I have been using Avast! antivirus software and was surprised to see that PCTools antivirus identified 3 bugs not spotted by Avast!. They were all in the Bart PE package. I thought that it was not really surprising since a pre-installation software package would be an ideal target for spreading viruses. On reflection and seeing the post starting this thread, I thought that the authors of Bart would be aware of their target status and take precautions. So, I scanned the CD that I made with PCTools antivirus and it showed the same bugs as the original software on my hard drive. Then I went to McAfee' site and had them scan it. Result - no infection...... Files identified as infected were "Preshell.exe", "Prelogon.exe" and a utility, "Flobo Floppy Repair.exe" Do I throw away my boot CD or keep it?

Hi Jitney,

Thanks for the info.

I have escalated this to our Malware Research Centre for analysis. Please keep these files in Quarantine for the time being.

What were the names of the malware reported? Also, if you want a second opinion, you can upload the files to www.virustotal.com and then make a guess on whether the files are infected based on how many scanners report them.

Hi All
today something strange happened i was doing the scan with PcT.antivirus and the scan remain stuck at 31%. for a good 30 minutes.
So i decided to stop the scan and go to safe boot try to see if was something stopping the antivirus but when i try to open the PcT.antivirus Windows din' let me opened and give me a error 102.

The strange thing is i try to open Spydoctor and same error again.

So i decided to download KB 890830-v1.24 and do a full scan with that, nothing strange and all smooth and normal.

Why the antivirus got stuck at 31% of the scan and didn't let me open the antivirus and the Spydoctor in safe mode which in my opinion is really important for deep scans .
Thanks

arilo76

Arilo76,

When I got an email about safemode scans for AntiVirus I was told to boot into safemode with networking and AntiVirus was able to start. Try doing the AV scan in that instead of just safemode and see if that works.

Darkbeholder

Darkbeholder

Thanks for the tip

I will try asap

Thanks

Arilo 76

I just followed the VirusTotal link (Thanks for That!) and have the following scans of two of the three files that showed on my SD virus scan of the files I have on CD. The screen shots I have are too big for the limits shown on the Attach dialog, but the "FloboFloppyRepair.exe" showed no infections at all and the "Prelogon.exe" showed "Suspicious" on CAT-Quickheal (DNAScan), eSafe (Mytob6), and FileAdvisor. Ikarus showed it as infected with "Backdoor.Win32.Bifrose.A" and VirusBuster showed the same as SD antivirus: "novirus:Packed/eXPressor". The others, including NOD32v2, Symantec, Kaspersky, McAfee, Microsoft, and a dozen others showed "no virus found". I have reported the SD results to your "false positives" page, but I did not have the scan results then.

Not all virustotal info is trust worthy as they are based on command line scanners without actual infection running, so emurator scan will not kick in for some AVs.

I only use virustotal to find out the common names for suspicious files. Kaspersky, McAfee, Symantec and few reputable AV vendors are trustworthy. Don't assumed all detected files are malicious as some time they also gives false positive detection based on file strings and known file name & MD5.