It is currently Tue Sep 16, 2014 9:29 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 8 posts ] 
Author Message
 Post subject: worm ( win32:malware-gen )
PostPosted: Tue Jan 26, 2010 1:41 pm 
Offline

Joined: Tue Jan 26, 2010 1:28 pm
Posts: 1
Hello, a worm ( win32:malware-gen )
is detecté by avast anti virus in the file \ubcd\dosapps\astra.cab
on the ubcd CD V50RC1
It is normal?


Top
 Profile  
 
 Post subject:
PostPosted: Wed Jan 27, 2010 7:50 am 
Offline

Joined: Wed Nov 11, 2009 10:35 am
Posts: 3
Location: Buffalo, NY
You can always submit files to VirusTotal to see..

http://www.virustotal.com/analisis/63a1 ... 1264115153


Top
 Profile  
 
 Post subject:
PostPosted: Wed Jan 27, 2010 1:21 pm 
Offline

Joined: Tue Nov 24, 2009 9:22 am
Posts: 51
McAfee has been doing the same for about a month now, I haven't found away to alert them of a possible false-positive


Top
 Profile  
 
 Post subject:
PostPosted: Wed Jan 27, 2010 2:31 pm 
Offline

Joined: Fri Jan 11, 2008 2:52 pm
Posts: 1278
Some files inside the cab file are probably compressed with UPX or another compressor. Virus makers use UPX and other compressors to make it more difficult for virus scanners to see what a program does (needs to be unpacked first). But UPX compression isn't dangerous on its own.

_________________
Download Ultimate Boot CD v5.0: http://www.ultimatebootcd.com/download.html
Use Parted Magic for handling all partitioning task: http://partedmagic.com/


Top
 Profile  
 
 Post subject:
PostPosted: Thu Jan 28, 2010 9:56 am 
Offline

Joined: Tue Nov 24, 2009 9:22 am
Posts: 51
UPX compression might not be the problem, I'm not sure if the CAB is compressed with it or the files contained in the CAB. I extracted the astra.cab on an anti-virus free machine and copied single files to a protected machine and the only file McAfee still has a problem with is the ASTRA.PRG file.


Top
 Profile  
 
 Post subject:
PostPosted: Fri Apr 09, 2010 6:19 am 
Offline

Joined: Tue Nov 24, 2009 9:22 am
Posts: 51
I got tired of this anti-virus issue so I decided to rebuild the astra.cab myself, here's how;

1) Grab the latest version of Astra from http://www.sysinfolab.com/
2) Extract contents to a folder eg. C:\dosapps\astra
3) Find a copy of MS's cabarc.exe, it might be in a resource kit not sure
EDIT: Get it here: http://support.microsoft.com/kb/310618
4) Place cabarc.exe in c:\dosapps
5) Create a blank text file in c:\dosapps and rename to makecab.bat
6) Edit file and paste this line @cabarc -m LZX:21 -p -r -P astra\ n astra.cab astra\*.* save file and double click it

You should now have a new astra.cab in c:\dosapps, move it to your dosapps folder within UBCD and recreate your ISO

This was tested with ASTRA 5.45, there are no AV issues with it.


Top
 Profile  
 
 Post subject:
PostPosted: Sat Apr 10, 2010 7:09 am 
Offline

Joined: Tue Sep 09, 2008 4:37 pm
Posts: 462
Location: California, USA
kcarney wrote:
McAfee has been doing the same for about a month now, I haven't found away to alert them of a possible false-positive


Use their forums, and ask...or check their "contact us" tab on their website. All antivirus companies should have a way to report false positives..and if they don't, then they are too cheap to care about their customers and I would recommend moving to another AV. I personally use Avira AntiVir Personal, which is free and does not detect that cab as dangerous.

_________________
~Just StopSpazzing~

Visit the UBCD Wiki: http://wiki.ultimatebootcd.com
Please check your UBCD ISO MD5 Hash Sum; May prevent issues later on by not having an exact copy.

Currently Working on Common Issues and Repair Tips on the Wiki.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Apr 12, 2010 5:07 am 
Offline

Joined: Tue Nov 24, 2009 9:22 am
Posts: 51
There's nothing like that at all on their website, I searched for what seemed like weeks. One spot I found seemed to be what I was looking for but all it did was upload the file to them so THEY can tell me again that the file might be suspect.

I'll stick with my fix of updating the astra software over redeploying a new AV product to over 400 computers any day. As much as I don't like it the licensing was just renewed for three more years.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group