On Mon, 24 Feb 2003, mike wrote: > > On Sat, 22 Feb 2003, mike wrote: > > > >> https://qa.mandrakesoft.com/show_bug.cgi?id=2165 > >> > >> The system had a fully installed and configured Windows 2000 Pro > >> environment with the DOS and NTFS partitions listed. Anti-virus > >> software was installed and up to date. The system was running > >> fine - no issues. > >> > >> I attempted to install ML 9.1 RC1. After having the graphic > >> installers fail (even with expert mode) I attempted a text mode > >> install. The text mode install was successful. As part of that > >> install I used the text mode DiskDrake tool to build the swap and > >> linux partitions and write the new boot sector to hda. > >> > >> When I rebooted the text lilo bootloader came up, and I selected > >> linux; then BIOS ant-vires software immediately reported a boot > >> sector virus. > > > > Did you resize the NTFS partition? It must update one entry, the > > number of sectors of the new NTFS filesystem size, in the boot sector. > > If the AV software doesn't prepared/coded to take into account NTFS > > could be resized but just "blindly" does e.g. a checksumming on the boot > > sector then it can report false alarm. > > > > What AV software do you use? What virus was reported? If NTFS resizing > > is involved then I must say I've never had any such report however with > > a broken boot sector checker the situation you described is > > imaginable. > > None of the original partitions were changed or resized. The original > partition layout was set up with a Linux dual-boot in mind. After quite a > bit more testing I'm leaning towards this being a false alarm, but what > concerns me is that the only way to clear it (ever) is to do a complete > cold re-boot (power drain and all) from a floppy or CD using a utility to > overwrite the MBR with something new. > [... censored protecting the possible quilty AV software ...] > > As part of further testing, I did a complete wipe and re-install of Win > 2k. Then I used PowerQuest's Partition Magic 4.0 to move around the new > Win 2K NTFS partition and create some new Linux partitions. I even had it > change the bootable flag to a different partition. None of these actions > triggered the anti-virus warning. But every time ML 91 RC-1 had the text > DrackX / DrakDisk utility touch the MBR, an alert was triggered.
Ok, if the AV software can't recognise the Linux loader (LILO, etc) then it can indeed consider it as a virus. There are many such posts (try e.g. 'lilo virus' on google). Szaka