Is this a false positive....A/V question

cbjhawks · 02-17-2006, 07:52 PM

I have 4 machines:
Computer 1 has WinXP and Suse10 installed (same drv)
Computer 2 XP only
Computer 3 98SE only
Computer 4 Fedora4 only

I wanted to find a better A/V than what I was using for my XP machines (AVG 7 Free version)...so on Computer1 I uninstalled AVG and chose Bit Defender 9 Standard version (trial for 30 days)...upon installing BD9 I did a complete scan of Computer1 and it reported back with 4 virus' found.

The files were found on Disc3 of Fedora's ISO images (in My Doctuments folder) I used to burn a CD in order to install that distro on Computer4.

Bit Defender reported the following:
Trojan.Exploit.HTML.Iframe.Filedownload.AW (3 occurances on iso disc3)
Exploit.HTML.IFrame.FileDownload.E ( 1 occurance on iso disc3)

I Googled those messages and I'm not sure what I was reading, it appeared that it might not be a virus but a hole in the code used for Fedora4 that appears on my disc#3...but again I'm not sure. So I'm wondering if those were really virus' or that BD9 was just reporting a possible weakness in the code...follow? Any thoughts/links would be appreciated and thanks in advance

XavierP · 02-17-2006, 07:56 PM

Which files did it report were viruses?

soulestream · 02-17-2006, 08:27 PM

it was probably a false positive. But where did you get the .iso's from. Did you get them from the repos or from another site?

soule

cbjhawks · 02-19-2006, 08:02 AM

I got the iso images from Red Hat FTP site...here is the log for that particular scan...see summary section.

//-----------------------------------------------------------------
//
// Product: BitDefender 9 Standard
// Version: 9.0
//
// Created on: 17/02/2006 09:15:45
//
//-----------------------------------------------------------------

Statistics

Scan path : C:\
Folders : 3961
Files : 609182
Archives : 69581
Packed files : 19889
Identified viruses : 2
Infected files : 4
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 0
Renamed files : 0
I/O errors : 130
Scan time : 01:11:05
Scan speed (files/sec) : 142

Virus definitions : 260800
Scan plugins : 13
Archive plugins : 39
Unpack plugins : 4
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Program Files\Softwin\BitDefender9\Logs\vscan_1140189345.log

Summary:

