MBAC_English_v1.1_[mirror_moon].exe=backdoor.graybird?

Let's talk about the port of the port of the port of the update of the port of the port of the update of the expansion of the game that will apparently never be awesome enough.

Moderator: Staffers

MBAC_English_v1.1_[mirror_moon].exe=backdoor.graybird?

Unread postby sydwert » March 25th, 2009, 10:11 am

downloaded from the mirrors on the melty_blood_release_flurry page, all the same problem
Norton Internet Security 2008 protection updates 24/3/2009 detected backdoor.graybird in this MBAC english patch.
from the symantec website:
Also Known As: Backdoor.GrayBird [KAV], BackDoor-ARR [McAfee]
Type: Trojan Horse

it's detected and deleted while still in the firefox cache as a temporary file.
this IS a false positive right?

Windows Vista SP1
i dont see how the rest of my hardware can cause this...
Last edited by sydwert on March 26th, 2009, 8:12 am, edited 1 time in total.
sydwert
Totally hardly posted
 
Posts: 4
Joined: March 25th, 2009, 9:51 am

Unread postby nobaka » March 26th, 2009, 3:37 am

I've never had any issue with detecting a virus. And I even manually scan every file I download. :P
User avatar
nobaka
DESU DESU!
 
Posts: 581
Joined: January 11th, 2008, 6:12 am

Unread postby Message » March 26th, 2009, 12:04 pm

This is a false positive, undoubtedly introduced with a recent virus definitions update. Apparently the installer has some file or operation properties that make it look like graybird. I've seen several tests/reviews that reported Norton Internet Security to detect an exceptionally large amount of false positives, so in that light this may not be a special case.

Please report the problem to Symantec, with a link to the file that is reported as infected. They will investigate the file, and when they find that it is indeed a false positive they will update their virus definitions accordingly.
User avatar
Message
Master of Bad Puns
 
Posts: 1845
Joined: October 25th, 2004, 6:27 pm
Location: Netherlands

Unread postby tetraSky » April 4th, 2009, 5:22 am

I'm also getting that false positive with Norton Internet Security 2009.

Here's the link for anyone interested in reporting to Symantec.
https://submit.symantec.com/false_positive/index.html
(Well, I hope that is the right link... As I have just sent a report to them just now)


Ah but, the strange thing is, disabling Norton to completely download the patch and then scanning the file, resulted in 0 trojan/virus found and the patch wasn't deleted.

Meaning, this false positive only happens when the patch isn't fully downloaded.

Is what I would like to say but...
Once installed, graybird is found again... Reg.exe seems to be the culprit. There's also a file called "Installed.dat" in system32 that was detected alongside it.


Today, May 6 2009, a little over one month after, I tried to install MBAC, it worked flawlessly, Reg.exe is not longer Identified as a virus.
User avatar
tetraSky
Totally hardly posted
 
Posts: 2
Joined: February 12th, 2009, 1:25 pm


Return to Melty Blood Chat

Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 2 guests