dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
530

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

2 recommendations

Name Game

Premium Member

Norton AV cannot repair files infected by a Trojan

I see many people in here angry that there files can not be repaired by there AV with just a click of the mouse..Norton has told their users why..but no one ever reads it.

Why Norton AntiVirus cannot repair files that are infected by a Trojan or a worm

»www.symantec.com/avcente ··· orm.html

What to do if you suspect that your computer is infected with a virus, worm, or Trojan
»www.symantec.com/avcente ··· jan.html

TCO1962
Premium Member
join:2001-07-02
Champaign, IL

TCO1962

Premium Member

said by Name Game:
I see many people in here angry that there files can not be repaired by there AV with just a click of the mouse..Norton has told their users why..but no one ever reads it.


I hope you weren't referring to me Name:) I wasn't angry at all. My "thing" was all new to me. Been computing/surfing for years and had NEVER dealt with anything before (*pats self on back for prevention programs*)

Randy Bell
Premium Member
join:2002-02-24
Santa Clara, CA

Randy Bell to Name Game

Premium Member

to Name Game
excellent post, Name Game. For others' convenience, I'm posting the information here:

In general, a virus can be distinguished from a Trojan horse or a worm by the fact that a virus attempts to infect otherwise clean files. That is, a virus attempts to attach itself to a host file and infect other files when the host is executed or opened. The simplest viruses add malicious code to an existing executable file, and then modify the file to run the malicious code before running the otherwise clean program. The second picture in the above graphic shows how a virus attaches its malicious code to an otherwise clean program.

Trojan horses differ from viruses in that, instead of infecting an existing file, the entire body of code that is contained within the Trojan horse program is used for malicious or otherwise undesirable intent (third picture in the preceding graphic). Examples of Trojan horses include programs designed to delete files or folders upon execution, password stealers, backdoors (which often include remote-control capabilities), and even annoying programs that cause unexpected behavior of your mouse or keyboard, or with visual elements on your computer screen.

A worm is similar to a virus in that it also searches for other hosts. However, unlike a virus, a worm does not infect files. A worm is like a Trojan horse in that the entire body of the worm contains code that facilitates the worm's function--to spread, and in some cases, to deliver its payload. Looking at the graphic we can see that both Trojans and worms contain no clean code, only the malicious code of the program's author. It is for this reason that there is no way to repair these programs, since there is nothing to repair. The only solution is to delete the file or files that comprise the malicious program.

For more information, please read the Knowledge Base article What is the difference between viruses, worms, and Trojans? :)
[text was edited by author 2002-11-07 09:37:46]

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game

Premium Member

Not in the least TCO1962..in fact it is a feather in Symantech's cap to tell it like it is . NAV is a darn good product but many people expect too much out of their AV "if" they get infected.

This is not about NAV..it is about all of us and what we seem to overestimate what protection is really all about. I posted this for a member who is a friend of mine some time ago. It still applies today.

______________________
Is my system protected or not?

Yes, but when you decide to execute(open) any file or attachment that you know could be dangerous to any system instead of deleting it in the first place, you are already breaking the rules that are preach all over the Internet of
1. know first who sent it to you
2. Even if you think you know, scan it first
3. Even then determine if you really want/need to see this unknown file just how imfortant is that need, based upon the facts you already know about security. There are new "badboys" written each day and no AV or AT can protect you from those 100 percent even if you tried to update them once a day.

To put it in plain english Steve. I would never send You an .exe or a .com and a few other type file formats in the first place. For those reading this post, be aware that I could do that for I have Steve's email address. I just do not send files like that to any of my friends. If they start getting used to opening that kind of file on MY account...one day my email addy will be spoofed and then I would be the indirect cause of putting him at risk.

The other tests one can do anyplace is to test the mail program you ARE using to determine if you are vulnerable just by downloading email to your PC in the first place without even opening up any attachments.

Most email clients nowdays allow MIME or HTTP viewing automatically with hooks and binding into standard applications you all have on your PC such as Audio players, all the way from the standard M$ mplayer that came with the OS to now the new generation M$ is now putting in XP...not to leave out Sonic...crescendo..and 15 other types of embedded audio players which have now been download from the web and are "associated" by default into your mail client.

That automation has been exploited by Nimda and so many other virus/trojan/worms to get into your system, unannounced, it is no wonder they all still thrive today.

I see so many people who have been around these forums and boards, who know all these things and more...yet still insist they have it all covered with a patch, a fix, a program, a killer, a stopper, a "realtime scanner", a firewall with loggers...so they jump in there with both feet and test the technical "limits" (in their opinion) of how they have their system setup.

I also see many people still forwarding email they got from a friend of a friend with everyones email addy in the headers as they forward them..not as a blind copy..but rather a .cc or just put everyone in the "send to" that is in their famous .WAB (Windows Address Book).

My suggestion..start breaking that chain...be nice to your friends if you forward those emails and clean them up first before you send them..and for your friends..instruct them how to do the same. If they can't or will not do it...ask them to take your address out of their .wab or any other address book that is used by any flavor of Outlook.

If you do not..your email addy floats all around the world for spammers and badboys to get your addy as they auto search unprotected systems of people you do not even know.

Hope this helps some members..

Best to ya Steve,
John
Name Game

Name Game

Premium Member

Now..what prompted me to start this thread is what I see out there "in the wild" today...there are more Trojan and Worms out there right now than ever before..couple with all the Porn Kings floating their stuff all over the place..it is getting nasty..people still do not "FIRST" lock down their OS, observe caution and I know it going to be a tough cyber experience if they do not go back to the basics .. work with that OS, eliminating it's vulnerablities before they even consider the third party security programs.
Fredra
Undesirable Alien
join:2000-04-08
Nepean, ON

Fredra

Member

Well made point Name Game.
Some of us do push the envelope....

pa555
Seconds Last
join:2001-05-11
Monrovia, CA

pa555 to Name Game

Member

to Name Game
Well said. Yes there are way to many people out there that don't know what caution is when it comes to opening files & or using third party security programs.
I can't come close to knowing as much as you do about security, but what I do know is a third party security programs is only as good as the person using it.
I have been asked at work or by friends how they got this virus they have a virus program why isn't it working?
I ask them have you ever updated the software or .dat files? They don't know they just know the virus software is on there computer! LMAO

Paul

afriend$
join:2002-08-20

afriend$ to Name Game

Member

to Name Game

Hey.hey,hey YOU'VE done it again THANK U

Hello "Name Game', YPU'VE done it again, AN EXCELLANT REPLY,ANSWER,and a dang good link to an excellant tester & removal tool,(I just ran Clean & Green) I am one HAPPY CAMPER to have any type of virus tester/checker & removal tool, have saved this IF EVER NEEDED, so i don't have to go looking for an answer, even though My NAV & Norton Firewall work great,, THANK U,a'friend"