Ping: Art - Some Help Needed - F-Prot

[Add Subtract]

Hi Art or Frederic or whoever LOL!

I am having a problem with F-Prot for DOS finding infected files within
the latest (6/25 and 6/26) Norton Anti Virus 2001 virus definitions.

I'm using the latest version of F-Prot for DOS (3.13) with updated macro
and def files. Set to scan compressed, archives and heuristic...

The files being flagged as being infected with a "new or modified
variant of Trivial" are these:

C:\Program Files\Common Files\Symantec\Virus
Def\20030625.19/HH-/pocketpcdefs1.zip\savce.def

And


C:\Program Files\Common Files\Symantec\Virus
Def\20030626.19/HH-/pocketpcdefs1.zip/savce.def

This is happening on both my WinME desktop and Win9SE laptop. Same 2
Norton AV files being flagged.

My Norton 2001 scan shows clean
TrendMicro Housecall scan shows clean
PandaScan shows clean
TrojanHunter 3.5 shows clean

F-prot is also flagging a file on my WinME desktop:

C:\Windows\System\Restore\Temp\A0045114.cpy

Says it "could be a boot sector virus dropper"

I cleared all my restore points and rebooted a few times, ran F-Prot
and I got another message about the same problem in a new restore .cpy
file.

Any help, advice or ideas?

Thank you,

+-

--

 

[Frederic Bonroy]

I am having a problem with F-Prot for DOS finding infected files within
the latest (6/25 and 6/26) Norton Anti Virus 2001 virus definitions.

I'm using the latest version of F-Prot for DOS (3.13) with updated macro
and def files. Set to scan compressed, archives and heuristic...

The latest version is 3.13a though it will probably be replaced by
3.14 soon.

The files being flagged as being infected with a "new or modified
variant of Trivial" are these:

C:\Program Files\Common Files\Symantec\Virus
Def\20030625.19/HH-/pocketpcdefs1.zip\savce.def

And

C:\Program Files\Common Files\Symantec\Virus
Def\20030626.19/HH-/pocketpcdefs1.zip/savce.def

Trivial is a family of extremely simple DOS viruses. These are
false alerts.

This is happening on both my WinME desktop and Win9SE laptop. Same 2
Norton AV files being flagged.

My Norton 2001 scan shows clean
TrendMicro Housecall scan shows clean
PandaScan shows clean
TrojanHunter 3.5 shows clean

I suggest you contact (e-mail address removed).

F-prot is also flagging a file on my WinME desktop:

C:\Windows\System\Restore\Temp\A0045114.cpy

Says it "could be a boot sector virus dropper"

I cleared all my restore points and rebooted a few times, ran F-Prot
and I got another message about the same problem in a new restore .cpy
file.

Hmmm... I can't help you with that. If you write to Frisk, you could
send them this .cpy file at the same time.

 

[Bart Bailey]

The latest version is 3.13a though it will probably be replaced by
3.14 soon.

I extracted the 314 executable from the windows version, and plugged it
into my DOS folder, runs just fine.

Bart

 

[Bart Bailey]

You have a fast connection, right?

Somewhat.
The file (7,429,632) takes under a minute from the European FTP:
ftp://ftp-eu.f-prot.com/pub/windows/fp-win_trial.exe

Bart

 

[David W. Hodgins]

I am having a problem with F-Prot for DOS finding infected files within
the latest (6/25 and 6/26) Norton Anti Virus 2001 virus definitions.
I'm using the latest version of F-Prot for DOS (3.13) with updated macro
and def files. Set to scan compressed, archives and heuristic...

In f-prot, when you select options, and move the cursor to "Use heuristics",
the following shows at the bottom of the screen...

=========================
= Attempt to detect unknown viruses with the use of heuristics (rules that
= describe the behaviour and structure of viruses). This will increase the
= detection rate, at the cost of an increase in the chance of false alarms.
=========================

In other words, you should expect false alarms when the use of heuristics
is selected.

When a program is identified as infected, using heuristics, it just means
you should check the program very carefully, using other scanners, as you
have done, before running it.

I wouldn't worry about these false alarms, or bother reporting them.

Regards, Dave Hodgins

 

[Bart Bailey]

Plus I would have to run the installation program, and I have no
idea what it would do to my registry even if I chose to install
only the DOS part. I just don't trust Windows programs.

Negative
Ghost the partition, install, snag the executable, reinstall partition.
Takes about 15 minutes,
besides you get a current image, not a bad thing to have.

Bart

 

[Add Subtract]

Thank you very much you guys. I figured they were harmless but wanted
to follow up with some folks who have more experience with things like
this.

(e-mail address removed)

+-

--


On Fri, 27 Jun 2003 23:48:23 -0700 (PDT), Add Subtract

I am having a problem with F-Prot for DOS finding infected files within
the latest (6/25 and 6/26) Norton Anti Virus 2001 virus definitions.

I'm using the latest version of F-Prot for DOS (3.13) with updated macro
and def files. Set to scan compressed, archives and heuristic...
In f-prot, when you select options, and move the cursor to "Use
heuristics", the following shows at the bottom of the screen...

=========================

= Attempt to detect unknown viruses with the use of heuristics (rules
that
= describe the behaviour and structure of viruses). This will increase
the
= detection rate, at the cost of an increase in the chance of false
alarms.

=========================

In other words, you should expect false alarms when the use of
heuristics is selected.
When a program is identified as infected, using heuristics, it just
means you should check the program very carefully, using other scanners,
as you have done, before running it.

I wouldn't worry about these false alarms, or bother reporting them.

Regards, Dave Hodgins