Welcome to SecurityForumz.com!
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

F-Prot

 
   Security Forums (Home) -> F-PROT RSS
Next:  F-PROT for DOS: anomily ?  
Author Message
Brian J Goggin

External


Since: Oct 10, 2005
Posts: 9



(Msg. 1) Posted: Mon Oct 10, 2005 9:51 am
Post subject: F-Prot
Archived from groups: alt>comp>virus (more info?)

I installed a new set of virus signature files for F-Prot at about
1.00am BST on 10 October 2005. My scheduled scan at 5.00am then
reported that it found thirteen files infected with "W32/Antinny.Q
(exact)". Foolishly, I had set it to delete infected files, so it has
(inter alia) deleted

C:\Program Files\Common Files\ACD Systems\PlugIns2\RealOptimizer.dat
C:\Program Files\Common Files\ACD Systems\PlugIns2\VBexplorer.ocx
C:\Program Files\Microsoft Office\Excel\OFFICE11\MSOWCW.DLL
C:\Program Files\Microsoft Office\Office10\WEBPAGE.DLL Infection:
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE Infection:
C:\Program Files\Thumbs6\Thumbs.sef Infection: W32/Antinny.Q (exact)
C:\WINDOWS\system32\comct332.ocx Infection: W32/Antinny.Q (exact)

I have reported this to F-Prot and am about to try to undo the damage.
It seems that an even newer version of the signature files is now
available.

bjg

 >> Stay informed about: F-Prot 
Back to top
Login to vote
Brian J Goggin

External


Since: Oct 10, 2005
Posts: 9



(Msg. 2) Posted: Mon Oct 10, 2005 10:25 am
Post subject: Re: F-Prot [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

On Mon, 10 Oct 2005 09:51:58 +0100, Brian J Goggin
<myinitialsATmyorganization.ie> wrote:

>I installed a new set of virus signature files for F-Prot at about
>1.00am BST on 10 October 2005. My scheduled scan at 5.00am then
>reported that it found thirteen files infected with "W32/Antinny.Q
>(exact)". Foolishly, I had set it to delete infected files, so it has
>(inter alia) deleted

[...]

I downloaded even newer definitions at about 10.00am BST and scanned a
folder from which F-Prot had been unable to delete "infected" files.
According to the latest definitions, those files are not "infected".

Memo to self: do not set F-Prot to delete files it can't disinfect.

Memo to chap who asked about the usefulness of quarantines: that's
why.

bjg

 >> Stay informed about: F-Prot 
Back to top
Login to vote
James Egan

External


Since: Jan 19, 2006
Posts: 282



(Msg. 3) Posted: Mon Oct 10, 2005 10:45 am
Post subject: Re: F-Prot [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

On Mon, 10 Oct 2005 10:25:36 +0100, Brian J Goggin
<myinitialsATmyorganization.ie> wrote:

>Memo to self: do not set F-Prot to delete files it can't disinfect.

It's a mistake you only make once. Actually, if it turns out to be a
real infection, it is better to restore from a backup (if available)
rather than disinfecting since the disinfection isn't always 100% back
to the original. Report only is the way to go. That's all av's not
just f-prot.


Jim.
 >> Stay informed about: F-Prot 
Back to top
Login to vote
Brian J Goggin

External


Since: Oct 10, 2005
Posts: 9



(Msg. 4) Posted: Mon Oct 10, 2005 11:00 am
Post subject: Re: F-Prot [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

On Mon, 10 Oct 2005 10:45:55 +0100, James Egan
wrote:

>It's a mistake you only make once. Actually, if it turns out to be a
>real infection, it is better to restore from a backup (if available)
>rather than disinfecting since the disinfection isn't always 100% back
>to the original. Report only is the way to go. That's all av's not
>just f-prot.

Thankfully, I have backups, and original software. I've never had to
use them before!

bjg
 >> Stay informed about: F-Prot 
Back to top
Login to vote
Brian J Goggin

External


Since: Oct 10, 2005
Posts: 9



(Msg. 5) Posted: Mon Oct 10, 2005 12:39 pm
Post subject: Re: F-Prot [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

On Mon, 10 Oct 2005 10:25:36 +0100, Brian J Goggin
<myinitialsATmyorganization.ie> wrote:

>I downloaded even newer definitions at about 10.00am BST and scanned a
>folder from which F-Prot had been unable to delete "infected" files.
>According to the latest definitions, those files are not "infected".

F-Prot has now confirmed that the earlier set of virus signature files
("released at 22:58 on 9 Oct 2005") caused problems by detecting false
positives, and that the later set ("released at 00:32 on 10 Oct 2005")
fixed the problem. They apologised for the inconvenience.

For anyone who lost MS Office files, they recomend running the
installation CD.

Happily, my backups worked: the feeling of smug virtue that overcame
me was wondrous to behold.

bjg
 >> Stay informed about: F-Prot 
Back to top
Login to vote
Virus Guy

External


Since: Aug 05, 2005
Posts: 428



(Msg. 6) Posted: Mon Oct 10, 2005 3:08 pm
Post subject: Re: F-Prot [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

Brian J Goggin wrote:
> Thumbs.sef Infection: W32/Antinny.Q (exact)
> comct332.ocx Infection: W32/Antinny.Q (exact)

Infected with Anthony Quinn ?
 >> Stay informed about: F-Prot 
Back to top
Login to vote
Display posts from previous:   
   Security Forums (Home) -> F-PROT All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]