prot alerts on the MBR with the message "Infection: possibly a
new variant of Gogo".

Anyway, it sounds like you were able to get farther along with the
user interface than I was, since you mention "file that was being
scanned". I never got to the point where I could scan a file.


Art
http://www.epix.net/~artnpeg

 

[Nil]

We have been getting a few reports of strange behaviour of the
latest DOS version - I'm trying to reproduce them at the moment.
There could be several different explanations for this, but if you
(or anyone else) obseerve the program crashing on a particular
file, please send that file to me directly.

I'm using Windows 2000, and when I start a scan from 3.12e's interface,
it crashes at various points in the scan, on various files. I see no
pattern.

It seems to run better from the command line, but I'm not sure yet.

 

[BoB]

A suggestion, Frisk. Why not have a spot where we can download older
versions.....say, the last 3 or so. I had to get Bart to send me version
3.14b because I had stopped saving them long ago. I merely 'open' them when
downloading.

I checked www.oldversion.com but no F-Prot. I am using WinME and this
newest version caused a lot of problems, but no crash. (see prior post) I
never expected this to happen with your programs.......but will save them
from now on (something I used to do).

Just a thought......simply because I ran into that years ago with a
*problem* Zone Alarm update and couldn't get an earlier version from them.
I now stay well back from their latest and greatest ones.

Heather

I reverted to 3.14d. Anything NOT backed up is more likely to
breakdown.

For anyone following this thread:

I make almost daily backups of the complete folder of all four of
my AVs, firewall configuration, Adaware folder, Spyblaster folder,
data files for my newsreader, Firebird profile, files in the root,
files in the windows folder, win/command folder, win/sys folder,
and clipboard mgr files. I'm not terribly trusting.

All it takes is for a program install to replace system files and
not make backups for uninstall and you will see the value of backups.
Beyond Compare works well for backing up specific items.

BoB

 

[null]

In Message-ID:<[email protected]> posted on


Same here,
I just reverted to the previous 3.14b until they get it sussed out.

That's probably not a wise move since the latest defs are matched to
the latest engine.

For the helluvit, I found 314.c here:

http://www.itd.umich.edu/virusbusters/disinf-fprot.html

And installed the latest defs. It hangs in Windows atter scanning my
C: drive for awhile


Art
http://www.epix.net/~artnpeg

 

[Bart Bailey]

That's probably not a wise move since the latest defs are matched to
the latest engine.

They work and don't crash.

I suspect the problem is related to the new engine trying to peek inside
WinRared archives. It was a Rar archive that killed it on my box, Laura
didn't experience any crash and she once told me that she didn't use
WinRar. If my suspicions are correct, then the old engine will handle
the new defs just fine, but won't be so ambitious as to try and poke
around inside compressed archives.

 

[Laura Fredericks]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I suspect the problem is related to the new engine
trying to peek inside WinRared archives. It was a Rar
archive that killed it on my box, Laura didn't
experience any crash and she once told me that she
didn't use WinRar.

I have WinRar, now. Don't use it to zip files, though.
Unzip, sometimes, using it.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
Comment: MY PUBLIC KEY www.queenofcyberspace.com/laurafredericks.asc

iQA/AwUBQFrsFqRseRzHUwOaEQLcdwCgql+6QsnsW+c0Vv3t7p94UTGNIEYAoOIO
GVoLyEgH7ZspHiZVMGG/laEu
=j1vx
-----END PGP SIGNATURE-----

--
Laura Fredericks
PGP key ID - DH/DSS 2048/1024: 0xC753039A

http://www.queenofcyberspace.com/usenet/

Remove CLOTHES to reply.

 

[Bart Bailey]

In Message-ID:<[email protected]> posted on

I have WinRar, now. Don't use it to zip files, though.
Unzip, sometimes, using it.

Do you have any files compressed with it onboard?
It might not be the WinRar app itself, but maybe certain files
compressed with it, then again, it may have just been a coincidence.

 

[Laura Fredericks]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Do you have any files compressed with it onboard?
Nope.

It might not be the WinRar app itself, but maybe
certain files compressed with it, then again, it may
have just been a coincidence.

