Hi
Today NIS2009 has detected a security risk from C:\Program Files\Winace.exe. 10 seconds later another message told me that the risk has been removed. I went into the Security History and found that the file has been removed and quarantined.
According to Symantec,
"Symantec antivirus products exclusively use the virus name Bloodhound.Overpacked when a potentially unknown virus is found using Symantec Bloodhound technology. Bloodhound technology consists of heuristic algorithms used to detect unknown viruses. The actual file detected under Bloodhound.Overpacked is likely to be infected with a new, packed, 32-bit Windows virus. Bloodhound.Overpacked is only detected in Portable Executable (PE) files. Bloodhound.Overpacked can detect any file that has been packed many times."
http://www.symantec.com/security_response/writeup.jsp?docid=2004-012015-5138-99
The file is the main executable file for a compression program from WinAce (http://www.winace.com/).
I have submitted this to the Symantec Security Response team.
This was the response
"We have analyzed your submission. The following is a report of our
findings for each file you have submitted:
filename: winace.exe
machine: Machine
result: This file is clean
Customer notes:
My NIS 2009 detected the file as BloodHouse.Overpacked. I have restored the file in order to submit it to you. However when I do another scan on the file now nothing has been detected. I dont understand. Can you check if the file is indeed infected or notThanksThomas
Developer notes:
winace.exe is a clean file.
We have determined that no virus exists on the samples provided. "
A couple of questions I have here:
(1) When I restored the risk, the 'history' was completely removed. Is there a way to retrieve the history? I have looked under Full History, and no entries were found. They were there before I restored the file.
(2) I did a scan of the file that has now been restored. Nothing was found. How was the risk detected? Would it have to be 'activated' by something before NIS2009 can detect the risk again (since the file has now been restored)?
Thanks
Thomas