found virus in Power Pack v4

[lsdguru]

just a heads up, although this seems to be an excellent update it appears to contain a virus.

after installing the Lame v6 preview

in the Windows\TEMP directory

\7ZSB101.TMP\PATCHES\TIHIY\temp\User\backup.bat <-------CONTAINS A "delete BAT" virus (or similar)

this was picked up by norton AV '06 autoprotect and REPAIRED WITHOUT INCIDENT..

however, the name of this virus just sounds nefarious and I shudder to think what might happen if...

I havent elected to install ALL portions of this powerpack and Im not finished installing my selections yet so

its quite possible there could be more. heads up.

Peace -A.

[jimmsta]

I scanned all patches with the latest version of NOD32, as well as Avast and Symantec Antivirus. There could be something to Tihiy's batch script that looks like a virus.

I've recently seen one of the strangest detections concerning a tar file created with 7zip - all the files in the tar were scanned, no viruses or trojans found, but once put into a tar file, it was detected as a type of trojan. Very strange stuff.

I've scanned all releases on multiple computers, to ensure that my machine has not been compromised. I'm very paranoid when it comes to viruses/spyware, so you can be sure that I've scanned everything extensivley.

[Shindo_Hikaru]

It is odd when you make a zip file, all of a sudden you have a virus or two, same happen when i packed all my personal files in a zip. The format was rar. Personal Files being text docs, word docs, excel, etc.

[ricktendo]

There all false alarms

Im having probs with AVG Free saying that DriverPacks Base Slipstreamer is a virus. I completely uninstalled that sucker and everything is fine now

Edited July 31, 2006 by ricktendo64

[lsdguru]

ok, well I did some more investigating and here is what I found:

There is NO VIRUS here and although identified as bat.deltree.trojan by Norton AV, THERE IS NO THREAT.

norton AV is not malfunctioning in any way, but is OVERPROTECTIVE. I'll explain what I mean below.

here is the Lame v6 Preview file Patches/Tihiy/user/backup.bat in its ENTIRETY; file created by RPLite5.exe

REM first bat that launches backup

@echo off

deltree /y %windir%\revbckup

md %windir%\revbckup

md %windir%\revbckup\system

xcopy /Y /H /R %windir%\system.dat %windir%\revbckup

xcopy /Y /H /R %windir%\user.dat %windir%\revbckup

xcopy /Y /H /R %windir%\system\user.exe %windir%\revbckup\system

xcopy /Y /H /R %windir%\system\user32.dll %windir%\revbckup\system

xcopy /Y /H /R %windir%\system\9xsp3res.dll %windir%\revbckup\system

xcopy /Y /H /R %windir%\system\dll.dll %windir%\revbckup\system

xcopy /Y /H /R %windir%\system\shldll.dll %windir%\revbckup\system

xcopy /Y /H /R %windir%\system\ktmdll.dll %windir%\revbckup\system

xcopy /Y /H /R %windir%\system\comctl32.dll %windir%\revbckup\system

xcopy /Y /H /R %windir%\system\comctlv6.dll %windir%\revbckup\system

@cls

@exit

Simply put Norton AntivVirus is offended by the deltree command. Its acting in a very sensitive way IMO and this is not configurable through Norton Options/Preferences so the only thing to do is select 'ignore and dont scan again'. It is detected as soon as RPLite5.exe is being extracted and is recognized as the 'bat.deltree.trojan'. Of course a batch file with a sinister plot could effectively damage an OS by using the deltree dos command so i understand why the AV picked this up however the file mentioned here is perfectly harmless and I apologize for making the mistake and falsely identifying this as a virus. Maybe it is possible for an admin to scratch this whole thread? Again (as ive stated before) this is an awesome update and Im guilty of not doing my homework here and jumping the gun. It just goes to show you cant always trust your antivirus software as the other replies can attest. regrets &apologies -A.

[eidenk]

Many antivirus are treating a batch file with a deltree command in it as a virus.

Antivir does this as well (or did at some point).

[LLXX]

Many antivirus are treating a batch file with a deltree command in it as a virus.

Antivir does this as well (or did at some point).

Another reason why I don't use antivirus software anymore (I upload suspicious files to online multiscanners like virusscan.jotti.org or inspect them manually). It's not even a virus by definition, as virii are supposed to infect other files.

[erpdude8]

Many antivirus are treating a batch file with a deltree command in it as a virus.

Antivir does this as well (or did at some point).

Another reason why I don't use antivirus software anymore (I upload suspicious files to online multiscanners like virusscan.jotti.org or inspect them manually). It's not even a virus by definition, as virii are supposed to infect other files.

or worse, reformat the HD and lose everything on the HD or cause crashes