PC-Cillin did not detect W95/CIH.Remnants Virus

[pkmicro]

Hi all,

I have this one file that was infected by CIH virus for over a year sitting
in my computer under Windows XP. Although this
virus have no effect under Windows XP but it should still be at least
detected and cleaned or deleted by PC-Cillin that I have installed in this
computer. It can effect my friend's computer if I use this file to
distribute it to my friend thinking that it's free of virus. I did not find
out until my son told me when he play that file on his computer and his
Anti-Virus detected it. That's when I ran a Virus check from McAfee's
Internet Virus Scan and indeed it detected all the same 25 files in my
computer that were infected with W95/CIH.Remnants Virus. I have this
PC-Cillin on this computer & it's been updating with the new up todated DAT
file almost everyday but did not detect & clean this particular
virus.....weird.

 

[null]

Hi all,

I have this one file that was infected by CIH virus for over a year sitting
in my computer under Windows XP. Although this
virus have no effect under Windows XP but it should still be at least
detected and cleaned or deleted by PC-Cillin that I have installed in this
computer. It can effect my friend's computer if I use this file to
distribute it to my friend thinking that it's free of virus. I did not find
out until my son told me when he play that file on his computer and his
Anti-Virus detected it. That's when I ran a Virus check from McAfee's
Internet Virus Scan and indeed it detected all the same 25 files in my
computer that were infected with W95/CIH.Remnants Virus. I have this
PC-Cillin on this computer & it's been updating with the new up todated DAT
file almost everyday but did not detect & clean this particular
virus.....weird.

If you Google w95/cih.remnants you'll learn that some av scanner
products now alert on cih infected files that had been cleaned. Thus
the term "remnants" in the alert message. These remnants are said to
be benign. If you look here:

http://www.virusbtn.com/resources/vgrep/vgrep.cgi?terms=w95/cih.remnants&product=0

you'll see that some other products might alert with the term
"damaged" (or "dam") or "corrupted" as well as "remnants". Other
products may not alert at all.


Art
http://www.epix.net/~artnpeg

 

[MickKi]

Hi pkmicro,


[snip]

I have this
PC-Cillin on this computer & it's been updating with the new up todated
DAT
file almost everyday but did not detect & clean this particular
virus.....weird.

Since the virus definition files do not get updated daily (unless there's
a spate of new viri) your PC-Cillin should check for new updates
regularly, but only update a new file every now and then. If it does so
continuously it probably this indicates that the PC-Cillin update engine
is faulty. You may need to uninstall/reinstall it and then download the
latest definitions for a fresh scan of your machine.

Regards,

Mick

 

[DangerScouse]

Hi all,

I have this one file that was infected by CIH virus for over a year sitting
in my computer under Windows XP. Although this
virus have no effect under Windows XP but it should still be at least
detected and cleaned or deleted by PC-Cillin that I have installed in this
computer. It can effect my friend's computer if I use this file to
distribute it to my friend thinking that it's free of virus. I did not find
out until my son told me when he play that file on his computer and his
Anti-Virus detected it. That's when I ran a Virus check from McAfee's
Internet Virus Scan and indeed it detected all the same 25 files in my
computer that were infected with W95/CIH.Remnants Virus. I have this
PC-Cillin on this computer & it's been updating with the new up todated DAT
file almost everyday but did not detect & clean this particular
virus.....weird.

I used PC-Cillin until recently, when it became evident that it failed to
pick up the email attachments that were clearly infected during the
recent spate we've had.

I did an on-line scan at www.pandasoftware.com and this managed to detect
an infection on my second HD that I wasn't even aware I had. I was so
impressed I bought the product.

 

[Jeffrey A. Setaro]

[This followup was posted to alt.comp.anti-virus and a copy was sent to
the cited author.]

Hi all,

I have this one file that was infected by CIH virus for over a year sitting
in my computer under Windows XP. Although this
virus have no effect under Windows XP but it should still be at least
detected and cleaned or deleted by PC-Cillin that I have installed in this
computer. It can effect my friend's computer if I use this file to
distribute it to my friend thinking that it's free of virus. I did not find
out until my son told me when he play that file on his computer and his
Anti-Virus detected it. That's when I ran a Virus check from McAfee's
Internet Virus Scan and indeed it detected all the same 25 files in my
computer that were infected with W95/CIH.Remnants Virus. I have this
PC-Cillin on this computer & it's been updating with the new up todated DAT
file almost everyday but did not detect & clean this particular
virus.....weird.

First of all relax you're not infected. The name W95/CIH.Remnants
indicates that those 25 files where at some point in time infected by
one of the W95/CIH variants and then disinfected improperly. They are
not infectious and don't pose a danger to your or your sons system.

