Family Historian User Group

I use Family Historian V3 and on my daily virus scan it detected a virus W32/Backdoor.sct in FH.exe. The file was deleted and I tried to reinstall from the cd. The virus scanner would not allow the cd to install FH.exe as it was the same virus. My virus scanner is by http://www.f-prot.com

Anyone else get this?

ID:1970

I got the same trouble. I was using netlworld net.guard

I disabled my virus scanner and this allowed re installation of the programand everything seems ok

Then I re-enabled my virus program and the program didn't worl same message e the Backdoor virus

Have the same problem - using NTL as well.
Have reinstalled version 2.1.8 and this seems OK but when I update to Version 3 get virus detected message

I emailed Simon Orde this morning who replied saying that he had spoken to F-Prot and they promised to remove it in a new virus update shortly as it was a false positive.

Hopefully should be sorted soon

Copy of email from Simon Orde
Dear Laurie Clements
I have been contacted by both S&N Genealogy Supplies and My History about
the problem you have been having with NTL Security suite claiming to detect
a virus in FH.EXE.
Unfortunately it does sometimes happen that Anti-virus software gets it
wrong and claims to have detected a virus where there isn't any.  The
publishers call this 'false positives'.    This is what has happened with your NTL Security Suite.  It claims to have detected a virus in FH.EXE where there isn't one.  I have had 2 reports of this happening today (yours and
one other) and I have already contacted the publishers about the first one.
That one occurred with an AV product with a different name from yours - but
very often the same AV software is used in many different contexts, but with
different names.  I have spoken to NTL and they have confirmed that they use
a 3rd party program (badged with their name on it), but have not yet got
back to me to confirm which one it is.  As the symptoms are identical to the
other AV product I am pretty sure that it is the same underlying AV product
(it would be an extraordinary coincidence if they weren't).  The makers of
the first AV package have promised me to act on this very quickly.  I will
let you know when I have confirmed details about your NTL Security Suite
product too.

Hopefully you should find that within a few days, the problem will have gone
away.  Your AV software will update its virus signatures (the data it uses
to decide what is or is not a virus) and this was have been fixed, so that
it will no longer claim that fh.exe contains a virus.  However, if the
problems persists for more than a few days, do get back to me.

Best wishes

Simon Orde
Calico Pie
Publishers of Family Historian

I have just posted a message the FHU Mailing List about this.  But for the benefit of FHUG members who do not subscribe to that list, here is a copy of the email:

-------------------------
Subject: *** False virus detection

Following today's postings about false virus detection, I just wanted to
give everyone a quick update on the situation.

Yesterday I heard from 3 users about 'false positives' (that is - claims to
have detected a virus in a program that doesn't have one) with Family
Historian's main program (fh.exe) in 3 anti-virus programs:

f-prot
NTL Security Suite
CA Pest Patrol

That is in addition to the following which were mentioned in this mailing
list:

NTL's Netguard (or is this the same as NTL Security Suite?)
Blueyonder's PCGuard

Moreover I also heard yesterday from publishers of other software programs
that their programs have been similarly affected (in a forum thread titled
'It's AV False-postive Time Again') - and some of these mentioned yet more
Anti-Virus programs.

If this has happened to you - please read the following:
--------------------------------------------------------------------

First - please don't be alarmed.  Family Historian does not contain a virus.
People have reported AV products that claim to have found a virus in Family
Historian (fh.exe), even after they've just installed it (or as they install
it) from the CD.  Clearly this is a problem is with the AV product.  You
can't infect a program on a CD that isn't even writable.

Second - unless you are in a hurry to fix this problem urgently, you don't
actually have to do anything.  It should fix itself in a matter of a few
days.

Anti-virus programs do get it wrong from time to time (generate false
positives).  When this happens, it is obviously very annoying, but the
publishers are usually pretty quick to respond and correct their virus
signatures (the things that they use to detect viruses).  I spoke to the
F-Prot people yesterday and they said they would correct their virus
signatures straight away - possibly by that afternoon!  I do doubt that
somehow, but that's what she said.

Typically most AV products automatically refresh themselves with the latest
virus signatures periodically.  So after a while (hopefully no more than a
few days), you should find that your AV product has updated itself and it
stops causing problems with Family Historian.

If you don't want to wait, here are some things you can do now (apart from
simply disabling your Anti-Virus program):

Some AV products can be configured so that you can explicitly tell them to
ignore particular products.  In that case, try seeing if you can configure
your AV product to ignore Family Historian.  If you can't do that, you may
also find that you can fix the problem by disabling runtime scanning,
without disabling the AV product altogether.  But you may or may not want to
do that.

We have already contacted the publishers of 2 AV products and will be
chasing them up and anyone else we need to talk to.  There are probably
fewer products than might appear from the list above.  Companies frequently
stick their own badge label on 3rd party programs.  So, for example, NTL
Security Suite, NTL Net Guard and Blueyonder's PCGuard may all turn out to
be the same product - or indeed all of them may use the same underlying
'engine'.  Even if they aren't or don't, they may share virus signatures.

Hopefully, the problem should have sorted itself after a few days.  If it
hasn't please post again here.

If anyone feels like personally protesting to the AV publishers, or to their
ISP (if the ISP provided the AV product) about this - please do so!  The
more complaints they get about this the better.

Finally - I'm not trying to put the lid on this discussion.  By all means
keep posting here if you have any concerns about this, or useful advice for
others.

Simon Orde
List Administrator & Family Historian designer

This has been fixed by f-prot today.

Telewest Broadband Blueyonder PCGuard AV has today wiped my FH.exe without any option. I reinstalled loading 2.1.8 which was fine, but as soon as I used the upgrade to v3 the AV immediately deleted it again claiming it is the deadly W32/backdoor.SCT. I am now looking for an alternative AV!

Simon has explained the position in a timely way which is helpful. Though I hope others who have to reinstall can find their original v2 CD and do not have to buy another as I had to recently. [confused]

I was very relieved to find this thread on the forum, having spent an anxious evening yesterday wondering how we managed to get this virus. We are Telewest with PCguard. I have just reinstalled v.2 and v.3 and all seems to be running smoothly

I have ditched PCguard and switched to Avast! Home edition which is free. It is much better and does not slow my system down like the wretched Telewest effort did.[smile]

Thank you to everyone here as we had the same problem using Telewest and PCguard. Having reloaded the fh.exe file and deselected that file from scanning Family Historian is working again. This has encouraged me to join FHUG which I had been meaning to do for a while.
Hilary

For the benefit of anyone who does not subscribe to the FHU Mailing list, here is an extract from an email I posted there yesterday.  In a nutshell, it was to say that I believe the problem is now fixed, and to ask if anyone is still affected by this problem.  Since I posted it I have had additional confirmation from NTL that the problem is now fixed, and no-one has come back to me to say that it isn't.

====

Extract from post to FHU Mailing List by Simon Orde
Subject: Is anyone still getting false virus detections?
Date: 16/11/2006

Last week there was a spate of false virus detections that affected Family
Historian (and other programs too, I'm told).  It appeared initially that a
number of different Anti-Virus programs were involved, but it turned out
that most if not all of them use the same underlying technology, or are in
fact the same software badged with a different name.  After some
research, I believe that I have narrowed the hunt down to 2 AV providers -
and it is quite possible that even these 2 may turn out to be using the
same technology or same virus signatures or both.  I have now heard
from both of these providers.  One of them was the publishers of
F-prot who I quoted 5 days ago as saying

>> It has been confirmed that this has been fixed in virus signature files
>> that are currently going through testing and will be released this
>> afternoon.  Regarding the cause of the false positive, our specialists
>> will take a closer look at this issue for future reference. > Just wanted to let you know that our testing concluded that this false
>> positive issue was resolved with the definition files which were released
>> Friday, November 10, 2006. <<

It's striking that both problems seemed to have been solved at the same
time- more evidence that the underlying cause was the same in each case.

....