cancel
Showing results for 
Search instead for 
Did you mean: 

Avast % win32.bugbear

N/A

Avast % win32.bugbear

My Pc was new 3 months ago and came with a 3-month antivirus trial. I saw a mention here of Avast and thought I'd give it a try.

I nearly fell off my chair when within a few seconds of starting it flagged a virus! It reported win32.bugbear in Pop3.log which I deleted. As my PC is only three months old, and as the file was dated 2002, I'm wondering if it was a valid find? I could have transferred it from my old Pc, but that had Norton on.

Any thoughts?

Allan
10 REPLIES
N/A

Avast % win32.bugbear

viruse's can attach them selfs to anything, so if you have copied or restored from a cd or another hdd to your new one, then possibly this is the reason you have got the virus, norton is good and i have it but viruse's can still get through. The other thing is, if it attached itself to a email or file when you first switched on your new system then it could off got through the internet and straight onto your system. Allways remember to update antivirus deffinition files and run the windows update, because if you leave it too long before updating or installing antivirus software, your system will be full of viruse's.

Go to link about how to protect (5th post down)
http://portal.plus.net/central/forums/viewtopic.php?t=28490

Edit:- As ivn2mod has said below viruses cannot infect image files like .JPEG, JPG,GIF,BMP,TIFF,PCX, sorry forgot to put that down in original post, thanks for pointing it out thoe..... Smiley
N/A

Viruses & Files,Ivan

Hello,

Ian Webb wrote:
Quote
viruse's can attach them selfs to anything
Definately NOT true, viruses CANNOT REPEAT CANNOT !! Infect image files like .JPEG, JPG,GIF,BMP,TIFF,PCX,etc,etc THANK GOODNESS TOO!! otherwise the internet would definately grind to a full stop otherwise.

**The general rule of thumb is that viruses tend on the whole to come in the form of a payload which once the file is run, drop there cargo (whatever that might be!). Viruses & Infections tend to be hidden within .exe, .bat. com, also DLL files and script files such as VB (visual basic) or Java script or other script languages.

Kind Regards
Ivan


--------------------------------------------------
F9 FOL Forum Moderator
F9 Broadband Premier 2MB User
N/A

Avast % win32.bugbear

Thanks for the replies.

I'm always up-to-date with definitions and Windows updates. I run adaware and spybot regularly, and the Windows scanner nightly. I use Firefox rather than IE and don't open unexpected attachments. I use Mailwasher, and have this check for the usual suspect extensions.

I was just interested whether there was the possibility of a false virus detection, in that it was so old. Pity I didn't keep it.

Allan
N/A

Anti Virus & More,Ivan

Hi Allen,

Well that's a very very interesting question, is there such a thing as a false virus?? or can AV software detect a false virus. To be honest I dont know the answer to this question. But I guess I'm quite curious to know what you mean exactly by a false virus? Well I'm NOT saying this isnt possible but I've not come across such a thing in over 12 years in IT & Computing.

**What is a False Virus??

**remember most virus scanning software from the major anti virus vendors tends to include virus signature files that are cummulative in nature. So although new viruses are added to the signature files, the software should still be able to detect viruses that might be as old as one or possibly two years previously.

**Virus writers are an utter pain because one of the tricks they try on is creating varients of previous viruses. So a new varient looks like a previously know infection but isnt detected because key features or key behaviour is changed or modified. Its one way to try and fool the anti virus software programs, sometimes it actually works too. Which is why users like us have to remain for ever vigilant as well as the AV software vendors.

Regards Ivan


--------------------------------------------------
F9 FOL Forum Moderator
F9 Broadband Premier 2MB User
N/A

Avast % win32.bugbear

Hi Ivan

I've just done a Google for "false virus" and got 7000+ hits. I've just looked at a few of them and most are hoax warnings, but I found one on the lines I was thinking of.

Quote
The problem is well known by many software manufacturers. Often a virus is detected by recognizing a certain bit pattern. The same bit pattern can of course also by chance appear in other files, and the probability for such a coincidence cannot be disregarded in tar.gz files of the size we are talking about here.

The vendors of anti-virus software do their best to avoid these false alerts. When a virus has been known for a while one can often identify it more precisely. This is why most false alerts disappear when a newer version of the virus definition file is installed.


So, they can happen, but what mine was, who knows.

Allan
N/A

False Viruses

Hi Allen,

Thanks for your reply which was very interesting and makes complete sense, although I'd suggest detecting a false virus is probably extremely rare given the amount of testing and development anti virus software has to under go before being sold as a commercial product.

**Have you come across the EICAR virus test string? This is a string of alphnumeric's which can be copied and pasted into a simple .txt file placed anywhere on your HDD, run your AV program and it should detect it. This confirms your AV software IS working correctly should you wish to test it of course. EICAR test string is internationally recognised now and there are numerous places to source this if you want a copy.

Regards Ivan

--------------------------------------------------
F9 FOL Forum Moderator
F9 Broadband Premier 2MB User
N/A

Avast % win32.bugbear

Hi Ivan

Yes, I did use that for a while.

Then, being a bit of a cynic, I suspected that any AV company would look foolish if its product failed to find it, so sensibly it would specifically check for its presence. I suppose it would prove the scan was doing something, but what else would it achieve?

Allan
N/A

Replying on EICAR string,Ivan

Hello Allen,

EICAR's only function is to show you that your AV scanner is actually working correctly and is detecting correctly. EICAR is just a standard and accepted benchmark test string and the benefit is that its independant of the virus software manufacturers thats all really. No big mystery here! just a means to an end nothing more.

Ivan

--------------------------------------------------
F9 FOL Forum Moderator
F9 Broadband Premier 2MB User
N/A

Avast % win32.bugbear

Postscript
The file that contained the 'virus' was still on my laptop, with an up-to-date Norton running quite happily. I copied it again to my desktop, and again Avast complained. I then ran Trend Housecall, which found no problem.

So, I sent it off to Avast who have confirmed that it does in fact contain the code of Bugbear, but it is not executable {presumably because it is in a .log file.}

I looked at the file, and it starts as a genuine log format, then there's a section of garbage, then what appears to be part of a dictionary, finishing up in log format again. I suspected there had been a corruption, so was a bit surprised by Avast's verdict.

But, hey ho - no harm done, and Avast is definitely working.

Allan
N/A

So in the end?

Hi Allen,

Thanks for your most interesting postscript on the virus. Good to know you finally got to the bottom of this matter and especially good that no harm to your system resulted.

Best Regards Ivan

--------------------------------------------------
F9 FOL Forum Moderator
F9 Broadband Premier 2MB User