False Virus Alarm

Post your techical queries on any product in our range of AntiVirus, AntiSpam, Content Security and Firewall Solutions sold under the brand names of eScan, MailScan, eConceal and X-Spam here. Your queries will be responded to by our expert technical team directly.

Moderators: Divesh, Gurdip Singh

False Virus Alarm

Postby Girish_gms » Tue Apr 07, 2009 6:19 pm

Hi

I have Windows CE installed and when I build my project the file called cleanos.bat gets identified as "BehavesLikeBat" and the file gets automatically deleted.

The file contains below content
=========================================

@REM
@REM Copyright (c) Microsoft Corporation. All rights reserved.
@REM
@REM
@REM Use of this sample source code is subject to the terms of the Microsoft
@REM license agreement under which you licensed this sample source code. If
@REM you did not accept the terms of the license agreement, you are not
@REM authorized to use this sample source code. For the terms of the license,
@REM please see the license agreement between you and Microsoft or, if applicable,
@REM see the LICENSE.RTF on your install media or the root of your tools installation.
@REM THE SAMPLE SOURCE CODE IS PROVIDED "AS IS", WITH NO WARRANTIES.
@REM
@REM This batch file will clean portions of the OS tree for the current
@REM %_TGTCPU%\%wincedebug% configuration.
@REM
@REM Commands:
@REM - Default with no parameters cleans Sysgen, Platform and FlatReleaseDir.
@REM [-sysgen] - Clean the Sysgen output directory.
@REM [-platform] - Clean the target and libs dirs for the configuration.
@REM [-frd] - Clean the flatreleasedir.
@REM [-sourcesFolder <path to directory containing sources file>] - Cleans the
@REM sources project's output files for the current
@REM %_TGTCPU%\%wincedebug% configuration

@echo off

set _CLEAN_ALL=
set _CLEAN_PLAT=
set _CLEAN_SYSGEN=
set _CLEAN_SOURCES=
set _CLEAN_FRD=


REM Set default if no arguments are given
if /I "%1"=="" set _CLEAN_ALL=1

REM Check CmdLine Vars
:ParseArgs
if /I "%1"=="" goto DoneParseArgs

if /I not "%1" == "-platform" goto DoneChkCleanPlat
set _CLEAN_PLAT=1
shift
goto ParseArgs
:DoneChkCleanPlat

if /I not "%1" == "-sysgen" goto DoneChkNoCleanSysgen
set _CLEAN_SYSGEN=1
shift
goto ParseArgs
:DoneChkNoCleanSysgen

if /I not "%1" == "-sourcesFolder" goto DoneChkCleanSources
set _CLEAN_SOURCES=1
shift
set _SOURCES_PROJECT=%1
shift
goto ParseArgs
:DoneChkCleanSources

if /I not "%1" == "-frd" goto DoneChkNoCleanFrd
set _CLEAN_FRD=1
shift
goto ParseArgs
:DoneChkNoCleanFrd

if /I "%1"=="-?" goto Usage
if /I "%1"=="-h" goto Usage
if /I "%1"=="usage" goto Usage

:DoneParseArgs

if "%_CLEAN_ALL%"=="1" (
call :All
goto :EOF
)

if "%_CLEAN_PLAT%"=="1" call :CleanPlat
if "%_CLEAN_SYSGEN%"=="1" call :CleanSysgen
if "%_CLEAN_SOURCES%"=="1" call :CleanSources
if "%_CLEAN_FRD%"=="1" call :CleanFrd


goto :EOF

@REM The default behavior
:All
call :CleanSysgen
call :CleanPlat
call :CleanFrd
goto :EOF

:CleanSysgen
echo CLEAN.BAT: Cleaning Sysgen directory "%_PROJECTROOT%\cesysgen"
del /s /q /f "%_PROJECTROOT%\cesysgen\*.*" >nul 2>&1
goto :EOF

:CleanFrd
echo CLEAN.BAT: Cleaning flat release directory "%_FLATRELEASEDIR%"
del /s /q /f "%_FLATRELEASEDIR%\*.*" >nul 2>&1
goto :EOF

:CleanPlat
echo CLEAN.BAT: Cleaning platform directory %_PLATFORMROOT%\%_TGTPLAT%\target\%_TGTCPU%\%wincedebug%
del /f /s /q "%_PLATFORMROOT%\%_TGTPLAT%\target\%_TGTCPU%\%wincedebug%" >nul 2>&1
echo CLEAN.BAT: Cleaning platform directory %_PLATFORMROOT%\%_TGTPLAT%\lib\%_TGTCPU%\%wincedebug%
del /f /s /q "%_PLATFORMROOT%\%_TGTPLAT%\lib\%_TGTCPU%\%wincedebug%" >nul 2>&1
echo CLEAN.BAT: Cleaning platform common directory %_PLATFORMROOT%\common\target\%_TGTCPU%\%wincedebug%
del /f /s /q "%_PLATFORMROOT%\common\target\%_TGTCPU%\%wincedebug%" >nul 2>&1
echo CLEAN.BAT: Cleaning platform common directory %_PLATFORMROOT%\common\lib\%_TGTCPU%\%wincedebug%
del /f /s /q "%_PLATFORMROOT%\common\lib\%_TGTCPU%\%wincedebug%" >nul 2>&1
goto :EOF

