Solved

Funlove 4099

Posted on 2004-09-01
9
190 Views
Last Modified: 2010-04-11
Howdy, all,

The Symantec anti-virus on my work laptop keeps giving warnings about files infected with funlove (funluv?) 4099.  It cleans the file (90% of the time they're ones that I've written in vb.net, but I also got them for files in system restore).  However, when I run Symantec on boot, it says the system's clean....and pop up another "Virus found and cleaned" warning a half hour later.

We've run every anti-funlove program we can find, and they all say there's nothing there.

I was told once that it was because some of my programs mimic some of the processes that funlove uses, but I've written vastly different ones that aren't anything like each other, yet Symantec still says they're infected.  When it cleans them, tho, it renders them useless and they have to be recompiled.

Anybody have any ideas on what the @#$# is going on?

Thanks.
0
Comment
Question by:bdzot
  • 4
  • 4
9 Comments
 

Author Comment

by:bdzot
ID: 11956997
Sorry, should have give some specifics......the laptop is a Micron running XP Pro.  The written files are using Microsoft Visual Suite.
0
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 250 total points
ID: 11957267
Hello bdzot =)

U must be running System Restore,,,, and this virus can be hiding itslef in those Restore points =|

Disable ur system Restore, boot into safemode, and run the AntiVirus Scan again with norton, and if u want u can Run Stinger in Safemode also ==> http://vil.nai.com/vil/stinger

Check if they come with anything now,,,, if YES then delete the files there,,, if NO then System has been cleaned, reboot back in Normal Mode and Enable System Restore again :)

!! GOOD LUCK !!
0
 

Author Comment

by:bdzot
ID: 11957741
Ok, turned off System Restore and ran Stinger, running Symantec now.   I have a lot of files for it to scan, so I'll let you know how it worked tonight or tomorrow.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11957754
no problem, but make sure u run them in Safemode :)
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:bdzot
ID: 11957921
Yep, yep.....in Safe Mode.  :)
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11957938
^_^
0
 
LVL 8

Expert Comment

by:Jeff Rodgers
ID: 11958381
1. Turn off system restore. Delete all of the items in quarantine.

Depending on which version of Symantec you are running you may need to manually clear out the quarantine folder. There was a known issue with a few older versions of symantec.  The issue resulted in the virus detecting viruses in the quarantine bin even after they had been deleted.  They would show up in the Symantec

Browse to C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine and delete the contents.

I would then manually exclude the files that you are working on which so closely resemble Funlove.  This can be done by adjusting the Scan Options in the Antivirus program to exclude certain files, folders, extensions etc.
0
 

Author Comment

by:bdzot
ID: 11963681
Seemed to work so far.....thanks!
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11963924
^_^
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now