• Malicious Software Removal Tool MRT.exe bogus infected files?

    From rhhardin@mindspring.com@1:124/5013 to All on Thursday, January 31, 2019 19:14:23
    Path: eternal-september.org!mx02.eternal-september.org!feeder.eternal-september.org!n ews.glorb.com!Xl.tags.giganews.com!border1.nntp.dca1.giganews.com!nntp.giganews .com!local2.nntp.dca.giganews.com!nntp.earthlink.com!news.earthlink.com.POSTED! not-for-mail
    NNTP-Posting-Date: Sat, 11 Jun 2016 10:12:20 -0500
    Message-ID: <575C2A57.708F@mindspring.com>
    Date: Sat, 11 Jun 2016 11:12:23 -0400
    From: Ron Hardin <rhhardin@mindspring.com>
    X-Mailer: Mozilla 2.02 (WinNT; I)
    MIME-Version: 1.0
    Newsgroups: microsoft.public.windowsxp.help_and_support
    Subject: Malicious Software Removal Tool MRT.exe bogus infected files? Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit
    Lines: 17
    X-Usenet-Provider: http://www.giganews.com
    NNTP-Posting-Host: 71.54.71.88
    X-Trace: sv3-1KyLJ+ynrQXNOeHrFwBJ1UA7hfwSHl0wV8ORxOfbQeSsdeLBgQZGuSaR7JVjOxqUS/9rwf/V9HO vtnO!g+9BFDyDK+c6i8Y2c3iO7ISABxfsQVThK89T9pAR/tjtoDkXI8saCZjBOc0QY82cfPPahqzGCV ht!mkZ1x4Lg
    X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
    X-Postfilter: 1.3.40
    X-Original-Bytes: 1523
    Xref: mx02.eternal-september.org microsoft.public.windowsxp.help_and_support:31850

    MRT.exe, if you run it explicitly (say download it
    after the second Tuesday from Microsoft instead of
    getting it from Windows Update) during its scan
    reports 4 infected files, but at the end reports
    no files infected.

    Apparently it does this on any XP machine.

    I'd guess some standard files match the virus
    pattern and they ignore those matches at the end.

    It's a little quick but it seems to be in the
    JavaScript general area of quick scan.
    --
    rhhardin@mindspring.com

    On the internet, nobody knows you're a jerk.
    --- Platinum Xpress/Win/WINServer v3.1
    * Origin: Prison Board BBS Mesquite Tx //telnet.RDFIG.NET www. (1:124/5013)
  • From jj4public@vfemail.net@1:124/5013 to All on Thursday, January 31, 2019 19:14:23
    Path: eternal-september.org!mx02.eternal-september.org!feeder.eternal-september.org!n ews.albasani.net!.POSTED!not-for-mail
    From: JJ <jj4public@vfemail.net>
    Newsgroups: microsoft.public.windowsxp.help_and_support
    Subject: Re: Malicious Software Removal Tool MRT.exe bogus infected files? Date: Sat, 11 Jun 2016 23:46:23 +0700
    Organization: ?
    Lines: 8
    Message-ID: <qn13sk4yzwiv$.1uxm3hidv2j7l$.dlg@40tude.net>
    References: <575C2A57.708F@mindspring.com>
    Mime-Version: 1.0
    Content-Type: text/plain; charset="us-ascii"
    Content-Transfer-Encoding: 7bit
    X-Trace: news.albasani.net XIoin30VdU2z7IfFz8vmb3E4+nOmIXYcDGQnClKg0V1u8EXkx8rTcvpvGrVRCGzEgUvNg68cNRBym4W bjNUAqw==
    NNTP-Posting-Date: Sat, 11 Jun 2016 16:46:25 +0000 (UTC)
    Injection-Info: news.albasani.net; logging-data="fgdE4NiXtsFUAD63H9Y/FXdCcDpcB8sblhdaod5W2DIBuIoKp4Zbk93KF0mdXD45F cK0W8auim+pI5dPMGnU97/sodZcEgWcmWjPxXNoIh+tSJK627XEFtrVhFSCzTtl"; mail-complaints-to="abuse@albasani.net"
    User-Agent: 40tude_Dialog/2.0.15.1
    X-Face: \*\`0(1j~VfYC>ebz[&O.]=,Nm\oRM{of,liRO#7Eqi4|!]!(Gs=Akgh{J)605>C9Air?pa d{sSZ09u+A7f<^paR"/NH_#<mE1S"hde\c6PZLUB[t/s5-+Iu5DSc?P0+4%,Hl
    Cancel-Lock: sha1:hWPhmGAfhXITEhVz6KcLQdzGToY=
    Xref: mx02.eternal-september.org microsoft.public.windowsxp.help_and_support:31851

