FALSE ALARM -- Re: [omniORB] VIRUS ALERT: BackDoor-G2.cfg Trojan Horse detected in omniORB_280 _x86_win32.zip

Michael J. Donahue mdonahue@McLeodUSA.com
Wed, 25 Oct 2000 11:20:42 -0500 



Sorry All -

It appears that McAfee had a bug in the definitions files that incorrectly
reported a virus attached to the OMNIORB280_RTD.DLL.  After seeing Armin's
e-mail I downloaded the 10 october 2000 version and the problem went away.

This is the first time I've ever been bit by being carefull.  ;-)

Thanks to Armin and Sai-Lai for taking the time to check this.

- Mike






Sai-Lai Lo <S.Lo@uk.research.att.com> on 10/25/2000 10:58:03 AM

To:   Michael J. Donahue/MCLEOD@MCLEOD
cc:   omniorb-list@uk.research.att.com
Subject:  Re: [omniORB] VIRUS ALERT: BackDoor-G2.cfg Trojan Horse detected in
      omniORB_280 _x86_win32.zip



Hi! On receiving your email, I've download omniORB_280_x86_win32.zip from
ftp.uk.research.att.com and have checked this file and the unpacked files
using Norton Anti-Virus. This is using the latest virus information file.

NOTHING SHOWS UP!

Is this a false alarm or Norton is unable to detect this virus? By the way,
what does "BackDoor-G2.cfg" do? I can only find reference to "BackDoor-G2".

Sai-Lai

>>>>> Michael J Donahue writes:

> All -

> After downloading a new update to my Anti-Virus sofware last night, I
> detected the BackDoor-G2.cfg virus in the OMNIORB280_RTD.DLL from the
> omniORB_280_x86_win32.zip file.

> To make I then cleaned my system of the virus, and re-downloaded this zip
> file.  Before the file was completely downloaded, McAfee detected the
> same virus on the same file within the omniORB_280_x86_win32.zip file.

> I'm very surprised noone else has caught this one, but I'm fairly sure it
> has been present in the omniORB_280_x86_win32.zip file since at least
> March 15th, 2000.

> - Mike Donahue

> McAfee VShield 4.0.3
> Definitions:   4.0.4099
> Date:               10/11/2000
> Scan Engine:   4.0.70


--
Sai-Lai Lo                                   S.Lo@uk.research.att.com
AT&T Laboratories Cambridge           WWW:   http://www.uk.research.att.com
24a Trumpington Street                Tel:   +44 1223 343000
Cambridge CB2 1QA                     Fax:   +44 1223 313542
ENGLAND