It is currently Tue Apr 22, 2014 10:47 pm

All times are UTC - 8 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 16 posts ] 
Author Message
 Post subject: Virus found in WIPECMOS.COM
PostPosted: Sun Mar 27, 2005 6:34 pm 
Offline

Joined: Mon Feb 21, 2005 10:59 pm
Posts: 1259
Note: I am reposting my response to this query sent to my personal
account to publicize this issue.

> Hello there,
>
> I downloaded the latest version of your BootCD (excellent job btw)
> and then extracted it. As i was extracting it, Norton Antivirus found
> a virus in the file and deleted it. The file that was repaired was
> the following: UltimateBootCD\ubcd32-basic\dosapps\wipecm. The virus
> that was found is called Hacktool.
>
> Your ultimate boot CD is a powerful tool and very helpful. But next
> time, clean it from viruses before uploading it to your website for
> downloads.
>
> Best Regards, Ilias Patronicolaou

This is a false alarm that was introduced in V3.0 (WIPECMOS doesn't
actually contain a virus). It was supposed to be fixed in V3.1 (via EXE
cloaking), but I accidentally left the original COM file in the CD. This
is definitely fixed in V3.2. Take a look at:

http://www.ultimatebootcd.com/bugs.html

for more information.

Now, why are people still reporting that V3.2 triggers a virus alert,
even when I have rechecked the ISO many times to confirm that it does
not contain WIPECMOS.COM?

I suspect people might be extracting the files in the V3.2 ISO into an
existing V3.0 or V3.1 directory. If you download the original ISO and
view using WinISO or equivalent utility, you can be sure the file
WIPECMOS.COM is not even there!


Last edited by Victor Chew on Mon May 14, 2007 6:17 am, edited 1 time in total.

Top
 Profile  
 
 Post subject:
PostPosted: Fri Jun 03, 2005 1:57 am 
Offline

Joined: Fri Jun 03, 2005 1:43 am
Posts: 2
Location: Norway
Hello. I've downloaded and extracted ubcd33-full.iso for costumization. The file wipecmos.com is most definetivly in /dosapps/wipecmos directory (also checked with IsoBuster, besides extracting to an empty directory) and Norton AntiVirus reports it as a virus, or rather; that it contains the virus "hacktool".... I reckon this is a false positive, but what is the file wipecmos.com for anyway?


Top
 Profile  
 
 Post subject: Wipecmos.com IS STILL IN V3.3 Basic - Verified
PostPosted: Thu Jun 30, 2005 9:10 am 
Offline

Joined: Thu Jun 30, 2005 8:42 am
Posts: 1
Location: Syracuse NY
Just an FYI Vic,

Just extracted a fresh DL of V.3.3 Basic into a new folder. Wipecmos.com is still there along with Wipecmos.exe...

Image

db


Top
 Profile  
 
 Post subject: Virus found in WIPECMOS.COM
PostPosted: Thu Jun 30, 2005 6:34 pm 
Offline

Joined: Mon Feb 21, 2005 10:59 pm
Posts: 1259
Dude, it has to be something else. The new version of WIPECMOS in UBCD
3.3 uses the .EXE format. There is no .COM file.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Jul 05, 2005 3:41 am 
Offline

Joined: Thu May 05, 2005 4:37 am
Posts: 7
Location: Oxford, UK
WIPECMOS is seen as malware by McAfee as well as Norton. I've always thought that this is because it is a program that can be used to remove BIOS passwords - at any rate, it's deliberate, not a false positive.

Paul


Top
 Profile  
 
 Post subject:
PostPosted: Tue Jul 05, 2005 6:53 pm 
Offline

Joined: Mon Feb 21, 2005 10:59 pm
Posts: 1259
Can you confirm that's for WIPECMOS.EXE, and not WIPECMOS.COM? My version of Norton Antivirus did not flag WIPECMOS.EXE.


Top
 Profile  
 
 Post subject: Re: Virus found in WIPECMOS.COM
PostPosted: Tue Jul 05, 2005 6:56 pm 
Offline

Joined: Thu Mar 10, 2005 7:43 pm
Posts: 3
Victor Chew wrote:
Dude, it has to be something else. The new version of WIPECMOS in UBCD
3.3 uses the .EXE format. There is no .COM file.
Hello Victor,
Dudette here. I don't even use NAV, nor care about the bug, but somewhere there should be a simple fact check. I have UBCD 3.3 (basic)downloaded on June 10, 2005 and I just reconfirmed the MD5 checksum. Looking into it (mounted with DAEMON manager) it really does have a file called wipecmos.com in the above mentioned directory. JFYI.