    On Sat, 11 Jun 2016 11:12:23 -0400, Ron Hardin wrote:
    MRT.exe, if you run it explicitly (say download it
    after the second Tuesday from Microsoft instead of
    getting it from Windows Update) during its scan
    reports 4 infected files, but at the end reports
    no files infected.

    It's glitch that proofs anti viruses use white-listing.
    --- Platinum Xpress/Win/WINServer v3.1
    * Origin: Prison Board BBS Mesquite Tx //telnet.RDFIG.NET www. (1:124/5013)
  • From rhhardin@mindspring.com@1:124/5013 to All on Thursday, January 31, 2019 19:14:23
    Path: eternal-september.org!mx02.eternal-september.org!feeder.eternal-september.org!n ews.unit0.net!cyclone01.ams2.highwinds-media.com!voer-me.highwinds-media.com!pe er01.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.c om!Xl.tags.giganews.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!local2 .nntp.dca.giganews.com!nntp.earthlink.com!news.earthlink.com.POSTED!not-for-mai l
    NNTP-Posting-Date: Sat, 11 Jun 2016 14:40:41 -0500
    Message-ID: <575C693C.3EDD@mindspring.com>
    Date: Sat, 11 Jun 2016 15:40:44 -0400
    From: Ron Hardin <rhhardin@mindspring.com>
    X-Mailer: Mozilla 2.02 (WinNT; I)
    MIME-Version: 1.0
    Newsgroups: microsoft.public.windowsxp.help_and_support
    Subject: Re: Malicious Software Removal Tool MRT.exe bogus infected files? References: <575C2A57.708F@mindspring.com> <qn13sk4yzwiv$.1uxm3hidv2j7l$.dlg@40tude.net>
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit
    Lines: 25
    X-Usenet-Provider: http://www.giganews.com
    NNTP-Posting-Host: 71.54.71.88
    X-Trace: sv3-CmMhFUXn48cFrmY93KozbLzKpT1p0dkJ6uLrykUgmSn+tr1hmHdPxamkYzDTUF5mtKafFblW4W5 DaSU!npxTrou2qV4nHOKEx9+1vR1E6oB3Op11YeRrpBz9V9/2j8pjHhJV8CJd/gvxC6RPDjATogAHjJ +o!Kd4mimf5
    X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
    X-Postfilter: 1.3.40
    X-Original-Bytes: 1927
    X-Received-Body-CRC: 1025399669
    X-Received-Bytes: 2180
    Xref: mx02.eternal-september.org microsoft.public.windowsxp.help_and_support:31853

    JJ wrote:

    On Sat, 11 Jun 2016 11:12:23 -0400, Ron Hardin wrote:
    MRT.exe, if you run it explicitly (say download it
    after the second Tuesday from Microsoft instead of
    getting it from Windows Update) during its scan
    reports 4 infected files, but at the end reports
    no files infected.

    It's glitch that proofs anti viruses use white-listing.

    That's not a mistake. The legitimate files do something that would be suspicious
    in an imported file so they check for it. If it's the legitimate file, they ignore it.

    But that's guesswork.

    I can't run the modern AVG antivirus because it quarantines some .dll components
    of the old Cygwin version I use, which defeats the whole point of the computer.

    That needs whitelisting.
    --
    rhhardin@mindspring.com

    On the internet, nobody knows you're a jerk.
    --- Platinum Xpress/Win/WINServer v3.1
    * Origin: Prison Board BBS Mesquite Tx //telnet.RDFIG.NET www. (1:124/5013)