Users login

Create an account »


Users login

Home » Hacking News » Nimda False Alarm Bugs InstallShield Users

Nimda False Alarm Bugs InstallShield Users

by Majik on November 14th, 2001 Symantec has confirmed that its Norton AntiVirus software was erroneously detecting a virus in InstallShield, a popular software installation tool.

Due to an error in virus definition files dated Nov. 9, Norton AntiVirus reported that InstallShield was infected with a variant of the Nimda Internet worm, according to a bulletin at Symantec's site.

InstallShield is a set-up program used by many leading software developers to guide users through the installation of their products. The program is deployed on over 250 million PCs around the globe, according to InstallShield's site.

According to Symantec, Norton AntiVirus was reporting that an InstallShield file named ikernel.exe was infected with W32.Nimda.enc(dr). Symantec released an updated definition file on Nov. 12 that corrects the problem, the anti-virus firm said.

By default, Norton AntiVirus "quarantines" infected files so that they cannot be used and must be deleted from the system.
As a result of the false alarm, some software developers and their customers were inconvenienced over the weekend. Internet newsgroups contain reports from Norton AntiVirus users who encountered virus warnings while installing programs that use InstallShield.

In addition, several software firms that rely on InstallShield expressed worries that the utility had infected their products.

"Lets hope ... we do not have to re-burn the thousands of CDs that we just created," wrote one software engineer with a firm that develops interactive whiteboard software.

Visitors to the InstallShield site today were greeted by a pop-up window describing the problem with Norton AntiVirus.

The virus definition download page at Symantec's site contains a similar message, including a link to instructions on how to delete the InstallShield files from Norton's quarantine folder.

"Symantec sincerely apologizes for any inconvenience caused by this false positive," said the notice.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »