Norton Full system scan not finding virus

[Ken Applequist]

I'm running Norton Systemworks 2003. NAV keeps telling me I have a virus in
FTPUPD.EXE, it calls it a Bloodhound virus. When I run a comprehensive full
system scan, NAV says there are no viruses. However, when I run a file scan
on the particular file, it tells me that there is a virus. This is both
confusing and disconcerting. If I can't trust a full system scan what's the
point of running one. Can anyone give me a little information on this?
Thanks,
Ken

 

[Chuck]

I'm running Norton Systemworks 2003. NAV keeps telling me I have a virus
in

FTPUPD.EXE, it calls it a Bloodhound virus. When I run a comprehensive full
system scan, NAV says there are no viruses. However, when I run a file scan
on the particular file, it tells me that there is a virus. This is both
confusing and disconcerting. If I can't trust a full system scan what's the
point of running one. Can anyone give me a little information on this?

Norton sucks, switch to anything else (but Microsoft AV).

 

[Steve]

I'm running Norton Systemworks 2003. NAV keeps telling me I have a
virus in FTPUPD.EXE, it calls it a Bloodhound virus. When I run a
comprehensive full system scan, NAV says there are no viruses.
However, when I run a file scan on the particular file, it tells me
that there is a virus. This is both confusing and disconcerting. If I
can't trust a full system scan what's the point of running one. Can
anyone give me a little information on this? Thanks,
Ken

Ken:

The Bloodhound technology that NAV uses will result in some false positives.
I have had them and I know others that have also had false positives too.

I would recommed that you use the help that comes with NAV and lookup
"Bloodhound" also go to the Symantic website and do a search on
"Bloodhound". Once you understand the Bloodhound technology, you will
understand the problem with it's false positives.

Good luck,

Stevve

 

[Ceily]

Although I would have worded it differently. I agree with Chuck.

Ceily

 

[Pop Rivet]

Hi,

"Bloodhound" is the key word in your post, sometimes also
called "heuristics". The Help section should give you good
info on it, but basically it means the av software "sniffs"
around, looking for anything writing or moving things around
that the system isn't calling for as far as Norton can
determine (as in, virus activity). FTPUPD sounds like an
automatic update function and, assuming you know it's a
valid file, then Norton is probably finding it when ftpupd
tries to access the update site. I'm guessing here, but
when you scan ftpupd istelf, Norton probably discovers that
it is prepping to access the 'net and thus reports it to you
as a possible virus activity (Bloodhound is this sniffer
function). It's a very handy thing if you wish to use it,
because it -can- catch unknown viruses based on their
activity and before any of the av coders are aware of it.
The Help section will give you a pretty good description,
and will also tell you how to turn it off. I thought it was
defaulted off actually, but maybe they've changed that. I
have sysworks 2k2 yet. I think you'll find that anytime a
Bloodhound find is executed, that it says to check to see if
it is a virus, and then you can submit it to symantec for
them to analyze if you think it is. Personally, I have it
turned off most of the time but I do turn it on if a
particularly ornery session of viruses hit the geo area I'm
in.

Oh, and lastly, you can ignore the dummies who say it's no
good: they don't know and may be anything from virus
spammers protecting their own to trolls. Both are in
abundance on some groups and this is a popular hangout for
it, I mean, them. No, I was right; I meant it. ;-]

Pop