Date: Mon, 5 Feb 2001 12:48:01 -0500 From: "Matthew Emmerton" <matt@gsicomp.on.ca> To: "Hensley, Ed" <Ed.Hensley@GMACInsurance.com>, "'freebsd-questions@FreeBSD.org'" <freebsd-questions@FreeBSD.ORG> Subject: Re: Bloodhound.MBR virus question Message-ID: <003401c08f9b$cd6ed6f0$1200a8c0@gsicomp.on.ca> References: <B0A8E85543AAD11187440001FAF82D3E05E2C4CC@lead.integon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Dear FreeBSD Supporters, > > I recently bought the FreeBSD 4.0 package and installed it on my IBM Aptiva > PC. I used the Dual-boot method, i.e., defraged the disk (8GB), and used the > CD-ROM Boot method of installing the release on a new disk partition created > by the install process. This all worked fine, and I was able to boot up > Windows 98, or FreeBSD when I turned on my PC. > > Then the Windows 98 selection started giving me a notice (from Norton) that > I had the Bloodhound.MBR virus in the Master Boot Record. At first I ignored > this (answered NO to letting Norton fix it), and whenever I booted FreeBSD I > had no problems, minus some installation options like sound card not > working. My first thought was that the Norton software just did not > understand that I had a dual boot set up on the PC. This is a Norton false alarm. When Norton detects something that exhibits virus-like behaviour, but isn't in their database, it gets labelled as a "Bloodhound" virus. (http://service1.symantec.com/sarc/sarc.nsf/html/bloodhound.html) I just searched the web and apparently Norton labels many boot loaders (including those used by FreeBSD, LILO and Partition Magic) as being Bloodhound.MBR -- and of course, they're not viruses. The suggested workaround is to disable MBR checking in NAV until they Symantec gets around to fixing their AV product to realize the difference between a boot loader and a virus. -- Matt Emmerton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003401c08f9b$cd6ed6f0$1200a8c0>