Bottom line PC-cillin is right not to report those files as infected...
They're not.

--
Cheers-

Jeff Setaro
jasetaro <at> mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34

 

[null]

[This followup was posted to alt.comp.anti-virus and a copy was sent to
the cited author.]

Hi all,

I have this one file that was infected by CIH virus for over a year sitting
in my computer under Windows XP. Although this
virus have no effect under Windows XP but it should still be at least
detected and cleaned or deleted by PC-Cillin that I have installed in this
computer. It can effect my friend's computer if I use this file to
distribute it to my friend thinking that it's free of virus. I did not find
out until my son told me when he play that file on his computer and his
Anti-Virus detected it. That's when I ran a Virus check from McAfee's
Internet Virus Scan and indeed it detected all the same 25 files in my
computer that were infected with W95/CIH.Remnants Virus. I have this
PC-Cillin on this computer & it's been updating with the new up todated DAT
file almost everyday but did not detect & clean this particular
virus.....weird.

First of all relax you're not infected. The name W95/CIH.Remnants
indicates that those 25 files where at some point in time infected by
one of the W95/CIH variants and then disinfected improperly.

Or maybe they were disinfected just sufficiently to render them
benign. Whether or not they were disinfected "improperly" is not
clear. It depends on what you consider improper. And it depends on the
technical/practical limitations of the disinfection process.

They are
not infectious and don't pose a danger to your or your sons system.

Bottom line PC-cillin is right not to report those files as infected...
They're not.

What av scanners should report ... and whether they should report at
all is another matter of opinion. Bottom line really is that scanners
shouldn't false alarm ... which means they shouldn't report a active
CIH infection or some other malware on these files. The fact that some
scanners report the files as "remnants" or "corrupted" or "damged"
will be considered valuable information by many users. Personally, I
prefer the "remnants" report ... assuming they are correct, of course.

Seems to me this example points to the importance of being able to
replace files from backup (or original source). Far preferable to
replace files than try to disinfect them in many cases.


Art
http://www.epix.net/~artnpeg

 

[pkmicro]

Hi Jeffrey,

The problem is it makes me look bad when I give the CD that contain this
particular file to my friend or
co-worker and they found out that I gave them a disk that infected with
virus. Do you think they
will trust you again? I think a good AV program should at least warn you
that this particular file
is suspicious or something so we can either delete it or stop using it.

[This followup was posted to alt.comp.anti-virus and a copy was sent to
the cited author.]

Hi all,

I have this one file that was infected by CIH virus for over a year sitting
in my computer under Windows XP. Although this
virus have no effect under Windows XP but it should still be at least
detected and cleaned or deleted by PC-Cillin that I have installed in this
computer. It can effect my friend's computer if I use this file to
distribute it to my friend thinking that it's free of virus. I did not find
out until my son told me when he play that file on his computer and his
Anti-Virus detected it. That's when I ran a Virus check from McAfee's
Internet Virus Scan and indeed it detected all the same 25 files in my
computer that were infected with W95/CIH.Remnants Virus. I have this
PC-Cillin on this computer & it's been updating with the new up todated DAT
file almost everyday but did not detect & clean this particular
virus.....weird.

First of all relax you're not infected. The name W95/CIH.Remnants
indicates that those 25 files where at some point in time infected by
one of the W95/CIH variants and then disinfected improperly. They are
not infectious and don't pose a danger to your or your sons system.

Bottom line PC-cillin is right not to report those files as infected...
They're not.

--
Cheers-

Jeff Setaro
jasetaro <at> mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34

 

[Jeffrey A. Setaro]

Hi Jeffrey,

The problem is it makes me look bad when I give the CD that contain this
particular file to my friend or
co-worker and they found out that I gave them a disk that infected with
virus.

But the disk/files are not infected. W95/CIH.remnants is not a virus...
It's a name McAfee uses when it detects benign remnants of W95/CIH in a
disinfected file. See <http://vil.nai.com/vil/content/v_
10300.htm#Variants>.

Note: current versions of McAfee VirusScan can remove these remnants.

Do you think they
will trust you again?

No... If you are in a position that requires you to distribute files to
clients or associates you should be using multiple anti-virus product to
check those files not only for virus but for false alarms before the are
distributed.

I have licenses for every anti-virus product available in the US for
just that purpose.

I think a good AV program should at least warn you
that this particular file
is suspicious or something so we can either delete it or stop using it.

A good anti-virus product should detect viruses not benign remnants left
behind by some other anti-virus products ham handed disinfection
routine.

Personally, I'd replace PC-cillin with better anti-virus product like
McAfee VirusScan, Kaspersky Anti-Virus, or F-Secure.

--
Cheers-

Jeff Setaro
jasetaro <at> mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34