James,
The following is all I know currently on this. I have not contacted McAfee
yet, but will next week as I'm currently in travel. Hopefully, there is no
call for alarm, but it does need further investigation.
Information from
McAfee's readme on this release shows:
W32/ File-infector or boot-sector
virus. Runs in 32-bit Windows
environments (Windows 95,
Windows 98 or Windows NT)
.CMP. Companion file. This designates a
companion file that the virus
adds to an existing executable
file. McAfee software deletes the
companion file to prevent later
infections .MP. Multi-partite
virus. A McAfee designation
.GR Generic detection and removal.
Native routines in McAfee software
detect and remove this virus without
using specific code strings.
WINDOWS PORTABLE EXECUTABLE FILE VIRUSES (9)
--------------------------------------------
W32/AZACO.CMP.GR
3/7/00 1:15 PM Scan Started Administrator Scan CDROM
3/7/00 1:15 PM Scan Error Administrator Error occured while
scanning boot sector of F.
3/7/00 1:19 PM Infected Administrator
F:\intel\nvfiles\filtered.cat W32/Azaco.cmp.GR (Removable)
3/7/00 1:22 PM Scan Summary Administrator Scan Summary
3/7/00 1:22 PM Scan Summary Administrator Boot sectors
scanned : 1
3/7/00 1:22 PM Scan Summary Administrator Boot sectors
infected : 0
3/7/00 1:22 PM Scan Summary Administrator Boot sectors
cleaned : 0
3/7/00 1:22 PM Scan Summary Administrator Files scanned
: 5787
3/7/00 1:22 PM Scan Summary Administrator Files infected
: 1
3/7/00 1:22 PM Scan Summary Administrator Files cleaned
: 0
3/7/00 1:22 PM Scan Summary Administrator Files deleted
: 0
3/7/00 1:22 PM Scan Summary Administrator Files moved
: 0
3/7/00 1:22 PM Scan Complete Administrator Scan CDROM
Regards,
Ken Viola
kviola@cpcug.org
On Fri, 10 Mar 2000 James_Shanks@tivoli.com wrote:
>
>
> Well, it is highly likely that this is a fluke and you should take it up with
> VirusScan. Even before looking, I can tell you that all the build machines
> run
> Norton AntiVirus regularly.
>
> I just updated my Norton anti-virus to the latest defs, which are dated
> 03/01/2000 and it found no viruses on a scan of that same CD. I check the
> virus
> list, but did not find one labelled W32/Azaco.cmp.GR though I did see one
> labeled W32.Azaco.8192.A. I have no idea if they are the same or not. But
> W32.Azaco.8192.A. infects only EXE files and is very rare. What does
> W32/Azaco.cmp.GR infect? The files you have identified are read-only message
> catalogs and contian no executable code.
>
> James Shanks
> Tivoli (NetView for UNIX and NT) L3 Support
>
>
>
> Viola Kenneth <Kenneth.Viola@irs.gov> on 03/10/2000 11:07:12 AM
>
> Please respond to IBM NetView Discussion <nv-l@tkg.com>
>
> To: "'nv-l@tkg.com'" <nv-l@tkg.com>
> cc: "'kviola@cpcug.org'" <kviola@cpcug.org> (bcc: James Shanks/Tivoli
> Systems)
> Subject: [NV-L] virus on Netview NT 5.1.2 CD?
>
>
>
>
> Greetings all,
>
> I found a virus using VirusScan NT (Network Associates) scan engine 4.0.02
> with virus definition file version 4.0.4067 dated March 1, 2000. It is
> identified as W32/Azaco.cmp.GR and appears to infect file:
> \usr\ov\nls\c\filtered.cat. The virus is also on the CD in file:
> intel\nvfiles\filtered.cat.
>
> Does anyone know if this is a serious virus or if it's being reported by
> VirusScan in error? The virus could not be removed automatically by
> VirusScan so I removed the read attribute and deleted it manually. Is this
> an important file for Netview operation?
>
> Does IBM know about this?
>
> Please help.
>
> Regards,
>
> Ken Viola
> IRS NMC staff
> kviola@cpcug.org
>
>
|