Re: AIM Send out random messages
From: PA Bear (PABearMVP_at_gmail.com)
Date: 05/23/05
- Next message: sean: "RE: Group Policy & Hotmail"
- Previous message: sean: "Group Policy & Hotmail"
- In reply to: Lord Loki: "Re: AIM Send out random messages"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 23 May 2005 15:43:48 -0400
First things first: Contact Symantec about your subscription.
Symantec Support:
http://www.symantec.com/techsupp/index.html
I see a Subscription Troubleshooter on the above page, LL. Using it will
require accepting a cookie and probably installing an ActiveX control.
YMMV.
-- ~Robear Dyer (PA Bear) MS MVP-Windows (IE/OE) & Security Lord Loki wrote: > Ok, I retried to scan my computer in safe mode (this time using the > msconfig > method...) and norton still wont open >.< > > I downloaded the latest virus definations for intellegent updator... > however > when i go to install them it says i cannot, and that its expired... > > "Your virus protection cannot be updated. > Your subscription as expired. You must renew your subscription to continue > using Intellegent Updater. Run LiveUpdate from Norton AntiVirus to renew > your subscription and then run Intellegent Updater again." > > i ran live update again, just to be sure, its fully updated, tried > installing again and got the same message... i JUST bought norton a few > months ago its definatly not expired... is live update something i have to > pay for myself? (darn... more and more problems keep on coming...) > > i'm not so sure i'm ready for the HijackThis thing... with my luck i'd > accidently delete something very important... > > also... i deleted aim, but aim was no longer connected to the virus once > it > got in right? so if i reinstalled it, it'd be ok... because the one virus > i > did delete was most likely THE aim virus? (since it gets passed through > aim, > and thats what it does...) so i could reinstall aim? or should i wait > longer? > > Jim, you think its a trojan and i'm being hacked? or atleast my computer > is > being used for whatever? > > what kind of "non-viral backdoor" something OTHER than spywar, adware, > trojans, worms, and viruses (obviously)??? what else is there....? > > yet again, thank you both for your assistance ^^ > > "Jim Carlock" wrote: > >> FWIW there is software out there that is NOT considered virus but >> is used to open a PC up for "folks" to access it anytime "they" want. >> >> There is some FTP server software. Virus scanners will never catch it, >> but a good firewall should catch it and present a message that something >> is trying to open up a certain port (Serv-U ?). >> >> So if something opened up the system, "the attackers" commonly put a >> non-viral backdoor in place that will never be detected by virus >> scanners. >> >> -- >> Jim Carlock >> Please post replies to newsgroup. >> >> "PA Bear" <PABearMVP@gmail.com> wrote: >> Lord Loki wrote: >>> I delted it... however... i dont think its that... >.< even though it >>> does >>> sound right (i read the symantic thing before i deleted...) because when >>> ever i turn on the comp it still tries to "install" something... >>> otherwise >>> everythings fine... i think... >> >> Not surprising. >> >>> by manually updating... you mean going to the site and manually >>> downloading, >>> or going into norton using live update, but dont just let live update >>> wait >>> for a few weeks to do it itself? (NAV users?) >> >> Yes, manually seek and install updated definitions. See Intelligent >> Updater section here: >> http://securityresponse.symantec.com/avcenter/download.html (posted >> earlier, too). >> >>> also... this morning, we found a virus on the home computer, this was a >>> bloodhound... do you think my virus would cause that to get through the >>> network into the home comp, or that its unrelated? >> >> There are literally /hundreds/ of Bloodhound variants and, yes, most >> likely >> "your" Bloodhound was "dropped" by the Trojan. >> >>> lastly... how do you run a system scan in safe mode? i tried... and i >>> couldnt even open norton >.< >>> every time i tried it froze.... >.< and went to "send error report?" >>> would a virus cause that (or hacker), or would that just be me, somehow >>> screwing things up? >> >> Again, see instructions on this page for booting to Safe Mode: >> http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 >> >> It would be highly unusual for NAV not to work in Safe Mode but [stuff] >> happens. >> >>> Thanks for your help >> >> YW. Let us know how you make out. Note that it might take several >> updates >> and scans over several days in the coming week or so for NAV to be able >> to >> find and remove everything. >> >> You might follow the QuickFix protocol here >> http://aumha.org/a/quickfix.htm, then scan your system with HijackThis >> (don't let the name scare you) and post your log to an appropriate forum. >> Do not post your log here, please. -- >> ~PA Bear >> >>> "PA Bear" wrote: >>>> Well, yes, that could be /your/ Trojan... >>>> >>>> Symantec Security Response - W32.Allim.A: >>>> http://securityresponse.symantec.com/avcenter/venc/data/w32.allim.a.html >>>> >>>> This one displays a message "hey check out _this_!" where "this!" is a >>>> link >>>> to the URL: http:/ /adw[domain removed]eo.com/gallery/pictures.php. A >>>> recipient must click on the link, download a file, and then execute the >>>> file which then installs a W32.Spybot.Worm >>>> variant(http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html). >>>> >>>> But Allim.A dates from a few weeks ago (Discovered on: April 26, 2005). >>>> >>>> From another post in this thread: >>>> >>>> Symantec Security Response - W32.Opanki (Discovered on: May 18, 2005) >>>> http://securityresponse.symantec.com/avcenter/venc/data/w32.opanki.html >>>> >>>> Here, the message is "check this out, is that you?", where "this" is a >>>> configured link that will download a copy of the worm if a user clicks >>>> on >>>> it. >>>> >>>> To be safe, I'd manually install virus definition updates via >>>> Intelligent >>>> Updater (http://securityresponse.symantec.com/avcenter/download.html) >>>> and >>>> then run a full system scan in Safe Mode >>>> (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406). >>>> >>>> Note that NAV users who rely on LiveUpdate won't get definitions which >>>> include W32.Opanki until 25 May, according to the page!!! >>>> >>>> Let us know how you make out. >>>> -- >>>> Lord Loki wrote: >>>>> well.... I came back from dinner today and norton had a large message >>>>> for >>>>> me >>>>> saying (memorized it) >>>>> VIRUS FOUND: >>>>> object: C:\im.exe >>>>> virus: W32.Allim >>>>> >>>>> i went to the C drive, scanned the im file to be sure, it said it was >>>>> an >>>>> unreparable virus, i quarenteened, then deleted.... its gone forever >>>>> now >>>>> right? and...... you think that is THE virus that was causeing the >>>>> strange >>>>> happenings? O.o ^^
- Next message: sean: "RE: Group Policy & Hotmail"
- Previous message: sean: "Group Policy & Hotmail"
- In reply to: Lord Loki: "Re: AIM Send out random messages"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
