new to F-Prot

[mike hagen]

I've got a boot sector file F-Prot (windows) can't figure out. It claims
it's "suspicious". Also hiberfil.sys and pagefil.sys are listed as
running and so not scannable either, whether in xp or from safe
mode/command prompt. Any steps to turn these off at the prompt?

I'm running XP and just switched to this antivirus after Nortons cut me
off from updates a month before it's subscription expired. ;( Have not
figured out all the ins and outs of F-Prot yet.

Any suggestions for IDing the boot sector thing? Any competing
antivirus that might scan boot sectors that I don't have to buy before I
try?

 

[artnpeg]

I've got a boot sector file F-Prot (windows) can't figure out.

The boot sector isn't a file.

It claims
it's "suspicious". Also hiberfil.sys and pagefil.sys are listed as
running and so not scannable either, whether in xp or from safe
mode/command prompt. Any steps to turn these off at the prompt?

You could prevent the system from creating hiberfil.sys by unselecting
Hybernate in your power management settings. But what would be the
purpose?

I'm running XP and just switched to this antivirus after Nortons cut me
off from updates a month before it's subscription expired. ;( Have not
figured out all the ins and outs of F-Prot yet.

Any suggestions for IDing the boot sector thing? Any competing
antivirus that might scan boot sectors that I don't have to buy before I
try?

I don't know of any antivirus product that doesn't check the boot
sector. Take your pick

Art
http://www.epix.net/~artnpeg

 

[David W. Hodgins]

I've got a boot sector file F-Prot (windows) can't figure out. It claims it's "suspicious". Also hiberfil.sys and pagefil.sys are listed as running and so not scannable either, whether in xp or from safe mode/command prompt. Any steps to turn these off at the prompt?

I'm running XP and just switched to this antivirus after Nortons cut me off from updates a month before it's subscription expired. ;( Have not figured out all the ins and outs of F-Prot yet.

Any suggestions for IDing the boot sector thing? Any competing antivirus that might scan boot sectors that I don't have to buy before I try?

Assuming your not using NTFS, try f-prot for dos, after booting from
a known clean floppy.

You can use Art's f-pup.exe from http://home.epix.net/~artnpeg/
to simplify creating the boot and scanner floppies.

Regards, Dave Hodgins

 

[artnpeg]

I realize these were lame questions - thanks for the calm responses.
This is a new computer (without floppy drive) and already formatted in
NTFS, so I'm pretty much stuck with it. Art, I've used your pages
before - they're a great resource - but since there doesn't seem to be
any real problem other than maybe a false positive, I'm going to hold
off a bit on your measures for dealing with the NTFS format.

Well, aside from the various methods of using DOS scanners when the
file system is NTFS, I would be concerned about the F-Prot (which I
assume is the Windows version) report. You have some easy alternatives
available for getting "second opinion" scans while in Windows. You can
use on line scans. You could try Trend's Sysclean. You could d/l a
eval version of a different Windbloze av scanner. If it appears that
F-Prot is false alarming, Frisk should be notified with the details.

Art
http://www.epix.net/~artnpeg

 

[Nick FitzGerald]

I've got a boot sector file F-Prot (windows) can't figure out. It claims
it's "suspicious". ...

Is that exactly, precisely and all that it says?

If you want more help I think you should post the exact, _uninterpreted_
text of the "warning" that F-PROT gives you. (You see, for starters, the
boot sector is not a "file", so you're not really helping your efforts
here by guessing at what the words might mean and "describing" your
interpretation of them...).

... Also hiberfil.sys and pagefil.sys are listed as
running and so not scannable either, whether in xp or from safe
mode/command prompt. Any steps to turn these off at the prompt?

Of course.

Both files, for performance reasons, _must_ remain purely and solely under
the OS' control -- one is the "hibernate file" (where the contents of
memory are written and the state of the registers at the moment you choose
to hibernate the sytem are written) and the other is the swap file (where
the system writes the the "less used" contents of memory so it can act as
if your machine has more memory than is physically installed). The latter
is 120% critical during the machine's operation and the former for a few
seconds before it completes going into, and the few seconds while it
"recovers" from, hibernation -- both are sufficiently important that the
host OS will not allow either to be messed with by anything but itself and,
in teh case of the hiberfil.sys, some BIOS code.

I'm running XP and just switched to this antivirus after Nortons cut me
off from updates a month before it's subscription expired. ;( Have not
figured out all the ins and outs of F-Prot yet.

Well, it seems one of the "ins and outs" of F-PROT compared to NAV is that
it warns you about _all_ files that are inaccessible to it scanning, rather
than hiding some (or most or all -- how will you ever know??) of such files
"because its developers think they known best"...

Any suggestions for IDing the boot sector thing? Any competing
antivirus that might scan boot sectors that I don't have to buy before I
try?

You can try another AV, but F-PROT probably has close to the best boot
sector heuristics, so if something else (depending precisely what!) finds
nothing suspicious, that may simply tell you something about the quality
of that product's boot sector heuristics...

 

[mike hagen]

Is that exactly, precisely and all that it says?

yep. That's exactly what it says. It also says it can't deal with a
file it can't id.

I'm following up on all the suggestions - thanks much!

 

[mitundergrad]

Assuming your not using NTFS, try f-prot for dos, after booting from
a known clean floppy.

You can use Art's f-pup.exe from http://home.epix.net/~artnpeg/
to simplify creating the boot and scanner floppies.

That would be extremely tough in his case as he stated, and I quote,
"This is a new computer (without floppy drive) and already formatted
in NTFS, so I'm pretty much stuck with it."

 

[David W. Hodgins]

That would be extremely tough in his case as he stated, and I quote,
"This is a new computer (without floppy drive) and already formatted
in NTFS, so I'm pretty much stuck with it."

If you read the thread in order, or to the message I quoted, the message
I reponded to was from before he posted that it was ntfs and no floppy.

Regards, Dave Hodgins