Subject: Virus overides Norton????? From: Glen Reid Date: 21 Oct 02 - 01:13 PM Being totally computer ILLITERATE I need help quick!!!!! It seems a virus got around my recently updated Norton protection and is playing havoc with my head. It also sent out numerous infected emails with my name on it ,to who knows how many (sorry any mudcatters, who may have got one). It knocks off Norton, when I try to reactivate it. Wont let me shut down properly. I live in a rural area and my computer tech. cant be reached. Any help would be appreciated, Thanks, Glen |
Subject: RE: Virus overides Norton????? From: Max Date: 21 Oct 02 - 01:28 PM Go to www.norton.com. They might have info on it. |
Subject: RE: Virus overides Norton????? From: bernil Date: 21 Oct 02 - 03:13 PM This is another place where you can read about viruses and also do an online virus-check: Panda It sound like Bugberar which is known to affect antiviral programs. Info from that site: W32/Bugbear is a worm that reaches computers in an e-mail message which is very difficult to recognize, as its subject, contents and the name of the attached file are made up randomly. W32/Bugbear affects several antivirus programs and firewalls in order to leave the computer defenseless against other viruses and attacks. W32/Bugbear has a size of 50,688 bytes (compressed with UPX) and is written in the Visual C programming language. Additionally, W32/Bugbear drops a DLL file (dynamic link library), which contains a keylogging Trojan, detected by Panda as Trj/PSW.Bugbear 5632 (Bytes). You can also find a tool there to remove it (when you've found what it is). Good luck! Berit |
Subject: RE: Virus overides Norton????? From: GUEST,Hille Date: 21 Oct 02 - 06:19 PM Sounds BUgbearish ... there's a cleanup tool (also includes KLez) http://download.nai.com/products/mcafee-avert/stingersetup.exe (Blue clicky someone?) - very easy - very quick |
Subject: RE: Virus overides Norton????? From: GUEST,MCP Date: 21 Oct 02 - 07:36 PM This does sound like Bugbear - if it got past Norton before your virus definitions were updated, Norton have a removal tool at: Norton Bugbear removal tool page. Mick |
Subject: RE: Virus overides Norton????? From: Uncle_DaveO Date: 21 Oct 02 - 08:16 PM I have Norton, and it has a number of times told me it stopped Bugbear. But then I update my definitions weekly or sooner. Go thou and do likewise. Dave Oesterreich |
Subject: RE: Virus overides Norton????? From: Sorcha Date: 21 Oct 02 - 08:29 PM I have Norton and it has stopped bugbear several times. I also downloaded the "fix" just in case. |
Subject: RE: Virus overides Norton????? From: 53 Date: 21 Oct 02 - 08:38 PM Go Sorcha |
Subject: RE: Virus overides Norton????? From: Glen Reid Date: 22 Oct 02 - 05:13 AM Hi all, Looks like after spending most of the night dicking about with this thing, that it is indeed the Bugbear virus thats been suggested. I downloaded the Panda Active Scan and did thier scan which found 8 infected files, which were fixed. This enabled me to go to the Norton and do thier scan, which turned up nothing. The computer shuts down now in the proper way. The next thing I try will be my emails and hopefully the buggers no longer linger. Much thanks to all you good people, for the support and advice. All the best, Glen |
Subject: RE: Virus overides Norton????? From: mack/misophist Date: 22 Oct 02 - 10:02 AM If it's not too expensive for you, may I suggest you set your machine to update it's definitions EVERY night, and do a scan. That's what I do when I'm living in Windows and I've never had a problem like yours. |
Subject: RE: Virus overides Norton????? From: Bill D Date: 22 Oct 02 - 01:53 PM I delete all suspicious emails and spam BEFORE they get on my machine by using something like PopTray I also have AVG (free) anti-virus in addition to Norton.... |
Subject: RE: Virus overides Norton????? From: Glen Reid Date: 22 Oct 02 - 03:18 PM What puzzles me is, howcome I still got infected after downloading the latest Norton updates,which I have to pay for and it took a free service like Panda to make things right? Someone mentioned "Mc Affee" was a much better service and the downloads come automatically. Any thoughts? Glen |
Subject: RE: Virus overides Norton????? From: JohnInKansas Date: 22 Oct 02 - 06:03 PM If you have any remotely recent version of Norton, you should be able to set it to update to any schedule you want, and on the newer ones you can let it download automatically or have it prompt you when you're due. My recent trips to the McAffee site resulted in more time cleaning up their popups than in checking out the virus information I went for, but they are a "respectable" AV service. We've seen instances where an individual virus may get through almost any AV used, especially if you're not recently updated. It is a very good idea to bookmark several AV sites (before the next disaster) so that you have them handy; but some virus may get through any program you choose. You're probably better off with a program you're familiar with, updated a little more often, than with a new "program of the week." Since you know that "someone who knows you" has had BugBear (that's how you got it) I'd suggest that you download the "repair file" (FxBgbear.exe) from Norton and put it somewhere safe (on a floppy?) for a while. With the latest updates, Norton should catch it if it comes back, but 175KB of disk space is pretty cheap insurance. In our case, Norton stopped it the first time, but we've had 5 repeats (also all stopped by Norton), apparently from the same source, in the last couple of weeks. We're still trying to figure out which one of our friends is infected and doesn't know it yet. John |
Subject: RE: Virus overides Norton????? From: Stilly River Sage Date: 22 Oct 02 - 11:31 PM W32/Bugbear has a size of 50,688 bytes (compressed with UPX) and is written in the Visual C programming language. Additionally, W32/Bugbear drops a DLL file (dynamic link library), which contains a keylogging Trojan, detected by Panda as Trj/PSW.Bugbear 5632 (Bytes). What does "50,688 bytes" translate to in Kilobytes? It would make sense for it to be 51K, but no one seems to say so. Is there a reason? I think I've deleted several posts about that size before I opened them and even gave Norton a shot at them. If I don't recognize a name, or the subject makes less than perfect sense, I delete it, no questions asked. I was hit hard by SirCam when my notepad accidentally opened it. I had to completely reinstall the entire computer (both platforms) before I finished with that debacle. I have my Norton Antivirus and Personal Firewall set up to scan the computer every evening. I update every day or two manually, but should probably set it to do that automatically as well. Good suggestion to have a few links handy for other providers for "just in case" application. SRS |
Subject: RE: Virus overides Norton????? From: GUEST Date: 22 Oct 02 - 11:59 PM "What does "50,688 bytes" translate to in Kilobytes?" 50688/1024 = 49.5Kb |
Subject: RE: Virus overides Norton????? From: nutty Date: 23 Oct 02 - 07:03 AM 90% of viruses could be avoided by switching from Microsoft Internet Explorer to another browser (eg Netscape) |
Subject: RE: Virus overides Norton????? From: pavane Date: 23 Oct 02 - 07:19 AM Email viruses can usually be avoided by using a different email program, rather than Outlook/Outlook Express. No need to change browser for that. |
Subject: RE: Virus overides Norton????? From: Mr Red Date: 23 Oct 02 - 07:59 AM I got a hit from a Bugbear and my Norton (within 5 days of the last update) missed it. Fortunately I have a policy about attachments and files with extensions I don't understand so it got wiped summarilly. Then a Mudcat alert and a Norton update - fast. The next three hits were all found by Norton. So there was a window between where Norton were finding the problem and posting fixes. Mind you I have switched off all scripting in my e-mail client so maybe that saved me. I KNOW I would struggle with an infection and the thought of it keeps me vigilant. From what I am told Norton have the answers but the proceedure is not always that simple. Best of luck - PAL. |
Subject: RE: Virus overides Norton????? From: GUEST Date: 23 Oct 02 - 08:38 AM We use Sophos at work, and I am on their email list. When I get a virus alert email from Sophos, I run a script which downloads *all* their current IDE (identifier) files in a ZIP file and unpacks it (takes seconds), and then run the update program (two clicks). On the next reboot, usually the next morning, the PC is protected against the new virus. As it's a central network intallation, this actually means that everybody in the office gets updated the next morning and is thus safe within 24 hours of the IDE being issued. We get monthly updates on CD, but before I set up the above arrangement one user got hit by a virus the day before the next monthly update was due. Since I have subscribed to the email list, we have had no infections. Once a week is not enough. I use mutt (Unix text mode email client via a SSH connection to the server) for my email so viruses don't touch me, but I'm never going to persuade the rest of the office to do that. Anahata |
Subject: RE: Virus overides Norton????? From: Glen Reid Date: 23 Oct 02 - 10:44 AM Is "Eudora" a safer email program to be using? Glen |
Subject: RE: Virus overides Norton????? From: GUEST,JTT Date: 23 Oct 02 - 10:57 AM Eudora is a good emailer; there's a sponsored version that shows you ads, or you can buy it for around $30. Eudora lets you set up filters, so you can filter your mail into different mailboxes, like Friends, Work, Probable Spam, etc. (A good way to filter out most spam is to filter out "any header" with the word html in it. After that, you just need to filter out individual subjects like "loan", "size does matter", "earn" and so on. Then you can skim down through the Probable Spam mailbox in case any sad friend has sent you html-styled mail, and delete the rest.) If you want a good non-Internet Explorer browser, go to www.mozilla.org and download the latest (not the beta) version. Very nice, and not as popular a target for viruses as IE. |
Subject: RE: Virus overides Norton????? From: treewind Date: 23 Oct 02 - 11:43 AM Opera's another good browser, for Windows and other platforms, also available free with an 'ad' window or paid-for without the ads. BTW, Spam filtering is not the same as virus filtering. Viruses can come with any header, and from your friends (or at least with your friends' From: address) Anahata |
Subject: RE: Virus overides Norton????? From: Bill D Date: 23 Oct 02 - 05:04 PM Eudora is a great email program and the AVG anti-virus has a special setting for Eudora... for that matter, so is Pegasus Mail one the most amazing FREE programs out there...it is VERY secure, and can be tweaked in many ways. there are various ways to be safe & secure without struggling with IE, Outlook and such, which are major targets. |
Subject: RE: Virus overides Norton????? From: Mr Red Date: 24 Oct 02 - 09:39 AM the problem with all the more obscure e-mail apps is also their benefit. Occasionally I get attachments that have msg extensions. Can Opera, Pegasus, etc read those files? The last msg file was about licensing laws and PEL and from a respected source. OK catters do I read it or trash? Maybe I should crank-up Netscape and see if the e-mail client can cope. |
Subject: RE: Virus overides Norton????? From: Bill D Date: 24 Oct 02 - 11:12 AM msg? Is that what the extension says .msg? Is it different the .doc or .txt? In any good email program, you can set a preference to tell it what application to use to open ANY attachment. If you want to send ME one with a "msg" attachment, I'll try opening it in Pegasus, Opera, Netscape, Calypso, Mozilla (Netscape clone), and finally in Eudora, which is my 'final' program. (All the others are set to 'leave mail on server'). extree@erols.com |
Subject: RE: Virus overides Norton????? From: Stilly River Sage Date: 08 Oct 03 - 01:22 PM Here's a real virus alert, came in at my library workplace today. I'm posting on this old thread instead of the recent joke "virus alert" in hopes that it will be taken seriously.--SRS
It has been reported that W32.IRCBot.B may arrive in an email message about a fake program update for Norton Antivirus. The sender, updates@symantec.com, is a spoofed email address. Symantec never sends unsolicited email; the attachment should be deleted. The email message may appear as shown below: From: updates@symantec.com (spoofed email address) Subject: Last Update. Body: October 06, 2003 Intruder Alert 4.1 W32_Webb_Worm Policy This policy detects the propagation of the W32.SobigF.Worm though changes in the registry. W32.Webb.F@mm is a mass-mailing, network-aware worm that sends itself to all the email addresses it finds in various files. The worm uses its own SMTP engine to propagate and attempts to create a copy of itself on accessible network shares, but fails due to bugs in the code. In attachment you can find program that update your Norton Antivirus to Norton Antivirus 2004. Attachment: nav32.zip Please don't open the attachment, just DELETE the email. Thank You. |
Subject: RE: Virus overides Norton????? From: John MacKenzie Date: 08 Oct 03 - 01:35 PM I got a virus called W32.SwenA@mm last week and Symantec sorted it out. It showed when NAV stopped scanning outgoing e-mails. I think I got it through Kazaa Lite,as the summary of the virus scan mentions it, although I had deleted Kazaa some time before, so assume that it was a lurker. Giok |
Subject: RE: Virus overides Norton????? From: Burke Date: 08 Oct 03 - 04:51 PM There's a version of W32/Gibe-F aka SwenA that gets past the virus checker on our mail server at work. My Sophos detects it as it's being downloaded, but reports Access denied. It finally shreds when I look at the attachment directory. The e-mail message is always a Returned Mail message. This is really nasty, I almost always get two messages that have come from the same source. One is the Microsoft Patch message & our server always catches that one. The second is Returned Mail & always has the virus. I've gotten dozens of them in the past week and a half. |
Subject: RE: Virus overides Norton????? From: artbrooks Date: 09 Oct 03 - 12:00 AM I got a W32 varient yesterday. The sender was allegedly Microsoft, and the message was something like "install this upgrade immediately." Norton caught and quarentined it. |
Subject: RE: Virus overides Norton????? From: Gurney Date: 09 Oct 03 - 12:26 AM |
Subject: RE: Virus overides Norton????? From: Gurney Date: 09 Oct 03 - 12:39 AM It isn't a bad idea to have two browsers on your system. I once downloaded a patch that monstered IE, and I couldn't get it to contact Microshaft. I had to load Netscape from a coverdisk. I also received a worm that Norton couldn't find, maybe they just hadn't had time as it was an English one. InoculateIt (free at the time, eTrust as it is now is cheap still) found it. InoculateIt used to work in parallel with Norton, but I don't know if eTrust still does. |
Subject: RE: Virus overides Norton????? From: nickp Date: 09 Oct 03 - 05:56 AM Innoculate/eTrust (which I use at home and also the businiess version at work) from www.cai.com. They've always seemed on the ball to me. |
Subject: RE: Virus overides Norton????? From: Beverley Barton Date: 10 Oct 03 - 05:07 AM this page looks way too clever for me, so i'll sling my hook! |
Share Thread: |
Subject: | Help |
From: | |
Preview Automatic Linebreaks Make a link ("blue clicky") |