I'll compress a file in WinRar and run F-Prot, again.
Will report back, later.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
Comment: MY PUBLIC KEY www.queenofcyberspace.com/laurafredericks.asc

iQA/AwUBQFtLJqRseRzHUwOaEQLk/ACeOcEiyt/YAJYZ2q4gV1qsRDH5sLcAoKcJ
N1G0i8tk4EvW0OD2VzOyndWL
=NLNl
-----END PGP SIGNATURE-----

--
Laura Fredericks
PGP key ID - DH/DSS 2048/1024: 0xC753039A

http://www.queenofcyberspace.com/usenet/

Remove CLOTHES to reply.

 

[Bart Bailey]

In Message-ID:<[email protected]> posted on

I'll compress a file in WinRar and run F-Prot, again.
Will report back, later.

FWIW: The new (Mar 19 '04) defs in the 3.14b engine work just fine.
Seems to be the c,d,&e versions that are crash prone.
Interesting that the 3.14e DOS version is still offered without any
caveats http://www.f-prot.com/download/download_fpdos.html

 

[null]

They work and don't crash.

Specifically, in the 314E.NEW text, it's mentioned that the engine
change to 314E was required to detect some replicants of Bagle.P
So that's why I'm making the point that using older versions with new
defs can be both unwise and deceptive.

I'm finding that I can work with the latest version ok. I was surpised
that F-Prot now defaults to /DUMB /ARCHIVE /PACKED when used without
the user interface. In order to use the /PARANOID and /SERVER
switches, you must run without the user interface.

In order to override /DUMB, either the /EXT or (more preferably) the
/TYPE switch can be used. To override /ARCHIVE use /NOARCHIVE.
To override /PACKED (not recommended) use /NOPACKED

I'm having to rework the settings options of my FP-UP.EXE program to
accomodate the changes in 314E. To those interested, I should have
version 1.8 up soon. I'm going to include a .WGETRC file the way I
used to for (some) firewall users (sets passive=on), and also include
a text file with directions for emergency use.

I suspect the problem is related to the new engine trying to peek inside
WinRared archives. It was a Rar archive that killed it on my box, Laura
didn't experience any crash and she once told me that she didn't use
WinRar. If my suspicions are correct, then the old engine will handle
the new defs just fine,

As long as you don't care about replicants of Bagle.P and who knows
what else


Art
http://www.epix.net/~artnpeg

 

[Heather]

They work and don't crash.

I suspect the problem is related to the new engine trying to peek inside
WinRared archives. It was a Rar archive that killed it on my box, Laura
didn't experience any crash and she once told me that she didn't use
WinRar. If my suspicions are correct, then the old engine will handle
the new defs just fine, but won't be so ambitious as to try and poke
around inside compressed archives.

FWIW......I don't have Winrar at all. Just Winzip. But it stopped dead on
the oddest files. And went nuts on the Spybot recovery files.

3 that it stopped dead on were really small ones......Stinger Tool, JV Power
Tools (old version 1.3) and my Startup List (which is not large).

Any pattern in that? Haven't updated the one you sent. I still think we
should be offered the option of downloading an older version that doesn't
cause problems......can't be that hard to put it up on the website until
they sort out the problems.

Heather

 

[null]

FWIW......I don't have Winrar at all. Just Winzip. But it stopped dead on
the oddest files. And went nuts on the Spybot recovery files.

3 that it stopped dead on were really small ones......Stinger Tool, JV Power
Tools (old version 1.3) and my Startup List (which is not large).

Stopped dead? Took a long time to scan? Or crashed? Can you
distinguish between a DOS program taking a long time to scan and a
actual crash? In a crash, you'll see some strange looking error
message(s). Of course. there's also a "hang" where everything goes
dead and sometimes even Ctrl-Alt-Del doesn't work.

Any pattern in that? Haven't updated the one you sent. I still think we
should be offered the option of downloading an older version that doesn't
cause problems......can't be that hard to put it up on the website until
they sort out the problems.

I don't see how Frisk can't do that since some malware will not be
detected without the latest engine.


Art
http://www.epix.net/~artnpeg

 

[Heather]

on the oddest files. And went nuts on the Spybot recovery files.Power Tools (old version 1.3) and my Startup List (which is not large).