:CleanSources
if exist %_SOURCES_PROJECT%\obj\%_TGTCPU%\%WINCEDEBUG% (
echo CLEAN.BAT: Cleaning subproject directory %_SOURCES_PROJECT%\obj\%_TGTCPU%\%wincedebug%
del /f /s /q "%_SOURCES_PROJECT%\obj\%_TGTCPU%\%wincedebug%" >nul 2>&1
)
goto :EOF

:Usage
echo CleanOS : This batch file will clean portions of the OS tree for the
echo current "_TGTCPU\wincedebug" configuration.
echo.
echo Usage:
echo CleanOS [-sysgen] [-platform] [-frd]
echo [-sourcesFolder]
echo [path to directory containing sources file for -sourceFolder]
echo.
echo - Default with no parameters cleans Sysgen, Platform
echo and FlatReleaseDir.
echo [-sysgen] - Clean the Sysgen output directory.
echo [-platform] - Clean the target and libs dirs for the configuration.
echo [-frd] - Clean the flatreleasedir.
echo [-sourcesFolder] - Cleans the sources project's output files for the current
echo "_TGTCPU\wincedebug" configuration

=========================================

Isnt it a false alarm, please let me know how to proceed with this issue.
Please do rectify the same.

Regards
Girish.K
Girish_gms
 
Posts: 3
Joined: Thu Mar 19, 2009 5:46 pm

Postby Varghese » Wed Apr 15, 2009 12:33 pm

Hello,

For the time being you could add the virus name to not-a-virus list..So that it wont be caught.
We will check the same and do the necessary changes in our virus signatures so that it wont be caught again.

Thanks for your help.
Varghese
 
Posts: 144
Joined: Sat Dec 29, 2007 11:52 am
Location: Mumbai

Re: False Virus Alarm

Postby Varghese » Sat Apr 18, 2009 12:08 pm

Girish_gms wrote:Hi

I have Windows CE installed and when I build my project the file called cleanos.bat gets identified as "BehavesLikeBat" and the file gets automatically deleted.

The file contains below content
=========================================

@REM
@REM Copyright (c) Microsoft Corporation. All rights reserved.
@REM
@REM
@REM Use of this sample source code is subject to the terms of the Microsoft
@REM license agreement under which you licensed this sample source code. If
@REM you did not accept the terms of the license agreement, you are not
@REM authorized to use this sample source code. For the terms of the license,
@REM please see the license agreement between you and Microsoft or, if applicable,
@REM see the LICENSE.RTF on your install media or the root of your tools installation.
@REM THE SAMPLE SOURCE CODE IS PROVIDED "AS IS", WITH NO WARRANTIES.
@REM
@REM This batch file will clean portions of the OS tree for the current
@REM %_TGTCPU%\%wincedebug% configuration.
@REM
@REM Commands:
@REM - Default with no parameters cleans Sysgen, Platform and FlatReleaseDir.
@REM [-sysgen] - Clean the Sysgen output directory.
@REM [-platform] - Clean the target and libs dirs for the configuration.
@REM [-frd] - Clean the flatreleasedir.
@REM [-sourcesFolder <path to directory containing sources file>] - Cleans the
@REM sources project's output files for the current
@REM %_TGTCPU%\%wincedebug% configuration

@echo off

set _CLEAN_ALL=
set _CLEAN_PLAT=
set _CLEAN_SYSGEN=
set _CLEAN_SOURCES=
set _CLEAN_FRD=


REM Set default if no arguments are given
if /I "%1"=="" set _CLEAN_ALL=1

REM Check CmdLine Vars
:ParseArgs
if /I "%1"=="" goto DoneParseArgs

if /I not "%1" == "-platform" goto DoneChkCleanPlat
set _CLEAN_PLAT=1
shift
goto ParseArgs
:DoneChkCleanPlat

if /I not "%1" == "-sysgen" goto DoneChkNoCleanSysgen
set _CLEAN_SYSGEN=1
shift
goto ParseArgs
:DoneChkNoCleanSysgen

if /I not "%1" == "-sourcesFolder" goto DoneChkCleanSources
set _CLEAN_SOURCES=1
shift
set _SOURCES_PROJECT=%1
shift
goto ParseArgs
:DoneChkCleanSources

if /I not "%1" == "-frd" goto DoneChkNoCleanFrd
set _CLEAN_FRD=1
shift
goto ParseArgs
:DoneChkNoCleanFrd

if /I "%1"=="-?" goto Usage
if /I "%1"=="-h" goto Usage
if /I "%1"=="usage" goto Usage

