retiredcop96
join:2005-06-25
Rohnert Park, CA
|  Klez.E Worm Infection
During what turned out to a laborious setup and activation of Earthlink DSL (don't even ask!) somehow the above virus managed to get past and undetected by Norton AV and Worm/Firewall. Whether or not they are supposed to detect this ewido, SpySweeper and AdAware SE didn't pick it up either. Someone on TomCoyote, a "Newb" at that, suggested I might have a worm and directed me to the Kaspersky Free Online Scan. Low and behold, after numerous Hjack This posts on a couple of different forums and a variety of fix suggestions that did not include this possibility, Kaspersky detected 4 infected files. Insterestingly enough that we situated in two AOL previous version backup that AOL stores withing its program file. I went through several different removal tools (some so involved i didn't dare use them for fear of really messing things up) before finally getting rid of the entire infection. Then I deleted both backup files as they are really unneeded.
I'm kind of disappointed that Norton failed to block or detect this. I diligently keep all my security programs up to date and this particular Worm has apparently been around for several years in various forms. I've used Norton almost since I first started going online and never had a problem unless I circumvented the program for some reason.
The Kaspersky AV program seems kind of pricey and limits you to just 1 license/installation. I'm try Avast! on my laptop (another story) but I don't really care for its interface. Someone suggested AVG. Anyone have any suggestions for a good, relatively middle line cost, AV?
Also, I apparently need a better firewall. I tried Zone Alarm about a year ago and it caused all sorts of conflicts and bled memory like crazy (kind of like this worm did). Removing was a chore; even 8 months later parts of it suddenly popped back up, perhaps due to the virus. So needless to say, I'm not enthused about going back and trying that again. Suggestions are welcome.
I suppose the moral of this story is you can't be too careful. I thought I had all bases covered but something still managed to slip by and cause all sorts of havoc. also, the oldies but goodies are still around to get you.
Gerry |
|
rotty97
join:2005-06-30
Australia | Norton is pretty good, so it is weird it did not catch it.
Kaspersky is better LOL
AVG is worse the the above, alought this really does all depend on how risky of a user you are.
Bitdefender is pretty good.
Cheers, rotty |
|
johnII
@mchsi.com
| reply to retiredcop96
Hi this worm should have been detected by Norton?
u have been infected by email-worm or, by downloaded infected mp3
i think that a worm has disabled Norton thats why it couldnt detect it i might be wrong but in the past i have had the same problem!
"The worm attempts to disable some common antivirus products and has a payload which fills files with all zeroes"
»www.symantec.com/security_respon···-2500-99 |
|
retiredcop96
join:2005-06-25
Rohnert Park, CA
| After some reflection, I also think the fact that I was temporarily stuck with dial-up, while Earthlink got their act together for our DSL activation, and didn't have use of my router firewall might also have been a contributing factor. Along that same line of thought, because we were saddled with a lowly 45 kbps as opposed to the 1769 kbps we now have, no large files were downloaded. I am suspicious that something may have climbed aboard Earthlink's Total Access software package (I downloaded the latest update to use instead of the CD which had yet to arrive) because after installation is when problems began. Since one really does not need it for either dialup nor DSL connection, I removed all traces of it within a day of installation, but I think the damage was done.
From all that I've read about Klez (trust me, a lot), I know about it having the ability to be able to hid from AVs and possibly disable them, I suppose depending on the variant.
I'm going to do some more research into AVs and Firewalls. Right now I have my router's firewall again and Windows Firewall. I'm still using Norton AV for now and have made at least one more check at Kaspersky's site.
Between the record heat, no air conditioning, Earthlink's abysmal support and this virus, it's a wonder I didn't pop a vessel in my brain.
Gerry |
|
HA Nut
Premium
join:2004-05-13
USA
| reply to retiredcop96
Pricing for KAV or KIS can actually be very reasonable. Download prices here are much better than many other brand AV or AV suite alternatives »www.newegg.com/Product/ProductLi···ory=8221 (And this is legitimate from a reputable e-tailer.) |
|