Stopped dead? Took a long time to scan? Or crashed? Can you
distinguish between a DOS program taking a long time to scan and a
actual crash? In a crash, you'll see some strange looking error
message(s). Of course. there's also a "hang" where everything goes
dead and sometimes even Ctrl-Alt-Del doesn't work.

Stopped dead.....period. Yes, I watched it scanning Paintshop Pro, which is
a large one......it pauses and takes longer. It didn't crash...no strange
looking error messages. But for some odd reason, when I hit Ctrl-Alt-Del to
see if it was 'not responding', that seemed to start it up again. Happened
4 or 5 times. So perhaps that is what you mean by a "hang".doesn'tcause problems......can't be that hard to put it up on the website
until they sort out the problems.<<<

I don't see how Frisk can't do that since some malware will not be
detected without the latest engine.

I suppose. Yet to use a different example, my Zone Alarm Pro is v. 2.6.361
and it works just fine. Version 3.xxx prevents most WinME computers from
making auto restore points.......version 4.xxx apparently has corrected
that. I have v.4.58 downloaded, just haven't put it on yet.

And yes, I know you don't use System Restore......but I do. (G) I don't
have your computer knowledge to fix problems.

Heather

 

[null]

Power Tools (old version 1.3) and my Startup List (which is not large).


Stopped dead.....period. Yes, I watched it scanning Paintshop Pro, which is
a large one......it pauses and takes longer. It didn't crash...no strange
looking error messages. But for some odd reason, when I hit Ctrl-Alt-Del to
see if it was 'not responding', that seemed to start it up again. Happened
4 or 5 times. So perhaps that is what you mean by a "hang".

No. Read what I wrote. Sounds like it was simply taking a long time to
scan a file.

I suggest that you try 314E again. Scan your drive using the following
command line:

f-prot c:\*.* /noarchive /type

and also try:

f-prot c:\*.* /archive=1 /type

and also try

f-prot c:\*.* /noarchive /ext

The last one should be the fastest but it only scans default file
extensions, whereas using /type causes f-prot to try to determine the
file type and it takes a bit longer.

doesn'tcause problems......can't be that hard to put it up on the website
until they sort out the problems.<<<

I suppose.

Don't you believe what Frisk wrote in the 314E.NEW file?


Art
http://www.epix.net/~artnpeg

 

[Bart Bailey]

Specifically, in the 314E.NEW text, it's mentioned that the engine
change to 314E was required to detect some replicants of Bagle.P
So that's why I'm making the point that using older versions with new
defs can be both unwise and deceptive.

I'm finding that I can work with the latest version ok. I was surpised
that F-Prot now defaults to /DUMB /ARCHIVE /PACKED when used without
the user interface. In order to use the /PARANOID and /SERVER
switches, you must run without the user interface.

In order to override /DUMB, either the /EXT or (more preferably) the
/TYPE switch can be used. To override /ARCHIVE use /NOARCHIVE.
To override /PACKED (not recommended) use /NOPACKED

I'm having to rework the settings options of my FP-UP.EXE program to
accomodate the changes in 314E. To those interested, I should have
version 1.8 up soon. I'm going to include a .WGETRC file the way I
used to for (some) firewall users (sets passive=on), and also include
a text file with directions for emergency use.


As long as you don't care about replicants of Bagle.P and who knows
what else

I'm not concerned with email borne malware worms,
my Mailwasher Pro dispatches all that crap quite efficiently.
You seem to confirm my suspicions that it's the overambitious archive
probing that f-prot is choking on. Maybe not just WinRar, but something
about the way it tries to un-compress stuff.

 

[Bart Bailey]

In Message-ID:<[email protected]> posted on

can't be that hard to put it up on the website until
they sort out the problems.

As I mentioned in another post,
they don't even acknowledge any problems on the website.

 

[Bart Bailey]

Stopped dead? Took a long time to scan? Or crashed? Can you
distinguish between a DOS program taking a long time to scan and a
actual crash? In a crash, you'll see some strange looking error
message(s). Of course. there's also a "hang" where everything goes
dead and sometimes even Ctrl-Alt-Del doesn't work.


I don't see how Frisk can't do that since some malware will not be
detected without the latest engine.

Is there any dangerous malware that falls into that category, or just
some compressed stuff that remains benign until un-compressed?