Virus found in WIPECMOS.COM

Report new bugs here, or look at known issues of current and previous releases of UBCD.

Moderators: Icecube, StopSpazzing

Locked
Message
Author
Victor Chew
Posts: 1368
Joined: Mon Feb 21, 2005 10:59 pm
Contact:

Virus found in WIPECMOS.COM

#1 Post by Victor Chew » Sun Mar 27, 2005 6:34 pm

Note: I am reposting my response to this query sent to my personal
account to publicize this issue.

> Hello there,
>
> I downloaded the latest version of your BootCD (excellent job btw)
> and then extracted it. As i was extracting it, Norton Antivirus found
> a virus in the file and deleted it. The file that was repaired was
> the following: UltimateBootCD\ubcd32-basic\dosapps\wipecm. The virus
> that was found is called Hacktool.
>
> Your ultimate boot CD is a powerful tool and very helpful. But next
> time, clean it from viruses before uploading it to your website for
> downloads.
>
> Best Regards, Ilias Patronicolaou

This is a false alarm that was introduced in V3.0 (WIPECMOS doesn't
actually contain a virus). It was supposed to be fixed in V3.1 (via EXE
cloaking), but I accidentally left the original COM file in the CD. This
is definitely fixed in V3.2. Take a look at:

http://www.ultimatebootcd.com/bugs.html

for more information.

Now, why are people still reporting that V3.2 triggers a virus alert,
even when I have rechecked the ISO many times to confirm that it does
not contain WIPECMOS.COM?

I suspect people might be extracting the files in the V3.2 ISO into an
existing V3.0 or V3.1 directory. If you download the original ISO and
view using WinISO or equivalent utility, you can be sure the file
WIPECMOS.COM is not even there!
Last edited by Victor Chew on Mon May 14, 2007 6:17 am, edited 1 time in total.

MRT
Posts: 2
Joined: Fri Jun 03, 2005 1:43 am
Location: Norway

#2 Post by MRT » Fri Jun 03, 2005 1:57 am

Hello. I've downloaded and extracted ubcd33-full.iso for costumization. The file wipecmos.com is most definetivly in /dosapps/wipecmos directory (also checked with IsoBuster, besides extracting to an empty directory) and Norton AntiVirus reports it as a virus, or rather; that it contains the virus "hacktool".... I reckon this is a false positive, but what is the file wipecmos.com for anyway?

darkblayde
Posts: 1
Joined: Thu Jun 30, 2005 8:42 am
Location: Syracuse NY

Wipecmos.com IS STILL IN V3.3 Basic - Verified

#3 Post by darkblayde » Thu Jun 30, 2005 9:10 am

Just an FYI Vic,

Just extracted a fresh DL of V.3.3 Basic into a new folder. Wipecmos.com is still there along with Wipecmos.exe...

Image

db

Victor Chew
Posts: 1368
Joined: Mon Feb 21, 2005 10:59 pm
Contact:

Virus found in WIPECMOS.COM

#4 Post by Victor Chew » Thu Jun 30, 2005 6:34 pm

Dude, it has to be something else. The new version of WIPECMOS in UBCD
3.3 uses the .EXE format. There is no .COM file.

pwhodges
Posts: 7
Joined: Thu May 05, 2005 4:37 am
Location: Oxford, UK
Contact:

#5 Post by pwhodges » Tue Jul 05, 2005 3:41 am

WIPECMOS is seen as malware by McAfee as well as Norton. I've always thought that this is because it is a program that can be used to remove BIOS passwords - at any rate, it's deliberate, not a false positive.

Paul

Victor Chew
Posts: 1368
Joined: Mon Feb 21, 2005 10:59 pm
Contact:

#6 Post by Victor Chew » Tue Jul 05, 2005 6:53 pm

Can you confirm that's for WIPECMOS.EXE, and not WIPECMOS.COM? My version of Norton Antivirus did not flag WIPECMOS.EXE.

Michelle
Posts: 3
Joined: Thu Mar 10, 2005 7:43 pm

Re: Virus found in WIPECMOS.COM

#7 Post by Michelle » Tue Jul 05, 2005 6:56 pm

Victor Chew wrote:Dude, it has to be something else. The new version of WIPECMOS in UBCD
3.3 uses the .EXE format. There is no .COM file.
Hello Victor,
Dudette here. I don't even use NAV, nor care about the bug, but somewhere there should be a simple fact check. I have UBCD 3.3 (basic)downloaded on June 10, 2005 and I just reconfirmed the MD5 checksum. Looking into it (mounted with DAEMON manager) it really does have a file called wipecmos.com in the above mentioned directory. JFYI.

-m

Victor Chew
Posts: 1368
Joined: Mon Feb 21, 2005 10:59 pm
Contact:

#8 Post by Victor Chew » Tue Jul 05, 2005 7:16 pm

Hi dudette (that's a new word for me! :D).

OK, I am stumped. I just checked again as per Michelle's instructions, and indeed WIPECMOS.COM can be found in _both_ UBCD 3.2 and UBCD 3.3. I cannot explain this discrepency, since I have checked this quite a few times, and I was quite sure this was fixed in UBCD 3.2 and up.

I apologise for this grave oversight on my part, and I will _absolutely_ fix it by UBCD 3.4, otherwise you guys can hang me by my underwear!

pwhodges
Posts: 7
Joined: Thu May 05, 2005 4:37 am
Location: Oxford, UK
Contact:

#9 Post by pwhodges » Fri Jul 08, 2005 3:57 am

Victor Chew wrote:Can you confirm that's for WIPECMOS.EXE, and not WIPECMOS.COM? My version of Norton Antivirus did not flag WIPECMOS.EXE.
No, but I can check McAfee this evening. My point was more that I don't think it's a false positive, but a deliberate decision to detect. If it was a false positive, I expect McAfee would have got around to fixing it by now - I first saw it detected 7 or 8 years ago!

Paul

Victor Chew
Posts: 1368
Joined: Mon Feb 21, 2005 10:59 pm
Contact:

Virus found in WIPECMOS.COM

#10 Post by Victor Chew » Sun Jul 10, 2005 11:42 pm

It really is a false positive, as many people more knowledgeable than
myself have point out. Maybe WIPECMOS is just too small to be worth
McAfee's bother.

MaXiMuS
Posts: 1
Joined: Wed Jul 13, 2005 12:25 pm

I just Downloaded and its there

#11 Post by MaXiMuS » Wed Jul 13, 2005 12:33 pm

I just downloaded it and it is there
My Norton picked it up and deleted it

I Found an older version on a CD and it was there too
Something is not right
Maybe some one should turn this into the FEDS ECT... for Hacking
could this be the reason why systems crash ?
Could this be a way for them to HACK our systems

I do believe the Government and Microsoft is Paying $$$$$$ to report Hackers

I have made a copy of this forum and will be sending it in
Clearly they do not want to fix the problem they just blow Smoke up every ones ASS like we are Dummies
and have no clue what we are talking about
They have had Ample Time to correct the issue but clearly have NOT !!!

dbatcheler
Posts: 2
Joined: Wed Feb 01, 2006 12:45 pm

Virus on UBCD 3.3

#12 Post by dbatcheler » Wed Feb 01, 2006 12:59 pm

I Just download 4 copies of UBCD 3.3 from 4 different download sites but when I extract the exe/zip file and test for virus on the iso with my copy of ZoneAlarm Sutie tell me I have a virus called "Win95.SK" is this the fase alert as my anti-virus software is upto date the anti-virus software in ZoneAlarm Suite is from Computer Associates

Victor Chew
Posts: 1368
Joined: Mon Feb 21, 2005 10:59 pm
Contact:

#13 Post by Victor Chew » Wed Feb 01, 2006 8:03 pm

Please see Known Bugs: http://www.ultimatebootcd.com/bugs.html

It is a false alarm. This will be fixed in V3.4.

dbatcheler
Posts: 2
Joined: Wed Feb 01, 2006 12:45 pm

Virus on ubcd 3.3

#14 Post by dbatcheler » Thu Feb 02, 2006 2:31 am

I looked @ that page but I could not find out where on the iso the virus was as my anti-virus deletes it as soon as I extract it from the exe/zip file and trys to delete the exe/zip file as well so I can't burn it to disk, I can't turn off the anti-virus as I use the family pc and the software is passworded when is a fixed copy going to be available?

rola
Posts: 2
Joined: Wed Dec 26, 2007 10:28 pm

#15 Post by rola » Sun Jan 13, 2008 9:21 pm

I also want to know how to solve the problem, but I found no answer.

Constance
Posts: 338
Joined: Fri Sep 23, 2005 1:21 am
Location: France

#16 Post by Constance » Mon Jan 14, 2008 11:01 am

rola wrote:I also want to know how to solve the problem, but I found no answer.
Just ignore it, since it's not an actual problem ? :hmm:
Hammerite Compendium of Precepts, Regimens and Rules of Conduct, Vol. 113 :
A stroke of thy chisel, once made, canst be undone, but a stroke thou dost not make from fear is a worse flaw.
Be not cautious - be correct.

Locked