Background: A couple of months ago, my ISP decided to provide its customers with a free - customized - copy of Norton Internet Security 2002.

Today, I got a mail from my provider:

Skynet Customer Care
Dear customer,

You dispose of the Security Pack with therein a user’s licence for the Norton Internet Security 2002 software.

We have recently learned that this CD-Rom contains an inactive virus (W95.Hybris.gen). We ensure you that the source of infection can not be imputed to the Norton internet Security 2002. A deeper investigation should enable us to define the cause of the infection. The virus cannot

activate itself. It is only present on the CD-Rom and cannot infect your pc.

In fact, it cannot become active unless you perform a series of complex actions that are not necessary to install the Security Pack. And even

if, for some reason, the virus is activated, your pc is not in any danger. The Norton antivirus software will detect and automatically

neutralise it (if the option “autoscan” that is activated by default, has not been deactivated).

Belgacom Skynet commits itself to send you a new CD-Rom in the next 4 weeks.
If you wish to install the Security Pack in the meantime, we recommend you follow the usual procedure as mentioned on

http://install.security.skynet.be.

When you have received the new CD-ROM, there is no need to install the new version if the old one is still present on your pc. We recommend

to throw away the old CD-Rom and to keep the new one just in case an installation should be necessary in the future (for instance, if you

have bought a new computer or if Norton Internet Security 2002 is no longer available on your pc).

Yours sincerely,

Stefan Devroey
Customer Care Director
BELGACOM SKYNET
Here's what I've tried/found out so far:

- I virusscanned the CD with Kasperksy. Kaspersky didn't find anything.
- I ran Tauscan on the CD. Kaspersky went ballistic, saying C:\Documents and Settings\Admin\Local Settings\Temp\tnp534.tmp.exe and /tnp320D.tmp.exe and /tnp3608.tmp.exe are infected with the W95.Hybris.gen-virus.

- I virusscanned the CD with Norton. Norton found three instances of the virus:
F:\nis\en\support\navtools\repair\fixhybf.zip, F:\nis\nl\support\navtools\repair\fixhybf.zip, F:\nis\fr\support\navtools\repair\fixhybf.zip

(the CD comes in three languages: dutch (nl), french (fr) and english (en)). It couldn't disinfect the files - it did quarantaine them though.

- Tauscanning the CD gave me the same results as with Kaspersky.

- I virusscanned my HDD with both Kaspersky and Norton. They didn't find anything. I unzipped the fixhybf.zip to my HDD. Both Kaspersky and Norton went ballistic.

- According to Norton,the W95.HybrisF Fix Tool will repair the infection caused by W95.HybrisF. Too bad the file 'repair-tool' is infected with the virus itself... *sigh*.

Here are my questions: 'It cannot become active unless you perform a series of complex actions....'. Tauscanning a CD isn't that complex, is it? I'd be interested in knowing how Tauscan works though, since the virus was found in my temp-files.

What's the use of the zipped files on the CD if they - obviously - aren't used by Norton?