From owner-freebsd-bugs  Sat Dec 27 08:50:05 1997
Return-Path: <owner-freebsd-bugs>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id IAA05180
          for bugs-outgoing; Sat, 27 Dec 1997 08:50:05 -0800 (PST)
          (envelope-from owner-freebsd-bugs)
Received: (from gnats@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id IAA05166;
          Sat, 27 Dec 1997 08:50:02 -0800 (PST)
          (envelope-from gnats)
Resent-Date: Sat, 27 Dec 1997 08:50:02 -0800 (PST)
Resent-Message-Id: <199712271650.IAA05166@hub.freebsd.org>
Resent-From: gnats (GNATS Management)
Resent-To: freebsd-bugs
Resent-Reply-To: FreeBSD-gnats@FreeBSD.ORG, ccosolo@ulti.net
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id IAA05026;
          Sat, 27 Dec 1997 08:47:22 -0800 (PST)
          (envelope-from nobody)
Message-Id: <199712271647.IAA05026@hub.freebsd.org>
Date: Sat, 27 Dec 1997 08:47:22 -0800 (PST)
From: ccosolo@ulti.net
To: freebsd-gnats-submit@FreeBSD.ORG
X-Send-Pr-Version: www-1.0
Subject: misc/5383: bloodhound.MBR Virus detected by Norton AV after Boot Mgr Install
Sender: owner-freebsd-bugs@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


>Number:         5383
>Category:       misc
>Synopsis:       bloodhound.MBR Virus detected by Norton AV after Boot Mgr Install
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Dec 27 08:50:01 PST 1997
>Last-Modified:
>Originator:     Carlo Cosolo
>Organization:
>Release:        Walnut Creek 2.2.5
>Environment:
FreeBSD myname.my.domain 2.2.5-RELEASE FreeBSD 2.2.5-RELEASE #0: Tue Oct 21 14:33:00 GMT 1997     
jkh@time.cdrom.com:/usr/src/sys/compile/GENERIC  i386
>Description:
After successfully installing freeBSD with The supplied boot manager, I 
rebooted and selected dos. This boots win95 and executes Norton AV win95's
navboot.exe /startup from autoexec.bat. While booting navboot detects
bloodhound.MBR on the master boot record. I selected the repair option and rebooted.
The repair had disabled the boot manager but did not detect any virus.
I re-installed boot mgr and the virus returned. I now select continue instead of repair
without any ill effects but it is quite anoying when booting win95
>How-To-Repeat:
every time win95 is booted the virus is detected. My version of Norton AV
95 uses Dec 1 97 virus definitions
>Fix:
Modify code fragment to mismatch virus def on executable in bootmanager.
Or scan for possible virus in distribution
>Audit-Trail:
>Unformatted: