Page 1 of 2 12 LastLast
Results 1 to 15 of 19
  1. #1
    Silver Lounger
    Join Date
    Jan 2002
    Posts
    1,615
    Thanks
    0
    Thanked 1 Time in 1 Post

    Antivirus update shut off (XP SR1)

    Me again.

    After a week of struggling with a dcomx.exe issue (previous post) and scanning my computer each day including in safe mode, this morning I get a message (symantec) that my live updates are not up to date. I was floored as not only is it turned on, I've seem the pop up come on many times that say the new definitions have been downloaded, and I checked just yesterday to be sure it was on and it said yes.

    I did a download, and did a scan and now there are 7 more infected files when yesterday there were none. I even ran spybot and ad-aware (both with their latest updates) twice yesterday and they got rid of stuff on the first run and the second run showed nothing. I've enclosed a jpeg of the report.

    Leesha

  2. #2
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Antivirus update shut off (XP SR1)

    My guess from a long distance is that you have "something nasty" in the Run or RunOnce keys, or possibly in the Start menu, which causes a reinfection just after a reboot.

    I would therefore run Merijn's StartupList -- click on the word StartupList in the third line of the first paragraph to download. Note that if there's stuff in the resulting file that you don't recognise, there's an associated website where people will analyse it for you -- but read the FAQ forum first!
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  3. #3
    Silver Lounger
    Join Date
    Jan 2002
    Posts
    1,615
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Antivirus update shut off (XP SR1)

    Hi John,

    Thank you for your post. I will look into this stuff when I get home after work. I've got really bad vibes on this. Fortunately the network engineer that we contract with is going to be on site today and has offered to come to my house and take a "looksee". He built my network to begin with so I'm keeping my fingers crossed. I'll show him this thread. I've been trying to do it on my own but this getting over my head and I've got a total of 4 computers on the home network including my laptop that I then bring into the office. I simply can't afford to have this hit the work network!

    Leesha

  4. #4
    Gold Lounger
    Join Date
    Feb 2003
    Location
    Wardrobe Malfunction Junction, Derry
    Posts
    2,953
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Antivirus update shut off (XP SR1)

    Leesha--

    This may be in the "been there done that long time ago" category for you, but when you clean up backdoor, make sure you do something that I find out a lot of really capable power users forget to do with antivirus. Keep the definitions up once a day. Don't rely on live update (in Norton) because it's not going to update you except once a week and that defeats the entire purpose of buying NAV. They used to--but they don't anymore. Now it'll update you around 2PM Eastern on Wednesday--5PM Pacific. From what I can see on different machines, they aren't making it clear to an awful lot of people that they are only updated weekly unless they do it manually daily.

    It'd be a little like checking CCU, ICU, or the ER once a week in your hospitals

    Here's where to go and manually update everyday. This way, you'll have the latest definitions and granted, a virus "in the wild" for which there is no updated definition or fix yet, could infect you but the frequency of this is down exponentially.

    Check this link Daily (Only updated 5 times last two years on weekend!)

    Download the Top Link--the .exe in the Intelligent Updater Package

    Good luck booting the virus, and I hope you resolved the other error. You seem able to knock down problems pretty well.

    SMBP

  5. #5
    Gold Lounger
    Join Date
    Feb 2003
    Location
    Wardrobe Malfunction Junction, Derry
    Posts
    2,953
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Antivirus update shut off (XP SR1)

    Leesha--

    My point before was that you're vulnerable if turn on Live Update and let it passively update you weekly. Keep it on by all means--but going to Norton and clicking "run live update" or words to that effect doesn't cut it. You have to be proactive and go to the link I gave you and download that very first .exe and you'll be fine. Don't worry about the byzantine labyrinth of all the other links or the MD5 Hashes, just hit that first one on your machines and you'll be fine. I wonder what you're Network guy at work is doing to update all the computers daily. Maybe this computer isn't on that network.

    I've had the chance to go over this in detail with one of the head guys at Symantec at a meeting on his laptop when he came to town to speak so it's valid--also with their tech support.

    Here's some reference so you can boot the two virii who have infected you:

    Trohan Horse Backdoor.irc.cirebot--Take it out of the race.
    Backdoor.SDbot

    Leesha, I searched for these here at the Norton Expanded Thread List (Alphabetical--Works Like a Dictionary):

    Symantec AV Center Expanded Threats

    Good luck hth,

    SMBP

  6. #6
    Silver Lounger Bruce K's Avatar
    Join Date
    Apr 2002
    Location
    Phoenix, Arizona, USA
    Posts
    1,876
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Antivirus update shut off (XP SR1)

    HI, Leesh ~

    SpyBot and Adaware are designed to find more of the ad/spy types malware rather than the trojans and virii. There are some cases where the line is close on trojans, but your anti-virus will be the first line of defence against virii and most trojans.

    Another thing to consider is that there are nasties that are designed to disable Norton AV products and get right by.

  7. #7
    Gold Lounger
    Join Date
    Feb 2003
    Location
    Wardrobe Malfunction Junction, Derry
    Posts
    2,953
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Antivirus update shut off (XP SR1)

    There are nasties that can "get right by" any-anti virus defense known to man no matter how complex, expensive, and enterprise-sophisticated--there are blended threats and hybrids and Trojans/worms that will get through firewalls as well as antivirus protection. But you can sure lower the odds of this by focusing on updating your definitions whosever you use. Symantec and all of the major companies meet and conference several times a year cooperatively on these. They all know each other, and they all share their information to a considerable degree. And when they send their chiefs to speak they'll show you that.

    Leesha is using Norton--it could be any of them--many are good, all are vulnerable to a degree.

    But waiting once a week for live update to update definitions is upping your vulnerability exponentially--any Antivirus you use is only as good as the latest definitions--that and keeping aware of the delivery modes as best you can is better than not. It's axiomatic that there are going to be scripts and blended threats and future attacks with new weapons to get through any AV or Firewall, just as diseases will get around or resist cutting edge medicines.

    SMBP

  8. #8

  9. #9
    Silver Lounger
    Join Date
    Jan 2002
    Posts
    1,615
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Antivirus update shut off (XP SR1)

    Hi All,

    Well I've read the posts and you can be sure I will be doing my updates manually as well as leaving the live-update running. Our network engineer worked on my system for quite a bit and it looks like its only hit "Jake". He is a mess and we aren't confident that all is well. Tomorrow morning will tell. He ran all the "fixes" symantec suggested and then detected virus issues that aren't even mentioned, leaving the impression that is something very new, a hypbrid that hasn't had cleaning directions posted, etc.

    On the upside, I have to say that the "wondering" what the code is behind these viruses has me intrigued. Ya gotta respect the brainpower behind these things.

    I'm keeping my fingers crossed. As always, thanks so much for the help and support. I will add your suggestions to my bag of tricks!

    Leesha

  10. #10
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Antivirus update shut off (XP SR1)

    If you're interested in becoming a virus/trojan analyst, check out this webcast from yesterday: Tools and Tips for Analyzing Malware. (You have to register to listen, but it's free.)

  11. #11
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Antivirus update shut off (XP SR1)

    I think you were on the cutting edge there. Trend Micro's Virus Encyclopedia lists these trojans as being very recently discovered:

    <table border=1 bordercolor=black bgcolor=white cellspacing=0 cellpadding=5 align=center><td>Name</td><td>Discovered</td><td>BKDR_CIREBOT.A</td><td>Aug. 5, 2003</td><td>BKDR_CIREBOT.B</td><td>Aug. 6, 2003</td></table>
    Best wishes for a speedy recovery for "Jake"!

  12. #12
    Silver Lounger
    Join Date
    Jan 2002
    Posts
    1,615
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Antivirus update shut off (XP SR1)

    Well, I like to be on the cutting edge of things but the nurse in me is highly insulted that this virus got past me!! I can't wait to check out the site you suggested above.

    It's been a long day. Hopefully "Jake" (affectionately named after John Wayne) is on his way to recovery. I've got video's to make. I'm now a week behind!!!! Enough of this stuff!

    Leesha

  13. #13
    Gold Lounger
    Join Date
    Feb 2003
    Location
    Wardrobe Malfunction Junction, Derry
    Posts
    2,953
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Antivirus update shut off (XP SR1)

    Backdoor sdbot:

    SMBP

  14. #14
    Silver Lounger
    Join Date
    Jan 2002
    Posts
    1,615
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Antivirus update shut off (XP SR1)

    Thanks!! I'll pass this on to our network engineer.

    Leesha

  15. #15
    Gold Lounger
    Join Date
    Feb 2003
    Location
    Wardrobe Malfunction Junction, Derry
    Posts
    2,953
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Antivirus update shut off (XP SR1)

    I guess it depends on who claims they discovered it. Symantec has it August 2; Trend always does a great job. If there is much you can do beyond keep a heads-up to the ways these can be delivered to you from the various newsletters/alerts and update your definitions as often as they come, I'm always interested in knowing what else. I think there will be new software soon that will claim to be able to hit the blended threats .better

    MS Security Bulletin on Exploit Used

    Symantec says they discovered it in the wild on August 2, and that you were protected if you manually downloaded their definitions on the afternoon of August 4 Monday. This is a good example of why it pays off to manually use a few mouseclicks (takes 5 seconds): Link to Intelligent Updater (they are usually up around 3-6PM Eastern at the latest, ocasionally as late as 8PM Eastern). Put it on your quickstart if you're using Norton and get it's counterpart if you're using something else. Can save a headache.

    SMBP

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •