anti virus question Thread poster: Lia Fail (X)
|
|---|
Lia Fail (X) 
Spain
Local time: 05:09
Spanish to English
+ ...
Windows XP.
For about 3 years I have been using Norton Anti-Virus without any problems. That's installed on my old computer.
I got a new computer on which the shop installed Kaspersky (swearing by it!).
Within a few weeks it seems I have a virus on the new computer (the first signs were possibly related to Word constantly 'detecting an error' and having 'to close'). Also WinAlign gives the same error now*.
SO I ran a Kaspersky check and it info... See more Windows XP.
For about 3 years I have been using Norton Anti-Virus without any problems. That's installed on my old computer.
I got a new computer on which the shop installed Kaspersky (swearing by it!).
Within a few weeks it seems I have a virus on the new computer (the first signs were possibly related to Word constantly 'detecting an error' and having 'to close'). Also WinAlign gives the same error now*.
SO I ran a Kaspersky check and it informed me of a number of infected files, which I eliminated as indicated by this program. However, it failed to eliminate them (I reran the scan to check, and they appeared again), they are still there, despite the option to 'eliminate' them.
As a test, I ran Norton on the infected files, yet it failed to find any virus!
What's going on? Why is Kasperksy able to detect virues, does it offer to eliminate them, yet fails to eliminate them? And why doesn't Norton detect the viruses that Kaspersky detects?
*And what can I do to resolve the WinAlign program? It just closes at the stage immediately after aligning the file pairs. ▲ Collapse
| | | | Ralf Lemster
Germany
Local time: 05:09
English to German
+ ...
Hi Ailish,
How often do you update the virus definitions on NAV and Kapersky? When did you update last, and which infections were detected?
Cheers, Ralf
| | | | Lia Fail (X)
Spain
Local time: 05:09
Spanish to English
+ ...
TOPIC STARTER
Ralf Lemster wrote:
Hi Ailish,
How often do you update the virus definitions on NAV and Kapersky? When did you update last, and which infections were detected?
Cheers, Ralf
Hi Ralf
I update frequently, possibly every 2 days at least. With both programs, I live-updated just before I ran the scans.
Right now both are right up to the minute.
Kaspersky informs me that the files are infected by Email-Worm.Win32.NetSky.aa
Is it serious, doctor?????!
http://www.viruslist.com/en/viruses/encyclopedia?virusid=49747
I-Worm.NetSky.aa
Aliases
I-Worm.NetSky.aa (Kaspersky Lab) is also known as: W32/Netsky.z@MM (McAfee), W32.Netsky.Z@mm (Symantec), Win32.HLLM.Netsky.22016 (Doctor Web), W32/Netsky-Z (Sophos), Win32/Netsky.Z@mm (RAV), Worm/NetSky.Z (H+BEDV), W32/Netsky.Z@mm (FRISK), Win32:Netsky-Z (ALWIL), I-Worm/Netsky.Z (Grisoft), Win32.Netsky.AA@mm (SOFTWIN), Worm.SomeFool.Z (ClamAV), W32/Netsky.Z.worm (Panda), Win32/Netsky.Z (Eset) Description added Jun 02 2004
Behavior Email Worm
Technical Details
This worm spreads via the Internet as an attachment to infected emails.
It possesses a backdoor function, and is capable of conducting DoS attacks on Internet sites.
The worm itself is a PE EXE file of approximately 20KB, packed using UPX.
Installation
The worm copies itself to the Windows directory under the name Jammer2nd.exe, and registers this file in the system registry auto-run key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jammer2nd"="%windir%\jammer2nd.exe"
It also creates files named PK_ZIP_ALG.LOG and PK_ZIP.LOG in the Windows directory.
These files are copies of the worm in UUE format and in a ZIP archive.
The worm creates the mutex (S)(k)(y)(N)(e)(t) to flag its presence in the system.
Propagation via email
The worm searches all accessible network disks for files with the following extensions: adb
asp
cfg
cgi
dbx
dhtm
doc
eml
htm
html
jsp
mbx
mdx
mht
mmf
msg
nch
ods
oft
php
pl
ppt
rtf
sht
shtm
stm
tbb
txt
uin
vbs
wab
wsh
xls
and harvests email addresses from them, sending a copy of itself to all addresses found. The worm uses its own SMTP library to send messages, and attempts to establish a connection to the server receiving the infected messages.
Characteristics of infected messages
Infected messages are generated randomly from the following:
Sender's address
Chosen at random from addresses found on the victim machine.
Message header (chosen at random from the list below)
Hello
Hi
Important
Important bill!
Important data!
Important details!
Important document!
Important informations!
Important notice!
Important textfile!
Important!
Information
Attachment name (chosen at random from the list below)
Bill.zip
Data.zip
Details.zip
Important.zip
Informations.zip
Notice.zip
Part-2.zip
Textfile.zip
Attached archive files will have a name from the list below
Bill.txt.exe
Data.txt.exe
Details.txt.exe
Important.txt.exe
Informations.txt.exe
Notice.txt.exe
Part-2.txt.exe
Textfile.txt.exe
Other
The worm opens TCP port 665 on the victim machine to receive random files and execute them.
