anti virus question Thread poster: Lia Fail (X)
| Lia Fail (X) Spain Local time: 05:09 Spanish to English + ...
Windows XP. For about 3 years I have been using Norton Anti-Virus without any problems. That's installed on my old computer. I got a new computer on which the shop installed Kaspersky (swearing by it!). Within a few weeks it seems I have a virus on the new computer (the first signs were possibly related to Word constantly 'detecting an error' and having 'to close'). Also WinAlign gives the same error now*. SO I ran a Kaspersky check and it info... See more Windows XP. For about 3 years I have been using Norton Anti-Virus without any problems. That's installed on my old computer. I got a new computer on which the shop installed Kaspersky (swearing by it!). Within a few weeks it seems I have a virus on the new computer (the first signs were possibly related to Word constantly 'detecting an error' and having 'to close'). Also WinAlign gives the same error now*. SO I ran a Kaspersky check and it informed me of a number of infected files, which I eliminated as indicated by this program. However, it failed to eliminate them (I reran the scan to check, and they appeared again), they are still there, despite the option to 'eliminate' them. As a test, I ran Norton on the infected files, yet it failed to find any virus! What's going on? Why is Kasperksy able to detect virues, does it offer to eliminate them, yet fails to eliminate them? And why doesn't Norton detect the viruses that Kaspersky detects? *And what can I do to resolve the WinAlign program? It just closes at the stage immediately after aligning the file pairs. ▲ Collapse | | | Ralf Lemster Germany Local time: 05:09 English to German + ...
Hi Ailish, How often do you update the virus definitions on NAV and Kapersky? When did you update last, and which infections were detected? Cheers, Ralf | | | Lia Fail (X) Spain Local time: 05:09 Spanish to English + ... TOPIC STARTER
Ralf Lemster wrote: Hi Ailish, How often do you update the virus definitions on NAV and Kapersky? When did you update last, and which infections were detected? Cheers, Ralf Hi Ralf I update frequently, possibly every 2 days at least. With both programs, I live-updated just before I ran the scans. Right now both are right up to the minute. Kaspersky informs me that the files are infected by Email-Worm.Win32.NetSky.aa Is it serious, doctor?????! http://www.viruslist.com/en/viruses/encyclopedia?virusid=49747 I-Worm.NetSky.aa Aliases I-Worm.NetSky.aa (Kaspersky Lab) is also known as: W32/Netsky.z@MM (McAfee), W32.Netsky.Z@mm (Symantec), Win32.HLLM.Netsky.22016 (Doctor Web), W32/Netsky-Z (Sophos), Win32/Netsky.Z@mm (RAV), Worm/NetSky.Z (H+BEDV), W32/Netsky.Z@mm (FRISK), Win32:Netsky-Z (ALWIL), I-Worm/Netsky.Z (Grisoft), Win32.Netsky.AA@mm (SOFTWIN), Worm.SomeFool.Z (ClamAV), W32/Netsky.Z.worm (Panda), Win32/Netsky.Z (Eset) Description added Jun 02 2004 Behavior Email Worm Technical Details This worm spreads via the Internet as an attachment to infected emails. It possesses a backdoor function, and is capable of conducting DoS attacks on Internet sites. The worm itself is a PE EXE file of approximately 20KB, packed using UPX. Installation The worm copies itself to the Windows directory under the name Jammer2nd.exe, and registers this file in the system registry auto-run key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Jammer2nd"="%windir%\jammer2nd.exe" It also creates files named PK_ZIP_ALG.LOG and PK_ZIP.LOG in the Windows directory. These files are copies of the worm in UUE format and in a ZIP archive. The worm creates the mutex (S)(k)(y)(N)(e)(t) to flag its presence in the system. Propagation via email The worm searches all accessible network disks for files with the following extensions: adb asp cfg cgi dbx dhtm doc eml htm html jsp mbx mdx mht mmf msg nch ods oft php pl ppt rtf sht shtm stm tbb txt uin vbs wab wsh xls and harvests email addresses from them, sending a copy of itself to all addresses found. The worm uses its own SMTP library to send messages, and attempts to establish a connection to the server receiving the infected messages. Characteristics of infected messages Infected messages are generated randomly from the following: Sender's address Chosen at random from addresses found on the victim machine. Message header (chosen at random from the list below) Hello Hi Important Important bill! Important data! Important details! Important document! Important informations! Important notice! Important textfile! Important! Information Attachment name (chosen at random from the list below) Bill.zip Data.zip Details.zip Important.zip Informations.zip Notice.zip Part-2.zip Textfile.zip Attached archive files will have a name from the list below Bill.txt.exe Data.txt.exe Details.txt.exe Important.txt.exe Informations.txt.exe Notice.txt.exe Part-2.txt.exe Textfile.txt.exe Other The worm opens TCP port 665 on the victim machine to receive random files and execute them. Depending on the system clock settings, the worm may conduct DoS attacks on the following sites: www.educa.ch www.medinfo.ufl.edu www.nibis.de
[Edited at 2005-04-03 20:41] | | | Balaban Cerit Türkiye Local time: 06:09 Member (2004) English to Turkish + ...