C:\Documents and Settings\Mom-Dad\My Documents\Fedora Core 4\FC4-i386-disc3.iso=>Fedora/RPMS/mailman-2.1.5-35.fc4.i386.rpm=>mailman-2.1.5-35.fc4.gz=>FC4-i386-disc3.iso=>Fedora/RPMS/mailman-2.1.5-35.fc4.i386.rpm=>mailman-2.1.5-35.fc4=>./usr/lib/mailman/tests/msgs/nimda.txt=>(IFRAME) Infected: Trojan.Exploit.Html.Iframe.Filedownload.AW
C:\Documents and Settings\Mom-Dad\My Documents\Fedora Core 4\FC4-i386-disc3.iso=>Fedora/RPMS/mailman-2.1.5-35.fc4.i386.rpm=>mailman-2.1.5-35.fc4.gz=>FC4-i386-disc3.iso=>Fedora/RPMS/mailman-2.1.5-35.fc4.i386.rpm=>mailman-2.1.5-35.fc4=>./usr/lib/mailman/tests/msgs/nimda.txt=>(IFRAME) Disinfection failed
C:\Documents and Settings\Mom-Dad\My Documents\Fedora Core 4\FC4-i386-disc3.iso=>Fedora/RPMS/mailman-2.1.5-35.fc4.i386.rpm=>mailman-2.1.5-35.fc4.gz=>FC4-i386-disc3.iso=>Fedora/RPMS/mailman-2.1.5-35.fc4.i386.rpm=>mailman-2.1.5-35.fc4=>./usr/lib/mailman/tests/msgs/nimda.txt=>[Subject: C:\WINNT\mmc.exebqinsghtmstaskicwconnh][Date: Wed, 19 Sep 2001 10:54:11 +0900 (JST)]=>(MIME part)=>(IFRAME) Infected: Trojan.Exploit.Html.Iframe.Filedownload.AW
C:\Documents and Settings\Mom-Dad\My Documents\Fedora Core 4\FC4-i386-disc3.iso=>Fedora/RPMS/mailman-2.1.5-35.fc4.i386.rpm=>mailman-2.1.5-35.fc4.gz=>FC4-i386-disc3.iso=>Fedora/RPMS/mailman-2.1.5-35.fc4.i386.rpm=>mailman-2.1.5-35.fc4=>./usr/lib/mailman/tests/msgs/nimda.txt=>[Subject: C:\WINNT\mmc.exebqinsghtmstaskicwconnh][Date: Wed, 19 Sep 2001 10:54:11 +0900 (JST)]=>(MIME part)=>(IFRAME) Disinfection failed
C:\Documents and Settings\Mom-Dad\My Documents\Fedora Core 4\FC4-i386-disc3.iso=>Fedora/RPMS/mailman-2.1.5-35.fc4.i386.rpm=>mailman-2.1.5-35.fc4.gz=>FC4-i386-disc3.iso=>Fedora/RPMS/mailman-2.1.5-35.fc4.i386.rpm=>mailman-2.1.5-35.fc4=>./usr/lib/mailman/tests/msgs/nimda.txt=>[Subject: C:\WINNT\mmc.exebqinsghtmstaskicwconnh][Date: Wed, 19 Sep 2001 10:54:11 +0900 (JST)]=>(MIME part)=>(MIME part)=>(IFRAME) Infected: Trojan.Exploit.Html.Iframe.Filedownload.AW
C:\Documents and Settings\Mom-Dad\My Documents\Fedora Core 4\FC4-i386-disc3.iso=>Fedora/RPMS/mailman-2.1.5-35.fc4.i386.rpm=>mailman-2.1.5-35.fc4.gz=>FC4-i386-disc3.iso=>Fedora/RPMS/mailman-2.1.5-35.fc4.i386.rpm=>mailman-2.1.5-35.fc4=>./usr/lib/mailman/tests/msgs/nimda.txt=>[Subject: C:\WINNT\mmc.exebqinsghtmstaskicwconnh][Date: Wed, 19 Sep 2001 10:54:11 +0900 (JST)]=>(MIME part)=>(MIME part)=>(IFRAME) Disinfection failed
C:\Documents and Settings\Mom-Dad\My Documents\Fedora Core 4\FC4-i386-disc3.iso=>Fedora/RPMS/mailman-2.1.5-35.fc4.i386.rpm=>mailman-2.1.5-35.fc4.gz=>FC4-i386-disc3.iso=>Fedora/RPMS/mailman-2.1.5-35.fc4.i386.rpm=>mailman-2.1.5-35.fc4=>./usr/lib/mailman/tests/msgs/nimda.txt=>[Subject: C:\WINNT\mmc.exebqinsghtmstaskicwconnh][Date: Wed, 19 Sep 2001 10:54:11 +0900 (JST)]=>(MIME part)=>(MIME part)=>(message body) Infected: Exploit.HTML.Iframe.FileDownload.E

unSpawn · 02-21-2006, 07:50 AM

C:\Documents and Settings\Mom-Dad\My Documents\Fedora Core 4\FC4-i386-disc3.iso=>Fedora/RPMS/mailman-2.1.5-35.fc4.i386.rpm=>mailman-2.1.5-35.fc4.gz=>FC4-i386-disc3.iso=>Fedora/RPMS/mailman-2.1.5-35.fc4.i386.rpm=>mailman-2.1.5-35.fc4=>./usr/lib/mailman/tests/msgs/nimda.txt=>[Subject:
And the directoryname doesn't give you any clues?..