-m


Top
 Profile  
 
 Post subject:
PostPosted: Tue Jul 05, 2005 7:16 pm 
Offline

Joined: Mon Feb 21, 2005 10:59 pm
Posts: 1259
Hi dudette (that's a new word for me! :D).

OK, I am stumped. I just checked again as per Michelle's instructions, and indeed WIPECMOS.COM can be found in _both_ UBCD 3.2 and UBCD 3.3. I cannot explain this discrepency, since I have checked this quite a few times, and I was quite sure this was fixed in UBCD 3.2 and up.

I apologise for this grave oversight on my part, and I will _absolutely_ fix it by UBCD 3.4, otherwise you guys can hang me by my underwear!


Top
 Profile  
 
 Post subject:
PostPosted: Fri Jul 08, 2005 3:57 am 
Offline

Joined: Thu May 05, 2005 4:37 am
Posts: 7
Location: Oxford, UK
Victor Chew wrote:
Can you confirm that's for WIPECMOS.EXE, and not WIPECMOS.COM? My version of Norton Antivirus did not flag WIPECMOS.EXE.

No, but I can check McAfee this evening. My point was more that I don't think it's a false positive, but a deliberate decision to detect. If it was a false positive, I expect McAfee would have got around to fixing it by now - I first saw it detected 7 or 8 years ago!

Paul


Top
 Profile  
 
 Post subject: Virus found in WIPECMOS.COM
PostPosted: Sun Jul 10, 2005 11:42 pm 
Offline

Joined: Mon Feb 21, 2005 10:59 pm
Posts: 1259
It really is a false positive, as many people more knowledgeable than
myself have point out. Maybe WIPECMOS is just too small to be worth
McAfee's bother.


Top
 Profile  
 
 Post subject: I just Downloaded and its there
PostPosted: Wed Jul 13, 2005 12:33 pm 
Offline

Joined: Wed Jul 13, 2005 12:25 pm
Posts: 1
I just downloaded it and it is there
My Norton picked it up and deleted it

I Found an older version on a CD and it was there too
Something is not right
Maybe some one should turn this into the FEDS ECT... for Hacking
could this be the reason why systems crash ?
Could this be a way for them to HACK our systems

I do believe the Government and Microsoft is Paying $$$$$$ to report Hackers

I have made a copy of this forum and will be sending it in
Clearly they do not want to fix the problem they just blow Smoke up every ones ASS like we are Dummies
and have no clue what we are talking about
They have had Ample Time to correct the issue but clearly have NOT !!!


Top
 Profile  
 
 Post subject: Virus on UBCD 3.3
PostPosted: Wed Feb 01, 2006 12:59 pm 
Offline

Joined: Wed Feb 01, 2006 12:45 pm
Posts: 2
I Just download 4 copies of UBCD 3.3 from 4 different download sites but when I extract the exe/zip file and test for virus on the iso with my copy of ZoneAlarm Sutie tell me I have a virus called "Win95.SK" is this the fase alert as my anti-virus software is upto date the anti-virus software in ZoneAlarm Suite is from Computer Associates


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 01, 2006 8:03 pm 
Offline

Joined: Mon Feb 21, 2005 10:59 pm
Posts: 1259
Please see Known Bugs: http://www.ultimatebootcd.com/bugs.html

It is a false alarm. This will be fixed in V3.4.


Top
 Profile  
 
 Post subject: Virus on ubcd 3.3
PostPosted: Thu Feb 02, 2006 2:31 am 
Offline

Joined: Wed Feb 01, 2006 12:45 pm
Posts: 2
I looked @ that page but I could not find out where on the iso the virus was as my anti-virus deletes it as soon as I extract it from the exe/zip file and trys to delete the exe/zip file as well so I can't burn it to disk, I can't turn off the anti-virus as I use the family pc and the software is passworded when is a fixed copy going to be available?


Top
 Profile  
 
 Post subject:
PostPosted: Sun Jan 13, 2008 9:21 pm 
Offline

Joined: Wed Dec 26, 2007 10:28 pm
Posts: 2
I also want to know how to solve the problem, but I found no answer.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jan 14, 2008 11:01 am 
Offline

Joined: Fri Sep 23, 2005 1:21 am
Posts: 336
Location: France
rola wrote:
I also want to know how to solve the problem, but I found no answer.
Just ignore it, since it's not an actual problem ? :hmm:

_________________
Hammerite Compendium of Precepts, Regimens and Rules of Conduct, Vol. 113 :
A stroke of thy chisel, once made, canst be undone, but a stroke thou dost not make from fear is a worse flaw.
Be not cautious - be correct.


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 16 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group