PDA

View Full Version : Norton’s multiple personalities



nimrod
07-01-2003, 03:43 PM
Norton’s multiple personalities.

Recently I have had two rather confusing but un-bemusing experiences when Norton Internet security program has warned me about both a Virus and Trojan detected on my system. The respective infections were the; ‘W32.Klez.gen@mm’ virus and ‘NetBus’ Torjan horse.

The issue of concern is this. In both cases I have scanned the computer and no trace of the code can be found, however the fact that I received the warns in the first instance concerns me, as I am not sure whether they are actually present or not!

More specifically, in the case of W32.Klez.gen@mm I followed the instructions the instructions on the Symantec web sight. These were downloading the FixKlez removal program, deactivating system restore, restarting windows in safe mode and running the removal tool. No trace of infection was found. Since then I have also run a full system scan with Norton, the results being negative.

In the second instance with the NetBus Trojan, following the instructions on the Symantec web page I checked for any “windll.dll” files that related to the installation of the Tojan only to come up negative. Paranoia still griped me so I installed (and updated) ‘Torjan remover’ program, but no trace of this Torjan was found. Once again, I have also run a full system scan with Norton, the results being negative.


My question then is this. Can I take it at face value that my computer is free of any affliction caused by these two unwanted pieces of code?

Oh yes, sorry how forgetful of me (I must have a Tojan in my brain leaking information) my operating system is Windows XP Home edition, and I am running Norton Internet Security 2002.

Regards Stefan

Mike
07-01-2003, 04:02 PM
Stefan,

When Norton Antivirus finds something like a virus or a trojan it moves it automatically into the quarantine or fixes the problem (if it can). That could explain why when you scan your machine you don't find anything. Open up Norton Quarantine and see if there's any files in there.

HTH

Mike.

J ZEP
07-01-2003, 04:48 PM
Further to what Mike said - I had the same kind of thing last year using NAV 2002, it detected the windows bomb thing in my Firstpage download (which is actually not a problem) but because of the "default" settings for NAV it automatically protected it (well actually "denied access" to it), so it didn't show up in quarantine or anywhere that i could see it, so i couldn't delete it like i wanted too. And after advice from here (pressF1) i was told my system was safe but i would have to leave it on here, as once it has had that done you can't access it. I didn't like not having the choice to delete it though, so I just changed the default settings so i could.
Anyway just wanted to mention that in case you don't see it in "Quarantine" and are still coming up clean with the virus checks so you can check your default settings for dealing with virus's etc... when found, just in case its protected it/denied access to it :-)

nimrod
07-01-2003, 10:53 PM
That good news! Ok , another question Seeing as there is nothing under Quarantine and rerunning the virus checker finds no evidence of compromise. Then how can I disable Norton to enable access to the files that were previosuly in question. Under options I note that the option to remove is ticked, but the disable access to files is not, therefore it should just delete the file in question - right? But it does not seem to dot his.