Hello, a worm ( win32:malware-gen )
is detecté by avast anti virus in the file \ubcd\dosapps\astra.cab
on the ubcd CD V50RC1
It is normal?
worm ( win32:malware-gen )
Moderators: Icecube, StopSpazzing
-
RogueSpear
- Posts: 3
- Joined: Wed Nov 11, 2009 10:35 am
- Location: Buffalo, NY
You can always submit files to VirusTotal to see..
http://www.virustotal.com/analisis/63a1 ... 1264115153
http://www.virustotal.com/analisis/63a1 ... 1264115153
Some files inside the cab file are probably compressed with UPX or another compressor. Virus makers use UPX and other compressors to make it more difficult for virus scanners to see what a program does (needs to be unpacked first). But UPX compression isn't dangerous on its own.
Download Ultimate Boot CD v5.0: http://www.ultimatebootcd.com/download.html
Use Parted Magic for handling all partitioning task: http://partedmagic.com/
Use Parted Magic for handling all partitioning task: http://partedmagic.com/
I got tired of this anti-virus issue so I decided to rebuild the astra.cab myself, here's how;
1) Grab the latest version of Astra from http://www.sysinfolab.com/
2) Extract contents to a folder eg. C:\dosapps\astra
3) Find a copy of MS's cabarc.exe, it might be in a resource kit not sure
EDIT: Get it here: http://support.microsoft.com/kb/310618
4) Place cabarc.exe in c:\dosapps
5) Create a blank text file in c:\dosapps and rename to makecab.bat
6) Edit file and paste this line @cabarc -m LZX:21 -p -r -P astra\ n astra.cab astra\*.* save file and double click it
You should now have a new astra.cab in c:\dosapps, move it to your dosapps folder within UBCD and recreate your ISO
This was tested with ASTRA 5.45, there are no AV issues with it.
1) Grab the latest version of Astra from http://www.sysinfolab.com/
2) Extract contents to a folder eg. C:\dosapps\astra
3) Find a copy of MS's cabarc.exe, it might be in a resource kit not sure
EDIT: Get it here: http://support.microsoft.com/kb/310618
4) Place cabarc.exe in c:\dosapps
5) Create a blank text file in c:\dosapps and rename to makecab.bat
6) Edit file and paste this line @cabarc -m LZX:21 -p -r -P astra\ n astra.cab astra\*.* save file and double click it
You should now have a new astra.cab in c:\dosapps, move it to your dosapps folder within UBCD and recreate your ISO
This was tested with ASTRA 5.45, there are no AV issues with it.
-
StopSpazzing
- Posts: 462
- Joined: Tue Sep 09, 2008 4:37 pm
- Location: California, USA
- Contact:
Use their forums, and ask...or check their "contact us" tab on their website. All antivirus companies should have a way to report false positives..and if they don't, then they are too cheap to care about their customers and I would recommend moving to another AV. I personally use Avira AntiVir Personal, which is free and does not detect that cab as dangerous.kcarney wrote:McAfee has been doing the same for about a month now, I haven't found away to alert them of a possible false-positive
~Just StopSpazzing~
Visit the UBCD Wiki: http://wiki.ultimatebootcd.com
Please check your UBCD ISO MD5 Hash Sum; May prevent issues later on by not having an exact copy.
Currently Working on Common Issues and Repair Tips on the Wiki.
Visit the UBCD Wiki: http://wiki.ultimatebootcd.com
Please check your UBCD ISO MD5 Hash Sum; May prevent issues later on by not having an exact copy.
Currently Working on Common Issues and Repair Tips on the Wiki.
There's nothing like that at all on their website, I searched for what seemed like weeks. One spot I found seemed to be what I was looking for but all it did was upload the file to them so THEY can tell me again that the file might be suspect.
I'll stick with my fix of updating the astra software over redeploying a new AV product to over 400 computers any day. As much as I don't like it the licensing was just renewed for three more years.
I'll stick with my fix of updating the astra software over redeploying a new AV product to over 400 computers any day. As much as I don't like it the licensing was just renewed for three more years.