Date: Sat, 27 Dec 1997 08:47:22 -0800 (PST) From: ccosolo@ulti.net To: freebsd-gnats-submit@FreeBSD.ORG Subject: misc/5383: bloodhound.MBR Virus detected by Norton AV after Boot Mgr Install Message-ID: <199712271647.IAA05026@hub.freebsd.org> Resent-Message-ID: <199712271650.IAA05166@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 5383 >Category: misc >Synopsis: bloodhound.MBR Virus detected by Norton AV after Boot Mgr Install >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Dec 27 08:50:01 PST 1997 >Last-Modified: >Originator: Carlo Cosolo >Organization: >Release: Walnut Creek 2.2.5 >Environment: FreeBSD myname.my.domain 2.2.5-RELEASE FreeBSD 2.2.5-RELEASE #0: Tue Oct 21 14:33:00 GMT 1997 jkh@time.cdrom.com:/usr/src/sys/compile/GENERIC i386 >Description: After successfully installing freeBSD with The supplied boot manager, I rebooted and selected dos. This boots win95 and executes Norton AV win95's navboot.exe /startup from autoexec.bat. While booting navboot detects bloodhound.MBR on the master boot record. I selected the repair option and rebooted. The repair had disabled the boot manager but did not detect any virus. I re-installed boot mgr and the virus returned. I now select continue instead of repair without any ill effects but it is quite anoying when booting win95 >How-To-Repeat: every time win95 is booted the virus is detected. My version of Norton AV 95 uses Dec 1 97 virus definitions >Fix: Modify code fragment to mismatch virus def on executable in bootmanager. Or scan for possible virus in distribution >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199712271647.IAA05026>