From nobody  Sat Dec 27 08:47:22 1997
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id IAA05026;
          Sat, 27 Dec 1997 08:47:22 -0800 (PST)
          (envelope-from nobody)
Message-Id: <199712271647.IAA05026@hub.freebsd.org>
Date: Sat, 27 Dec 1997 08:47:22 -0800 (PST)
From: ccosolo@ulti.net
To: freebsd-gnats-submit@freebsd.org
Subject: bloodhound.MBR Virus detected by Norton AV after Boot Mgr Install
X-Send-Pr-Version: www-1.0

>Number:         5383
>Category:       misc
>Synopsis:       bloodhound.MBR Virus detected by Norton AV after Boot Mgr Install
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Dec 27 08:50:01 PST 1997
>Closed-Date:    Sat Dec 27 10:55:06 PST 1997
>Last-Modified:  Sat Dec 27 10:55:53 PST 1997
>Originator:     Carlo Cosolo
>Release:        Walnut Creek 2.2.5
>Organization:
>Environment:
FreeBSD myname.my.domain 2.2.5-RELEASE FreeBSD 2.2.5-RELEASE #0: Tue Oct 21 14:33:00 GMT 1997     
jkh@time.cdrom.com:/usr/src/sys/compile/GENERIC  i386
>Description:
After successfully installing freeBSD with The supplied boot manager, I 
rebooted and selected dos. This boots win95 and executes Norton AV win95's
navboot.exe /startup from autoexec.bat. While booting navboot detects
bloodhound.MBR on the master boot record. I selected the repair option and rebooted.
The repair had disabled the boot manager but did not detect any virus.
I re-installed boot mgr and the virus returned. I now select continue instead of repair
without any ill effects but it is quite anoying when booting win95
>How-To-Repeat:
every time win95 is booted the virus is detected. My version of Norton AV
95 uses Dec 1 97 virus definitions
>Fix:
Modify code fragment to mismatch virus def on executable in bootmanager.
Or scan for possible virus in distribution
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: jkh 
State-Changed-When: Sat Dec 27 10:55:06 PST 1997 
State-Changed-Why:  
The problem lies in buggy, broken virus scanning software which 
false detects the MBR boot manager as a virus.  Either discontinue 
use of said software or file a bug report with the supplier and try 
to get an updated version. 
>Unformatted:
