up-to-date: still getting virus warnings / infections

  • Thread starter Thread starter hellrazor
  • Start date Start date
H

hellrazor

Hi there,

I'm using Norton AV 2002.

My OS is Windows XP home.

My system is up to date with all critical update patches and service
packs. I've set XP up so it auto-installs patches every day. I ran
windows update for good meassure and it told me that there were no
critical updates to install.

As for Norton, I've set it up so it Liveupdates virus defs every day.
I've also set it up to perform a full system scan every 2nd day. Here's
the problem... I'm still getting periodic virus warnings! While I'm
working away, at least 4 times a day, I'll see the virus warning window
with the red background warning me about an infected file in C:\Documents
and Settings\All Users\Start Menu\Programs\startup .. or within other
directories under C:\Documents and Settings and C:\Windows\system32. I've
gone to check the actual folders and sometimes I couldn't see the
executable Norton is warning me about. Last week I saw that an infected
file called "Explorer.exe" was written to my C:\ drive, it was hidden.
Last night Norton did a full scan and it detected 3 more viruses
including something like IRC Spybot.

Why am I still getting infected??

What can I do to become fully protected? Should I re-install XP? install
2000? get a Mac? ;)

Thanks for reading.
 
Hi there,

I'm using Norton AV 2002.

My OS is Windows XP home.

My system is up to date with all critical update patches and service
packs. I've set XP up so it auto-installs patches every day. I ran
windows update for good meassure and it told me that there were no
critical updates to install.

As for Norton, I've set it up so it Liveupdates virus defs every day.
I've also set it up to perform a full system scan every 2nd day. Here's
the problem... I'm still getting periodic virus warnings! While I'm
working away, at least 4 times a day, I'll see the virus warning window
with the red background warning me about an infected file in C:\Documents
and Settings\All Users\Start Menu\Programs\startup .. or within other
directories under C:\Documents and Settings and C:\Windows\system32. I've
gone to check the actual folders and sometimes I couldn't see the
executable Norton is warning me about. Last week I saw that an infected
file called "Explorer.exe" was written to my C:\ drive, it was hidden.
Last night Norton did a full scan and it detected 3 more viruses
including something like IRC Spybot.

Why am I still getting infected??

What can I do to become fully protected? Should I re-install XP? install
2000? get a Mac? ;)
Click to expand...

Patched OS? Firewall? Old unpatched IE? Insecure IE settings? (disable
activex and scripting). Insecured email app? These are the main items.
Unpatched OS, and insecured (or insecure) ports, browser and email
app.


Art
http://www.epix.net/~artnpeg
 
Patched OS? Firewall? Old unpatched IE? Insecure IE settings? (disable
activex and scripting). Insecured email app? These are the main items.
Unpatched OS, and insecured (or insecure) ports, browser and email
app.
Click to expand...

OS is patched, firewall.. didn't have it enabled, so I've just configured
it. IE is patched up. Email client is regular Outlook, I will see if
there's a patch for that.. I would think windows update would patch it.
Anyways.. I hope having the firewall up protects me. I had never seen the
amount of virus warnings I am getting though. I never had problems under
win2K, even without the firewall.
 
(e-mail address removed) wrote in

OS is patched, firewall.. didn't have it enabled, so I've just configured
it. IE is patched up. Email client is regular Outlook, I will see if
there's a patch for that.. I would think windows update would patch it.
Anyways.. I hope having the firewall up protects me. I had never seen the
amount of virus warnings I am getting though. I never had problems under
win2K, even without the firewall.
Click to expand...

Win 2K is practically the same mess of open ports and a multiplicity
of services to disable if you don't need them. Read this:

http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html.en

A firewall is the practical way out. It's literally insane to put any
version of Windows on the internet without first taking care of this
area.


Art
http://www.epix.net/~artnpeg
 
hellrazor said:
Hi there,

I'm using Norton AV 2002.

My OS is Windows XP home.

My system is up to date with all critical update patches and service
packs. I've set XP up so it auto-installs patches every day. I ran
windows update for good meassure and it told me that there were no
critical updates to install.

As for Norton, I've set it up so it Liveupdates virus defs every day.
I've also set it up to perform a full system scan every 2nd day. Here's
the problem... I'm still getting periodic virus warnings! While I'm
working away, at least 4 times a day, I'll see the virus warning window
with the red background warning me about an infected file in C:\Documents
and Settings\All Users\Start Menu\Programs\startup .. or within other
directories under C:\Documents and Settings and C:\Windows\system32. I've
gone to check the actual folders and sometimes I couldn't see the
executable Norton is warning me about. Last week I saw that an infected
file called "Explorer.exe" was written to my C:\ drive, it was hidden.
Last night Norton did a full scan and it detected 3 more viruses
including something like IRC Spybot.

Why am I still getting infected??

What can I do to become fully protected? Should I re-install XP? install
2000? get a Mac? ;)

Thanks for reading.
Click to expand...

It seems likely to me that your computer has become the host of a
backdoor program. This kind of program downloads and installs viruses
from the Internet, and may be remote controlled. To find out which one,
it may help to install a bi-directional firewall such as Zonealarm.
Before you install ZA, though, you should restart your computer in Safe
Mode and run a full system scan with Norton. Then install ZoneAlarm,
and see which programs are trying to connect to the Internet. The
built-in WinXP firewall will only hide your ports and block incoming
unwanted traffic. ZoneAlarm will detect and stop unwanted traffic in
both directions.
 
ZoneAlarm will detect and stop unwanted traffic in
both directions.
Click to expand...

Yeah, ZoneAlarm would definately be a good idea in your case. And in
my experience, Virus Scanners are lousy at actually removing the virus
once you are infected. And I have tried quite a few. Your best bet
is booting into safe mode and manually deleting them.

You can find out what files and registry entries to delete exactly by
looking up the name of the virii you are infected with in most any
AV's online database.

Don't forget to set windows explorer to view hidden files, etc etc in
explorer.exe, Tools, Folder Options, View.

-john

To reply privately, remove NOSPAM from my email address.
 
Back
Top