+ Post New Thread
Results 1 to 15 of 15
General Chat Thread, AQA disk virus alert in General; Sophos has just flagged up a virus on an AQA disk we got in the post. It one of those ...
  1. #1

    Join Date
    Nov 2005
    Location
    North
    Posts
    1,840
    Thank Post
    25
    Thanked 91 Times in 71 Posts
    Rep Power
    51

    AQA disk virus alert

    Sophos has just flagged up a virus on an AQA disk we got in the post. It one of those Mal/Generic-A ones which resembles a virus/malware.

    The disk contains loads of password protected EXE files and 2 have flagged up with virus alerts, the folder contains 20 or so similar files.

    Anyone else found a problem with the disks? I've had false results before but I am wary as its the exams machine.
    Last edited by Simcfc73; 19th May 2008 at 11:12 AM.

  2. #2
    mark80's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    213
    Thank Post
    24
    Thanked 11 Times in 9 Posts
    Rep Power
    16
    Just out of curiosity what results are you trying to import?

    Mark

  3. #3

    Join Date
    Nov 2005
    Location
    North
    Posts
    1,840
    Thank Post
    25
    Thanked 91 Times in 71 Posts
    Rep Power
    51
    Its a Science AQA CD with investigating skills Assignments on it. The exams person is very nervous about letting it out of her sight.

  4. #4
    mark80's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    213
    Thank Post
    24
    Thanked 11 Times in 9 Posts
    Rep Power
    16
    What have AQA said about this? Can you use an online scanner to check the CD? Bit Defender 8 online scan maybe?

    Mark

  5. #5

    Join Date
    Mar 2007
    Posts
    1,788
    Thank Post
    82
    Thanked 295 Times in 226 Posts
    Rep Power
    87
    happened for us as well, the users were warned via sophos and carried on anyway. Dont think it left any damage.

  6. #6


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,649
    Thank Post
    275
    Thanked 780 Times in 607 Posts
    Rep Power
    224
    *resurrects thread*
    We've just had the same happen with an AQA ISA cd for GCSE - four of the marking guidelines files are showing as infected by our av and virustotal is reporting a 50-65% probability of "yup, that's dodgy".

    Anyone know if AQA recycle the marking guideline files if they haven't changed, or is it down to the way those particular files are packed?

  7. #7

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    394
    This happened to us too earlier in the year. It's down to the way they are packed. AVG have since updated their definitions after our report, but clearly other vendors haven't.

    What's more concerning to me is that last time I checked the password-protected .EXEs steadfastly refused to open on any Vista machine (they simply run and then die without ever showing any GUI or error message). I tried several time to contact AQA but never had a response.

  8. #8

    Join Date
    Nov 2008
    Location
    Cape Wrath
    Posts
    32
    Thank Post
    0
    Thanked 4 Times in 4 Posts
    Rep Power
    17
    If you want to know more about the detection send Sophos a sample of the files by uploading them here:

    https://secure.sophos.com/support/samples/

    ...you should get a reply on what Sophos think.

  9. #9
    jsnetman's Avatar
    Join Date
    Oct 2007
    Posts
    887
    Thank Post
    23
    Thanked 134 Times in 126 Posts
    Rep Power
    40
    Also had this problem with Symantec AV, rang AQA and they said they used a password on some of the password protected files that AV scanners report as a virus. They offered to send me a revised disk. Can't remember receiving it though.

  10. #10


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,649
    Thank Post
    275
    Thanked 780 Times in 607 Posts
    Rep Power
    224
    Hmm, just checked the Mcafee "dispute file result" page and it needs to come from AQA, not me, and will take 4-6 weeks to sort out, which isn't great. I've phoned AQA to request a new cd from them, we'll see if that one's been fixed.

  11. #11

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    394
    Last time I tried to report a false positive to McAfee via their online chat support, I spent 10 minutes trying to explain the very concept of a false positive to the retard on the other end. "No sir, if it says there is a virus then there is a virus."

    I gave up eventually and uninstalled McAfee.

  12. #12

    Join Date
    Nov 2008
    Location
    Cape Wrath
    Posts
    32
    Thank Post
    0
    Thanked 4 Times in 4 Posts
    Rep Power
    17
    AV companies are always going to be cagey about false positives. They even dream up little terms for them. If you contact Sophos mention "unwanted detection". lol

  13. #13

    sippo's Avatar
    Join Date
    May 2008
    Location
    Swindon, Wiltshire
    Posts
    1,730
    Thank Post
    134
    Thanked 189 Times in 135 Posts
    Rep Power
    152
    We had the same issues as above. I told them the head of science that was a virus on the disk and she didn't beleive me as it was from a decent company and that all schools would be sent it so wasn't true

    I really hope she took it home!

  14. #14
    jsnetman's Avatar
    Join Date
    Oct 2007
    Posts
    887
    Thank Post
    23
    Thanked 134 Times in 126 Posts
    Rep Power
    40
    The disk does not contain a virus. AV scanners flag the files as a virus as they have used a password on one or more of the protected files that are included in AV definitions as a possible virus.

  15. #15


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,649
    Thank Post
    275
    Thanked 780 Times in 607 Posts
    Rep Power
    224
    As a temporary workaround until we get a new disk (I suspect that the new disk will have the same problem if this has been going on since the spring term) I unpacked the file with wine (self-extracting, password-protected .exe), scanned the contents (clean) and re-created the .exe using the original password and 7-zip (aes).

    Mcafee didn't have a problem with the new file.

SHARE:
+ Post New Thread

Similar Threads

  1. Disk-to-Disk-to-Tape Backup
    By enjay in forum Hardware
    Replies: 30
    Last Post: 23rd November 2007, 03:21 PM
  2. RM Disk to Disk to Tape Backup Solution
    By Chris in forum General Chat
    Replies: 0
    Last Post: 2nd July 2007, 10:14 AM
  3. Sharepoint services 3.0 email alert problem
    By adamt82 in forum Virtual Learning Platforms
    Replies: 1
    Last Post: 4th May 2007, 07:54 PM
  4. Pupil alert!
    By Gatt in forum Comments and Suggestions
    Replies: 56
    Last Post: 8th February 2007, 08:24 PM
  5. UKERNA Issues RealVNC Security Alert
    By Dos_Box in forum IT News
    Replies: 0
    Last Post: 18th May 2006, 10:31 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •