Virus confirmation??
Results 1 to 9 of 9

Thread: Virus confirmation??

  1. #1
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901

    Question Virus confirmation??

    HI all. Today i recomended Languard to a friend who wanted to see how it works.

    He runs win XP pro. The link i provided him with was http://www.webattack.com/get/languardscan.shtml

    He downloaded it and tried to run it.

    His Norton AV 2003 popped up and said:

    malicious script WSO
    D:\Program Files\GFI\LANguard Network Security Scanner 3\InstallScript.vbs

    and it then opened up his Java console......?

    Since i dont have XP nor norton 2003, i was wandering if someone could confirm this. Is this a virus, or is it normal (since languard does include malicous scripts for testing purposes).


    His current options are system halted, allow or block it.

    Any advice would be much apreciated.

    I dont have a winbox available at this moment to test it with other AV, which is why im posting this here.


    Cheers.
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  2. #2

    Thumbs up

    Hey,

    Looks like GFI is aware of this and in their knowledge base say to ignore the Norton messages. Their response to this can be found here.

    http://kbase.gfi.com/showarticle.asp?id=KBID001653
    - Boyam


  3. #3
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    I'm not real good with virus info but I would say that its just part of the install process. I could be wrong. Maybe if you could paste the code from the script file here we could see how it works. But it should be ok. Its probably just a little script file that triggers some other operations during the install.
    =

  4. #4
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Swarisd.

    Thanky you very much. Indeed this answers my problem. Well done there.

    Cheers.
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  5. #5
    Senior Member
    Join Date
    Jan 2003
    Posts
    686
    Just to add as a note, this problem is the same whenever updating your graphics drivers and such. You should disable your AV program if you are installing an application from a "trusted" source (whether it be a website or bought from the store). This is to help the program install itself correctly.

    I know from my personal experiences with my NVIDIA GeForce 3 graphic's card, that if I don't disable my AV before I install/upgrade the drivers... I will have some serious issues after I restart my computer.
    [shadow]There is no right and wrong, only fun and boring...
    Formatting my server because someone hacked into it sounds pretty boring to me...
    That\'s why it\'s all about AntiOnline.com!
    [/shadow]

  6. #6
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    Just to add one more thing.

    since the file is a vbs file and NAV knows that many viruses are created and run as vbs it will alert you.

    malicious script WSO
    InstallScript.vbs

    I get messages like this when using the win2k resource kit, or any .vbs file/script for that matter.

    I create a .vbs script for a school project... norton pops up and wants to quarantine it...

    You can configure norton to ignore .vbs files.

    I just wouldn't recommend that to your average Joe User....
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  7. #7
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Yep, just add the vbs filename to the exception list in Norton and this annoyance goes away.

    BTW, GFI LanGuard has produced shoddy results when we tested it. I hope your friend *really* gives it the once over. One more thing that is annoying is the salesman who will hound you to death after about two weeks. As you know, you have to contact them to get a demo license to try this product out.

    My two cents...
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #8
    Member
    Join Date
    Mar 2003
    Posts
    46
    GFI Languard Network Scanner is a good network administration tool. And when you install it, it runns a Script that stores information in the Registry file, so because of so many viruses do this to trigger them selves any time the machine starts, Norton Antivirus and Norton Personal Fire Wall, stops this kind of action and ask's you if you agree that execution. Don't be afraid, you can leave it do it's work else LanGuard will not be able to do some things (like upgrade). And a litle more, you can find a vbs cript on youre hard drive named UnInstallScript.vbs that performs the remotion of the keys stores into youre registry, so when you uninstall the LanGuard, i'm shure that Norton Will ask you again.

    xDrack.

  9. #9
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Hey, thanks everyone for your replies. The info you have provided here is really helpful.

    The horse, what do you mean with license? Its a 30 day trial version. Or are you talking about the legal side of using it on 3rd party "targets"? :s

    Cheers.
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •