how-to block ads
|
ninersfan
join:2001-02-09
Hayward, CA
| reply to Xstealth
Re: New Kazaa Magic Eightball Virus deletes MP3s
said by Xstealth  :
Niner, I use Ontrack SystemSuite. When I do a full scan,(uh....yes...I update regularly), I get the same thing about zipped files, they can't be scanned, but the program says that they are likely low risk. So, what do I do about all these zipped files that are considered low risk by the program, yet are of atleast some considerable risk in my opinion.
Interesting, as I have Ontrack SystemSuite v4.0 myself (and use that antivirus as my backup for an alternate system scan), just I don't keep it memory resident as it's never recommended to have two memory resident antivirus scanners.
Anyway, to answer your question...Personally, I think Ontrack (Trend Micro is providing the antivirus engine here) is in the same class/category of Symantec and McAfee in regards to releasing protection against whatever the threat dujour is so to speak, but to be extra safe...the best way to scan a recently downloaded (questionable) file is both before and after un-compressing.
The act of uncompressing a file in itself is low-risk as they are not able to "self-execute", but that normally must be done by the user too.
Personally, I try to take the added precaution if I'm ever downloading the theoretically more risky type files of at least waiting a few or more days (especially over long holiday weekend periods) before accessing the recently downloaded file. This gives the added benefit of allowing whichever antivirus flavor you choose to use the opportunity of becoming aware of the latest threat and including the protection in their most recently issued definitions.
Note that in System Suite 4.0 there are configuration options to scan in archives (meaning compressed files), so you may want to check that box for default scanning anyway.
I believe though that this is a variation in the "on demand" type scanning as opposed to a full system scan which may not be scanning compressed files, which for all practical purposes are low risk until uncompressed.
For testing purposes myself, I have some zipped klez samples on my machine which are of no worry to me whatsoever...just wouldn't want to unzip them accidentally and leave them sitting around that way if you know what I mean. 
[text was edited by author 2002-11-29 18:43:05] | |
Xstealth
join:2002-03-19
Chicago, IL
| reply to ninersfan
Niner, I use Ontrack SystemSuite. When I do a full scan,(uh....yes...I update regularly), I get the same thing about zipped files, they can't be scanned, but the program says that they are likely low risk. So, what do I do about all these zipped files that are considered low risk by the program, yet are of atleast some considerable risk in my opinion.
--
I am 'The Wise' as what I speak reaches further than the abyss of space. | |
ninersfan
join:2001-02-09
Hayward, CA
| reply to corster
said by corster :
and my McAfee caught SubSeven and when it couldn't clean it or delete it, it quarintined it. My Norton just halted my computer!
Did you have your Norton updated with the 11/27/02 definitions?
Unfortunately, I didn't get a chance to track this down further yesterday as was busy with gobble, gobble
Apparently, Norton was offering protection from this virus (trojan) all along, just by a different name as is usually the case with Symantec. Had me a little concerned as Symantec has always been a step ahead of McAfee in the past on newly spreading threats.
Still, this is another example of the need for *everyone* to keep their antivirus definitions up to date as you never know what lurks out there.
FWIW, Symantec has named this one: W32.Darkgoose.Trojan
(I think someone has a sense of humour there too 
»securityresponse.symantec.com/av···jan.html
said by Mcafee:
When run, the trojan creates a batch file on the root of the C:\ drive, Abracadabra.bat. This batch file contains instructions to delete all files in the following directories and subdirectories:
Looks to be the same description as the one in Symantec's link above.
said by Symantec:
When it is executed, W32.Darkgoose.Trojan creates the file C:\Abracadabra.bat
This batch file contains instructions to delete all files from these folders:
C:\
C:\Windows
C:\Windows\System
C:\Windows\System32
Now I had previously found the file eightball2.zip on KaZaA and downloaded it, was planning to submit to Symantec if necessary, but decided then to just delete instead.
I could always test it with the current definitions, now I've found that Norton doesn't detect viruses in compressed files on download, but seems to check only on a manual scan or when unzipping.
Anyway, the Virus Definitions (Intelligent Updater) * November 27, 2002
and
Virus Definitions (LiveUpdate™) **
November 27, 2002
offer the needed protection so it looks like we can relax on this one, but who know's what's next...stay tuned 
--
Opinions are like ?ssholes. Everybody has one. — “Dirty Harry”. | |
corster
Premium
join:2002-02-23
Ottawa, ON
clubs:  | reply to ninersfan
and my McAfee caught SubSeven and when it couldn't clean it or delete it, it quarintined it. My Norton just halted my computer! | |
|
