I have Network Associates VirusScan (formerly McAfee) running on my PC, with the virus update as of about 01/01/01. I have Norton Antivirus running on my work laptop. Today I transferred a file from my PC to my laptop (via a cable connecting both printer ports), and the Norton AV software went bananans, telling my I had some variant of a Bloodhound virus in the file.
This surprised me, as McAfee had not picked up any viruses in the six months I’ve had this particular file, and the McAfee DAT file is a lot more recent (around three months) than the Norton DAT file.
I did some research and it seems that Norton use “Bloodhound” to refer to any unknown characteristics that may or may not be a virus.
Can anyone shed some more light on whether this is correct, and whether I should trust Norton and delete the entire file from my home PC (despite not having suffered any obvious damage) or ignore it and leave the file intact?
Before deleting the file, you may want to update your Norton AV definitions. You should be able to do this using LiveUpdate. With updated definitions, you should be able to find specifically what virus the file has, if indeed there is an infection, or see whether the older defs caused a false positive, which does happen at times. If there is still some question, you can quarantine the file and email it to Symantec’s research center to have it checked out. You can find more information at http://www.symantec.com/avcenter/ . I don’t know very much about the McAfee product, but they probably offer a similar service.
Unfortunately, I have no control over the Norton software - it’s work-installed and maintained, and even the warning messages are company-specified (“contact your local TSD department” and so forth). I no longer have any of the registration details for the McAfee software, either, although it wasn’t a dodgy copy or anything like that.
You can send it to Mcafee at virus_research@nai.com. They don’t check your registration details or anything.
Without seeing the file, we can’t say for certain whether it is a false positive or not. The part of the name after “BloodHound.” may provide a clue though.
Norton uses “Bloodhound” for anything it thinks is a virus, but isn’t on its virus list. That could mean a new virus that the definitions don’t cover, or a false positive. Best solution would be to update your virus definitions for Norton and see if the new definitions find something.