|
|
Doru Voin Romania Local time: 06:09 English to Romanian + ... Viri and worms | Apr 4, 2005 |
Ailish Maher wrote: What's going on? Why is Kasperksy able to detect virues, does it offer to eliminate them, yet fails to eliminate them? And why doesn't Norton detect the viruses that Kaspersky detects? Hi Ailish, There are some big differences btw viri (or viruses) and worms. Each represents one separate category of malware. Also, there are some possible reasons for Kaspersky not being able to clean (this is the term) the viruses it reports, for instance some viruses are memory resident, or they have some protective routines against common antivirus programs. As for Kaspersky vs Norton: take my advise and rely on Kaspersky. For more info, you can read an article published while I was working as Tech Writer for an antivirus producer. You can find it here Regards, Doru Voin
[Edited at 2005-04-04 17:37]
[Edited at 2005-04-04 17:40] | | | not all anti-virus programs find/cure all the viruses | Apr 4, 2005 |
I'm using a freebie and am still quite satisfied (Avast), it updates without noticing it and I think it's comparable to the other good free ones (AntiVir and AVG) which are supposedly all about as good as the paid ones (norton, etc). Occasionally I run http://www.pandasoftware.com or trendmicro (I forget the whole site) to make sure the free ones aren't missing anything...and they never have been. In a... See more I'm using a freebie and am still quite satisfied (Avast), it updates without noticing it and I think it's comparable to the other good free ones (AntiVir and AVG) which are supposedly all about as good as the paid ones (norton, etc). Occasionally I run http://www.pandasoftware.com or trendmicro (I forget the whole site) to make sure the free ones aren't missing anything...and they never have been. In any event, your specific problem is covered here: http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=sol&idvirus=46656 and as is sometimes the case, you need to VERY CAREFULLY edit the registry (as described in the link above). Good luck ▲ Collapse | | | Uldis Liepkalns Latvia Local time: 06:09 Member (2003) English to Latvian + ... I use Kaspersky for about at least 8 years | Apr 4, 2005 |
Ailish Maher wrote: SO I ran a Kaspersky check and it informed me of a number of infected files, which I eliminated as indicated by this program. However, it failed to eliminate them (I reran the scan to check, and they appeared again), they are still there, despite the option to 'eliminate' them. The main thing is, that you can't run several antivirus programs on the same computer and the same operating platform. You can use different ones, say, if you use Linux and Windows on the same computer- but one for Linux and other for Windows. If your computer shuts down and shows other errors, the reason, probably is 2 Antivirus programs conflicting between themselves, not virus. As to updates, recommended Kaspersky updates are hourly. Also please check which Kaspersky version you are running- latest is 5.0.227, in comparison to version 4, it takes 3 times less computer resources and checks viruses as they enter your computer (not as they arrive into your e-mail program, as did the previous version). As to Kaspersky detecting virus and not being able to delete it- I have met the situation and consulted with KAV Support Service. Seems sometimes KAV destroys the virus, but leaves some part of harmless virus signature, which it detects again and again. I have explored such "infected" emails in Notepad and can say that there indeed wasn't any virus. What's going on? Why is Kasperksy able to detect virues, does it offer to eliminate them, yet fails to eliminate them? And why doesn't Norton detect the viruses that Kaspersky detects?
There answer is simple. There are no ABSOLUTE security anywhere, of course, but Kaspersky IS better. Just type "antivirus comparison" in Google. And oh, yes, be sure to add "Kaspersky" to the search, otherwise you'll end up with lots of test results where none of the major antivirus programs are included. Uldis
[Edited at 2005-04-05 10:21] | | | Uldis Liepkalns Latvia Local time: 06:09 Member (2003) English to Latvian + ... | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » anti virus question TM-Town | Manage your TMs and Terms ... and boost your translation business
Are you ready for something fresh in the industry? TM-Town is a unique new site for you -- the freelance translator -- to store, manage and share translation memories (TMs) and glossaries...and potentially meet new clients on the basis of your prior work.
More info » |
| Trados Business Manager Lite | Create customer quotes and invoices from within Trados Studio
Trados Business Manager Lite helps to simplify and speed up some of the daily tasks, such as invoicing and reporting, associated with running your freelance translation business.
More info » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |