|
Author Topic:   Norton AV
Kevlar
Member
posted March 16, 2002 12:26 AM            
Norton Antivirus has reported that my TM unistall.exe is infected with backdoor.trojan only this is impossible because I run a nightly scan a 3am and the night before the logs are clean and I am positive I have no virus.

I think it may be a bad definitions set from Symantec. Since they have had 3 live updates in the pasts 3 days. This happened a couple years ago from them, false detections, due to a bad definitions set.

Anyone else run into this?


------------------
TM-Central.com


IP:

Rex R
Member
posted March 16, 2002 01:53 AM            
not yet.(norton AV 2k2)

IP:

Rex R
Member
posted March 16, 2002 02:11 AM            
ran a scan 00;15 cst no trojans went online NAV updated itself. I ran a scan on the game folder, lo and behold said it had found 2 infested files tm-uninstall & tm-masterclient uninstall. since I have gone to; attworldnet home page, and here... guess the 'trojan' came from norton

IP:

Kevlar
Member
posted March 16, 2002 02:35 AM            
Actually I believe its just a false detection. I believe there is no virus. Like I said, I've seen this happen before with a backup utility that used a certain type of compression routine. But Norton eventually released a new definition set.
....

I just stumbled across this in the LDA DX Ball forum.
/forums/archive/ubb/Forum1/HTML/000401.html

IP:

Paranor
Member
posted March 16, 2002 02:42 AM            
Funny, I GOT THE SAME THING TONITE!

Must be false.

IP:

KiLlEr
Member
posted March 16, 2002 02:59 AM            
Same here. I just installed NAV2k

IP:

Dreamer
Member
posted March 16, 2002 04:14 AM         
Did you inform Norton? In case they post a news item concerning this, we'd have for free a perfect advertisement for TM.

IP:

=DNX= Matrix
Member
posted March 16, 2002 09:08 AM            
Yup same here, Tm.exe and Uninstall.exe in all of my installs is supposedly infected : im N2k2 - It pointed me here:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trojan.html

IP:

Kevlar
Member
posted March 16, 2002 11:22 AM            
I just contacted Symantec Technical Support and informed them.


IP:

=DNX= Matrix
Member
posted March 16, 2002 08:22 PM            
Good call man thx

IP:

A2597
Member
posted March 16, 2002 08:31 PM            
Same thing here.
one difference...

I had a DLL that was installed though a .js document that was part of the same trojan

------------------
### Hi, I'm a sig virus. Please add me to the end of your signature so I can take over the world. ### - Caught from excaliber @ B5mg.com

IP:

Hammer
Member
posted March 19, 2002 06:39 PM            
I got the same thing. Your probably right that it's a false detection but I don't like it at all. Not good for LDA or Symantec makes me a little leery of both.
I am not that computer savvy and when my anti virus protection program tells me something I want to believe it.
I currently have a game up for Wed. night's CTF but I think after that I will cool it until Symantec resolves the problem. In the mean time I will contact them myself to be reassured it is a false detection.

[This message has been edited by Hammer (edited March 19, 2002).]

IP:

Kevlar
Member
posted March 20, 2002 07:00 PM            
I was informed that a new definitions set is available thru LiveUpdate for Norton AV. The problem was in the definitions set. I ran Live Update and it worked. It no longer see's my TM uninstall.exe as infected.

Post here is you still have problems after updating your definitions. Because I have a tracking number that will make things move slightly faster.


------------------
TM-Central.com


IP:

=DNX= Matrix
Member
posted March 20, 2002 10:15 PM            
sorted good call man..... musta seen the code as a mutated strain of said trojan. These heuristic learning systems are gettin good ya know

I used VIRUS EXPERT back in the amiga days and that even allowed you to save the brainfile to build your own updates you could save the brainfile out as a bin file and edit it in cygnus editor, then save out from that as an exe

fun fun fun - i once (in my messing around days) let Smily Cancer, Butonic, Lamer Exterminator, HCS and the Saddam Disk Vallidator Virus run riot on a system on purpose, shifting files around, fighting each other for control of the system.... I left it for 10 minutes... then i wrote a file out to a floppy; it measured a ++10 on the danger watch out scale LMAO ! till then the most id seen from a "guess what it can do" learning virus program was a +7 in the form of the DISCACID 2 virus LMAO !

I burned the floppy

Mad !

IP:

Rex R
Member
posted March 22, 2002 01:12 AM            
latest set of definitions seems to have fixed the errors

IP:

Kevlar
Member
posted March 22, 2002 11:25 AM            
Transcript of Symantec Technical Support Discussion.
http://servicenews.symantec.com/cgi-bin/displayArticle.cgi?group=symantec.support.generic.virus.general&article=211632


------------------
TM-Central.com


IP:

Hammer
Member
posted March 22, 2002 01:23 PM            
Thank God! I updated my virus scan definitions and no more problems.
All is right with the world again!
But I also noticed I had not been getting my mail and now that's working also! So not only did they give me anxiety over my gaming they actually messed up my communications with the world!

[This message has been edited by Hammer (edited March 22, 2002).]

IP:

Rex R
Member
posted March 22, 2002 02:16 PM            
nice plug you got in. good show, well done

IP: