Results 1 to 7 of 7
  1. #1
    Join Date
    Aug 2001

    Angry Norton Fixhybf.exe

    Background: A couple of months ago, my ISP decided to provide its customers with a free - customized - copy of Norton Internet Security 2002.

    Today, I got a mail from my provider:

    Skynet Customer Care
    Dear customer,

    You dispose of the Security Pack with therein a user’s licence for the Norton Internet Security 2002 software.

    We have recently learned that this CD-Rom contains an inactive virus (W95.Hybris.gen). We ensure you that the source of infection can not be imputed to the Norton internet Security 2002. A deeper investigation should enable us to define the cause of the infection. The virus cannot

    activate itself. It is only present on the CD-Rom and cannot infect your pc.

    In fact, it cannot become active unless you perform a series of complex actions that are not necessary to install the Security Pack. And even

    if, for some reason, the virus is activated, your pc is not in any danger. The Norton antivirus software will detect and automatically

    neutralise it (if the option “autoscan” that is activated by default, has not been deactivated).

    Belgacom Skynet commits itself to send you a new CD-Rom in the next 4 weeks.
    If you wish to install the Security Pack in the meantime, we recommend you follow the usual procedure as mentioned on


    When you have received the new CD-ROM, there is no need to install the new version if the old one is still present on your pc. We recommend

    to throw away the old CD-Rom and to keep the new one just in case an installation should be necessary in the future (for instance, if you

    have bought a new computer or if Norton Internet Security 2002 is no longer available on your pc).

    Yours sincerely,

    Stefan Devroey
    Customer Care Director
    Here's what I've tried/found out so far:

    - I virusscanned the CD with Kasperksy. Kaspersky didn't find anything.
    - I ran Tauscan on the CD. Kaspersky went ballistic, saying C:\Documents and Settings\Admin\Local Settings\Temp\tnp534.tmp.exe and /tnp320D.tmp.exe and /tnp3608.tmp.exe are infected with the W95.Hybris.gen-virus.

    - I virusscanned the CD with Norton. Norton found three instances of the virus:
    F:\nis\en\support\navtools\repair\fixhybf.zip, F:\nis\nl\support\navtools\repair\fixhybf.zip, F:\nis\fr\support\navtools\repair\fixhybf.zip

    (the CD comes in three languages: dutch (nl), french (fr) and english (en)). It couldn't disinfect the files - it did quarantaine them though.

    - Tauscanning the CD gave me the same results as with Kaspersky.

    - I virusscanned my HDD with both Kaspersky and Norton. They didn't find anything. I unzipped the fixhybf.zip to my HDD. Both Kaspersky and Norton went ballistic.

    - According to Norton,the W95.HybrisF Fix Tool will repair the infection caused by W95.HybrisF. Too bad the file 'repair-tool' is infected with the virus itself... *sigh*.

    Here are my questions: 'It cannot become active unless you perform a series of complex actions....'. Tauscanning a CD isn't that complex, is it? I'd be interested in knowing how Tauscan works though, since the virus was found in my temp-files.

    What's the use of the zipped files on the CD if they - obviously - aren't used by Norton?

  2. #2
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Sound like somebodies ISP has their head so far up their a$$ they can't even provide a piss poor program like Norton without screwing it up.

    I feel for you Neg. I don't know if I could put up with that.

    It's enough to make you go postal.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  3. #3
    Hi mom!
    Join Date
    Aug 2001
    Man, talking about screwups... well, I guess it's nice of them to inform you, and replace the CD - and any idiot can understand the letter they wrote, so, thumbs up for the mopping up...

    Come to think of it - Nice of them to send you a copy of a virus-scanner in the first place. My ISP (Planet Internet) offers only server sided virus scans of email, at a charge of €1.95 a month for each mailbox (more info in Dutch).

    Oh, and by the way:
    It couldn't disinfect the files - it did quarantaine them though.
    That's probably because the file is on your CD-Rom, which is readonly (if I had 5 cents for every time I didn't think of that...)
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  4. #4
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Flint, MI
    Gotta love when that happens. Makes me lose faith in isp's. That is kinda wierd that they showed up in your temp files. We told you you should be running mandrake instead negative, but noooo, you had to go back to 2000/XP.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  5. #5
    Join Date
    Aug 2001
    My ISP uses BSD... Guess that's why they didn't spot the virus

    Oh, and Guus... ugh... Norton couldn't disinfect them on my HDD either... thx for pointing that out

  6. #6
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    South Florida
    wow, what is this world coming too. You would think that your ISP would run a virus scan on anything they sent out to customers. Hopefully they will from now on. There is a lesson to be learned here. Scan everything for viruses, even a virus scanner. Nothing is completely safe from being infected.

  7. #7
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    The Great White North
    Hi Negative, if you are concerned about being infected, you might want to check the following Reg Keys.



    Hybris will piss around with these keys if it can't replace or modify the Wsock32.dll.

    Don't know if that helps, just a thought.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts