Forum

Trend Micro virus w...
 
Notifications
Clear all

Trend Micro virus warning

0 Posts
2 Users
0 Reactions
290 Views
(@peridoc)
Active Member
Joined: 22 years ago
Posts: 5
Topic starter  

Why does a virus warning from Trend Micro PC-cillin 2006 stating "Detected WAR-FTPD 1.65 PASS EXPLOIT" come up every time that I start a new instance of Absolute Telnet? Is there something there to be concerned about with this? What causes this virus exploit warning in Absolute Telnet's startup routine?

Thanks for any help!
Keith


   
ReplyQuote
(@bpence)
Member Admin
Joined: 1 year ago
Posts: 1375
 

When you start Absolute, Absolute will use FTP to check the website for a new version of the software. The virus software may be mistaking this as malicious activity. If allowed to complete, Absolute will attempt this only once a week. However, if it is continuously blocked, it will try each time you run it. In the status bar, it will say something like "checking for updates..."

Brian


   
ReplyQuote
(@peridoc)
Active Member
Joined: 22 years ago
Posts: 5
Topic starter  

That makes sense, but I don't see a way to allow this to run. Since there is an exploit apparently with 1.65 of WAR_FTPD the virus software blocks it. Any chance of the FTP portion/drivers of Absolute Telnet being updated to a safe version? Here is the info page I can get to from the virus warning:

<broken link removed>

 

Their solution is "Users of War-FTPD 1.65 should upgrade to version 1.66x4 or higher." It is just very annoying to get this every time I run AT and it has been going on for some time now. Thanks for any advice... Keith [size=1][ July 31, 2006, 08:45 AM: Message edited by: peridoc ][/size]

This post was modified 5 months ago by bpence

   
ReplyQuote
(@bpence)
Member Admin
Joined: 1 year ago
Posts: 1375
 

Let me see what I can do.


   
ReplyQuote
(@peridoc)
Active Member
Joined: 22 years ago
Posts: 5
Topic starter  

Brian,

I certainly dont want to be a pest, but I did see the notice about the new beta that has come out and I was wondering if this might include a fix for my issue? If not it is no biggie...just thought I better ask.

Thanks,
Keith


   
ReplyQuote
(@bpence)
Member Admin
Joined: 1 year ago
Posts: 1375
 

I don't know that there's a fix necessarily, but there's a way now we can turn it off entirely.

It's a back-door method, but should work.

Open regedit.

Under HKEY_CURRENT_USER/Software/AbsoluteTelnet, create a new entry of type 'string'. The label should be 'disable_version_check' and the value should be 'true'.

Now, when you start absolute, it should not perform the check. Of course, this completely eliminates the version notifications you get in the app.


   
ReplyQuote
(@peridoc)
Active Member
Joined: 22 years ago
Posts: 5
Topic starter  

Bummer. I appreciate the instructions for the back-door method of shutting off the version checking piece and I might do that just to avoid the virus warning message. Since Trend blocks the communications when it detects the "virus" I don't think I am able to get version notification anyway in the program unfortunately. Hopefully a fix will be found eventually but I guess these are my options as of now. Thanks for looking into it and for the super fast reply!

Keith


   
ReplyQuote
(@peridoc)
Active Member
Joined: 22 years ago
Posts: 5
Topic starter  

Brian,

I just wanted to let you know that the registry setting "solved" my issue. How about this as a compromise:

* An option (in the options menu) to turn on and off the update checks in this manner is added.

* A manual "Check now for updates" option is added to the menu bar to manually perform a check if that option does not already exist.

Are these possible in a future release?

Thanks again,
Keith


   
ReplyQuote
Share: