From owner-freebsd-questions Mon Feb 5 9:40:27 2001 Delivered-To: freebsd-questions@freebsd.org Received: from xena.gsicomp.on.ca (cr677933-a.ktchnr1.on.wave.home.com [24.43.230.149]) by hub.freebsd.org (Postfix) with ESMTP id 2EBB737B491 for ; Mon, 5 Feb 2001 09:40:03 -0800 (PST) Received: from hermes (hermes.gsicomp.on.ca [192.168.0.18]) by xena.gsicomp.on.ca (8.11.1/8.9.3) with SMTP id f15HcGi29144; Mon, 5 Feb 2001 12:38:16 -0500 (EST) (envelope-from matt@gsicomp.on.ca) Message-ID: <003401c08f9b$cd6ed6f0$1200a8c0@gsicomp.on.ca> From: "Matthew Emmerton" To: "Hensley, Ed" , "'freebsd-questions@FreeBSD.org'" References: Subject: Re: Bloodhound.MBR virus question Date: Mon, 5 Feb 2001 12:48:01 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Dear FreeBSD Supporters, > > I recently bought the FreeBSD 4.0 package and installed it on my IBM Aptiva > PC. I used the Dual-boot method, i.e., defraged the disk (8GB), and used the > CD-ROM Boot method of installing the release on a new disk partition created > by the install process. This all worked fine, and I was able to boot up > Windows 98, or FreeBSD when I turned on my PC. > > Then the Windows 98 selection started giving me a notice (from Norton) that > I had the Bloodhound.MBR virus in the Master Boot Record. At first I ignored > this (answered NO to letting Norton fix it), and whenever I booted FreeBSD I > had no problems, minus some installation options like sound card not > working. My first thought was that the Norton software just did not > understand that I had a dual boot set up on the PC. This is a Norton false alarm. When Norton detects something that exhibits virus-like behaviour, but isn't in their database, it gets labelled as a "Bloodhound" virus. (http://service1.symantec.com/sarc/sarc.nsf/html/bloodhound.html) I just searched the web and apparently Norton labels many boot loaders (including those used by FreeBSD, LILO and Partition Magic) as being Bloodhound.MBR -- and of course, they're not viruses. The suggested workaround is to disable MBR checking in NAV until they Symantec gets around to fixing their AV product to realize the difference between a boot loader and a virus. -- Matt Emmerton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message