From: Terry Pinnell on
I haven't had any threats for months and now TWO within a week! The previous
was VideoReDoPlus-2-1-1-413.exe, Tracking number 433125, which I confirmed a
day or so ago was a false positive.

This one is another 'movie software' file (part of FFDshow I think):
C:\WINDOWS\system32\ff_vfw.dll

My Anitvir Personal has just reported that it "Contains a recognition pattern
of the (harmful) BDS/Bot.111287 back-door program"

Yet it's been on my HD for ages.

I've sent it to Avira for analysis.

Virus Total online shows it as OK for all 41 programs, including Avira
AntiVir, version 7.9.1.154, update 2010.01.27

How can that be contradicted by my local Antivir Personal (free), which was
updated this morning as usual?

--
Terry, East Grinstead, UK
From: John Williamson on
Terry Pinnell wrote:
> I haven't had any threats for months and now TWO within a week! The previous
> was VideoReDoPlus-2-1-1-413.exe, Tracking number 433125, which I confirmed a
> day or so ago was a false positive.
>
> This one is another 'movie software' file (part of FFDshow I think):
> C:\WINDOWS\system32\ff_vfw.dll
>
> My Anitvir Personal has just reported that it "Contains a recognition pattern
> of the (harmful) BDS/Bot.111287 back-door program"
>
> Yet it's been on my HD for ages.
>
> I've sent it to Avira for analysis.
>
> Virus Total online shows it as OK for all 41 programs, including Avira
> AntiVir, version 7.9.1.154, update 2010.01.27
>
> How can that be contradicted by my local Antivir Personal (free), which was
> updated this morning as usual?
>
No guarantees, but this sounds like the reason I stopped using AVG free
a while back. Far too many false positives all of a sudden.

I now use Kaspersky Internet Security, which is a real PITA when you're
installing stuff, but I've had no false positives as yet, and no obvious
false negatives.

Eset's another I've seen recommended and I used it until the sub came up
for renewal.

--
Tciao for Now!

John.
From: Gene E. Bloch on
On 1/27/10, Terry Pinnell posted:
> I haven't had any threats for months and now TWO within a week! The previous
> was VideoReDoPlus-2-1-1-413.exe, Tracking number 433125, which I confirmed a
> day or so ago was a false positive.

> This one is another 'movie software' file (part of FFDshow I think):
> C:\WINDOWS\system32\ff_vfw.dll

> My Anitvir Personal has just reported that it "Contains a recognition pattern
> of the (harmful) BDS/Bot.111287 back-door program"

> Yet it's been on my HD for ages.

> I've sent it to Avira for analysis.

> Virus Total online shows it as OK for all 41 programs, including Avira
> AntiVir, version 7.9.1.154, update 2010.01.27

> How can that be contradicted by my local Antivir Personal (free), which was
> updated this morning as usual?

I also have gotten a few false positives from Norton Internet Security
2010. I can't say I enjoy them :-)

The main problem is that it's hard to keep them intact or get them
back, since in spite of how I *think* I configured the app, some items
are removed without giving me any recourse.

One friend has pointed out that it *is* possible that the program was
recently corrupted in spite of having been on my computer for years. I
agree, but somehow I don't think it happened: I suspect a new overly
enthusiastic signature.

I also experienced a reversal of fortunes, i.e., a putative virus was
not flagged again after I managed to recreate the program (in at least
one case, from a Norton quarantine, so the file was as before). This
leads me to believe that the new signature was pulled in a later
update.

I think we're stuck with this sort of hassle regardless of which AV
program we use, unless we abandon all our AV programs.

For anyone who's about to tell me that Norton is a virus, don't bother,
I won't be listening :-)

--
Gene Bloch 650.366.4267 lettersatblochg.com


From: FromTheRafters on
"Gene E. Bloch" <letters(a)someplace.invalid> wrote in message
news:hjqk92$hc2$1(a)news.albasani.net...

[...]

> The main problem is that it's hard to keep them intact or get them
> back, since in spite of how I *think* I configured the app, some items
> are removed without giving me any recourse.

I had Norton preinstalled on this computer, I *was* going to let it run
until its subscription expired - but it deleted files even though I had
it configured to only ask.

....it's gone now!

[...]




From: FromTheRafters on
"Terry Pinnell" <terrypin(a)dial.pipex.com> wrote in message
news:lr41m51b3o4c28dmsltdcku63q5ioa2h17(a)4ax.com...

>I haven't had any threats for months and now TWO within a week! The
>previous
> was VideoReDoPlus-2-1-1-413.exe, Tracking number 433125, which I
> confirmed a
> day or so ago was a false positive.

I remember it as if it were yesterday...

> This one is another 'movie software' file (part of FFDshow I think):
> C:\WINDOWS\system32\ff_vfw.dll
>
> My Anitvir Personal has just reported that it "Contains a recognition
> pattern
> of the (harmful) BDS/Bot.111287 back-door program"
>
> Yet it's been on my HD for ages.
>
> I've sent it to Avira for analysis.
>
> Virus Total online shows it as OK for all 41 programs, including Avira
> AntiVir, version 7.9.1.154, update 2010.01.27
>
> How can that be contradicted by my local Antivir Personal (free),
> which was
> updated this morning as usual?

I have my ideas on why this might be, and have in the past discussed
this in the virus groups. It would be nice to hear it from "the horse's
mouth" so to speak - could you ask the good folks at Avira?