Depending on the system clock settings, the worm may conduct DoS attacks on the following sites:
www.educa.ch
www.medinfo.ufl.edu
www.nibis.de
[Edited at 2005-04-03 20:41]
| | | | Balaban Cerit
Türkiye
Local time: 06:09
Member (2004)
English to Turkish
+ ...
|
|
|
Doru Voin
Romania
Local time: 06:09
English to Romanian
+ ...
| Viri and worms | Apr 4, 2005 |
Ailish Maher wrote:
What's going on? Why is Kasperksy able to detect virues, does it offer to eliminate them, yet fails to eliminate them? And why doesn't Norton detect the viruses that Kaspersky detects?
Hi Ailish,
There are some big differences btw viri (or viruses) and worms. Each represents one separate category of malware.
Also, there are some possible reasons for Kaspersky not being able to clean (this is the term) the viruses it reports, for instance some viruses are memory resident, or they have some protective routines against common antivirus programs.
As for Kaspersky vs Norton: take my advise and rely on Kaspersky.
For more info, you can read an article published while I was working as Tech Writer for an antivirus producer. You can find it here
Regards,
Doru Voin
[Edited at 2005-04-04 17:37]
[Edited at 2005-04-04 17:40]
| | | | | not all anti-virus programs find/cure all the viruses | Apr 4, 2005 |
I'm using a freebie and am still quite satisfied (Avast), it updates without noticing it and I think it's comparable to the other good free ones (AntiVir and AVG) which are supposedly all about as good as the paid ones (norton, etc). Occasionally I run http://www.pandasoftware.com or trendmicro (I forget the whole site) to make sure the free ones aren't missing anything...and they never have been.
In a... See more I'm using a freebie and am still quite satisfied (Avast), it updates without noticing it and I think it's comparable to the other good free ones (AntiVir and AVG) which are supposedly all about as good as the paid ones (norton, etc). Occasionally I run http://www.pandasoftware.com or trendmicro (I forget the whole site) to make sure the free ones aren't missing anything...and they never have been.
In any event, your specific problem is covered here:
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=sol&idvirus=46656
and as is sometimes the case, you need to VERY CAREFULLY edit the registry (as described in the link above).
Good luck ▲ Collapse
| | | | Uldis Liepkalns
Latvia
Local time: 06:09
Member (2003)
English to Latvian
+ ...
| I use Kaspersky for about at least 8 years | Apr 4, 2005 |
Ailish Maher wrote:
SO I ran a Kaspersky check and it informed me of a number of infected files, which I eliminated as indicated by this program. However, it failed to eliminate them (I reran the scan to check, and they appeared again), they are still there, despite the option to 'eliminate' them.
The main thing is, that you can't run several antivirus programs on the same computer and the same operating platform. You can use different ones, say, if you use Linux and Windows on the same computer- but one for Linux and other for Windows.
If your computer shuts down and shows other errors, the reason, probably is 2 Antivirus programs conflicting between themselves, not virus.
As to updates, recommended Kaspersky updates are hourly.
Also please check which Kaspersky version you are running- latest is 5.0.227, in comparison to version 4, it takes 3 times less computer resources and checks viruses as they enter your computer (not as they arrive into your e-mail program, as did the previous version).
As to Kaspersky detecting virus and not being able to delete it- I have met the situation and consulted with KAV Support Service. Seems sometimes KAV destroys the virus, but leaves some part of harmless virus signature, which it detects again and again. I have explored such "infected" emails in Notepad and can say that there indeed wasn't any virus.
What's going on? Why is Kasperksy able to detect virues, does it offer to eliminate them, yet fails to eliminate them? And why doesn't Norton detect the viruses that Kaspersky detects?
There answer is simple. There are no ABSOLUTE security anywhere, of course, but Kaspersky IS better. Just type "antivirus comparison" in Google. And oh, yes, be sure to add "Kaspersky" to the search, otherwise you'll end up with lots of test results where none of the major antivirus programs are included.
Uldis
[Edited at 2005-04-05 10:21]
| | | | Uldis Liepkalns
Latvia
Local time: 06:09
Member (2003)
English to Latvian
+ ...
| To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » anti virus question | TM-Town | Manage your TMs and Terms ... and boost your translation business
Are you ready for something fresh in the industry? TM-Town is a unique new site for you -- the freelance translator -- to store, manage and share translation memories (TMs) and glossaries...and potentially meet new clients on the basis of your prior work.
More info » |
| | Trados Business Manager Lite | Create customer quotes and invoices from within Trados Studio
Trados Business Manager Lite helps to simplify and speed up some of the daily tasks, such as invoicing and reporting, associated with running your freelance translation business.
More info » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |
Login to reply/comment 