:DoneParseArgs

if "%_CLEAN_ALL%"=="1" (
call :All
goto :EOF
)

if "%_CLEAN_PLAT%"=="1" call :CleanPlat
if "%_CLEAN_SYSGEN%"=="1" call :CleanSysgen
if "%_CLEAN_SOURCES%"=="1" call :CleanSources
if "%_CLEAN_FRD%"=="1" call :CleanFrd


goto :EOF

@REM The default behavior
:All
call :CleanSysgen
call :CleanPlat
call :CleanFrd
goto :EOF

:CleanSysgen
echo CLEAN.BAT: Cleaning Sysgen directory "%_PROJECTROOT%\cesysgen"
del /s /q /f "%_PROJECTROOT%\cesysgen\*.*" >nul 2>&1
goto :EOF

:CleanFrd
echo CLEAN.BAT: Cleaning flat release directory "%_FLATRELEASEDIR%"
del /s /q /f "%_FLATRELEASEDIR%\*.*" >nul 2>&1
goto :EOF

:CleanPlat
echo CLEAN.BAT: Cleaning platform directory %_PLATFORMROOT%\%_TGTPLAT%\target\%_TGTCPU%\%wincedebug%
del /f /s /q "%_PLATFORMROOT%\%_TGTPLAT%\target\%_TGTCPU%\%wincedebug%" >nul 2>&1
echo CLEAN.BAT: Cleaning platform directory %_PLATFORMROOT%\%_TGTPLAT%\lib\%_TGTCPU%\%wincedebug%
del /f /s /q "%_PLATFORMROOT%\%_TGTPLAT%\lib\%_TGTCPU%\%wincedebug%" >nul 2>&1
echo CLEAN.BAT: Cleaning platform common directory %_PLATFORMROOT%\common\target\%_TGTCPU%\%wincedebug%
del /f /s /q "%_PLATFORMROOT%\common\target\%_TGTCPU%\%wincedebug%" >nul 2>&1
echo CLEAN.BAT: Cleaning platform common directory %_PLATFORMROOT%\common\lib\%_TGTCPU%\%wincedebug%
del /f /s /q "%_PLATFORMROOT%\common\lib\%_TGTCPU%\%wincedebug%" >nul 2>&1
goto :EOF

:CleanSources
if exist %_SOURCES_PROJECT%\obj\%_TGTCPU%\%WINCEDEBUG% (
echo CLEAN.BAT: Cleaning subproject directory %_SOURCES_PROJECT%\obj\%_TGTCPU%\%wincedebug%
del /f /s /q "%_SOURCES_PROJECT%\obj\%_TGTCPU%\%wincedebug%" >nul 2>&1
)
goto :EOF

:Usage
echo CleanOS : This batch file will clean portions of the OS tree for the
echo current "_TGTCPU\wincedebug" configuration.
echo.
echo Usage:
echo CleanOS [-sysgen] [-platform] [-frd]
echo [-sourcesFolder]
echo [path to directory containing sources file for -sourceFolder]
echo.
echo - Default with no parameters cleans Sysgen, Platform
echo and FlatReleaseDir.
echo [-sysgen] - Clean the Sysgen output directory.
echo [-platform] - Clean the target and libs dirs for the configuration.
echo [-frd] - Clean the flatreleasedir.
echo [-sourcesFolder] - Cleans the sources project's output files for the current
echo "_TGTCPU\wincedebug" configuration

=========================================

Isnt it a false alarm, please let me know how to proceed with this issue.
Please do rectify the same.

Regards
Girish.K




The detection to this has been removed from the updates. You can take the latest updates and check again.
Varghese
 
Posts: 144
Joined: Sat Dec 29, 2007 11:52 am
Location: Mumbai

Still its identified as virus

Postby Girish_gms » Fri Apr 24, 2009 5:16 pm

Dear Varghese,

Thanks for the udpate, Now I have Escan Updated with April 15th Path and other updates, and when i run the Mwav the file is still identified as the same virus now instead of Deleting the file its renaming it as .mwt.
Below is the msg from Mwav

Quote

File C:\WINCE600\PUBLIC\COMMON\OAK\MISC\cleanos.bat infected by "BehavesLike:BAT.Delete (DB)" Virus! Action Taken: File Renamed.

Unquote

Let me know, what is to be done?

Regards
Girish.K
Girish_gms
 
Posts: 3
Joined: Thu Mar 19, 2009 5:46 pm

Postby mohammedblr » Mon Apr 27, 2009 11:07 am

Hi
Thank you for your feedback. Please take the today's daily update, it will not treat as a infection.
mohammedblr
 
Posts: 8
Joined: Fri Dec 28, 2007 5:31 pm
Location: Bangalore


Return to Technical Support

Who is online

Users browsing this forum: No registered users and 22 guests

cron