Virus active in quarantine
Results 1 to 8 of 8

Thread: Virus active in quarantine

  1. #1
    Senior Member
    Join Date
    May 2002
    Posts
    147

    Virus active in quarantine

    I've been having some strange problems with the roron / oror worm.
    I'm assuming its coming through the network, although I have no shared folders. But could it transfer from a folder in My Network Places even if i don't physically open the folder?

    Anyway, the main problem is that Norton is giving me virus alerts from files which are in its Quarantine, namely Quarantine\Portal.
    Mama always said, keep your virus definitions up to date.

  2. #2
    I don't think NAV gives alerts for quarentined files. I think you are just getting reinfected through another vector. If you are on a LAN you might want to start by checking the other boxes out. Monitor connectoins made to your computer, and set up a firewall to help stop the spread. If you are not the administrator, report it to them so they can fix the problem.

    -Cheers-

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    djhuk,

    Are the number of entries in quarantine increasing............if so, I would say that you are being re-infected, as PM8228 has suggested, if not, then empty the quarantine folder and wait a bit before running Norton again, and see if it finds any more.

    AFAIK antiviruses do not report items they have already put into quarantine, but Norton is probably telling you that it found the virus, and where it has put it ..........i.e. the quarantine folder?

    Just a thought

  4. #4
    Senior Member
    Join Date
    May 2002
    Posts
    147
    I've deleted the files manually (the Quarantine program said there were no quarantined files) so I will see if they reappear again. I'm assuming they will as the same situation happened a few weeks ago.

    I have no idea how they could be transferred to me from the network, and ZA is showing hardly any connections to my computer (all UDP).
    Mama always said, keep your virus definitions up to date.

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi,

    http://www.avp.ch/avpve/worms/email/roron.stm

    You need to be careful getting rid of this one...............it bites

    It seems to spead through IRC, mIRC, e-mail, Kazaa, shared folders, mapped network drives.

    Try running "Housecall" from the Trend Micro site and see what that says.

    Good luck

  6. #6
    T3h Ch3F
    Join Date
    Sep 2001
    Posts
    718

    Greets

    Originally posted here by PM8228
    I don't think NAV gives alerts for quarentined files. I think you are just getting reinfected through another vector. If you are on a LAN you might want to start by checking the other boxes out. Monitor connectoins made to your computer, and set up a firewall to help stop the spread. If you are not the administrator, report it to them so they can fix the problem.

    -Cheers-

    This is very good advice. Good stuff PM!

    As usual I will give my simple laymans answer, PM is correct by saying that Norton, and most every AV. prog. will not give alerts regarding Quarantined files. Thus the reason for having a Log of them. Depending on the config. of you AV. you will more than likely know that the Virus exists, in a quarantined state.

    I always pay attention to the log, as it will remind you of the actual source of the infection. It is quite easy (especially with my bong soaked memory), to forget about that one "COOL" site that originated my problems.

    I also never settle for the "cannot be cleaned" messages I have received, and on more than one occasion have been able to google a removal option.

    IMHO

    Good luck.

    P:


    -Edit

    Good info too Nihil. just as I always suspect Kazaa! Why do ppl. insist on using it with confidence. I have collected Virii. intentionally on my old beat ass Dell (spare), by installing Kazaa, and unleashing it without any Security. lol Pretty interesting actually, damn wanna buy a Kentucky Fried HD?
    Get some good religion from Bad Religion.

  7. #7
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    lol Pretty interesting actually, damn wanna buy a Kentucky Fried HD?
    I'd rather have a Kitchen Fresh HDD if you dont mind.

  8. #8
    Senior Member
    Join Date
    May 2002
    Posts
    147
    Well i've put ZA to highest security, and I don't use Kazaa.

    Just had a look at the Reports:

    Source: C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\Portal\673167A8.exe
    Click for more information about this virus : W32.HLLW.Oror.B@mm

    seemed a bit strange when the reports are usually:

    Source: C:\Documents and Settings\All Users\Documents\BritneyUltimatev4.5.exe
    Click for more information about this virus : W32.HLLW.Oror.B@mm

    i.e. the actual location of the file.

    Is it possible for virii to transmit through other people's shared folders that are in My Network Places, even if I don't open that folder?
    Also, when I find myself in the Workgroup, it shows my printer (and queue) and my scheduled tasks, as well as the printers and faxes folder. how can I stop all these from displaying?
    Mama always said, keep your virus definitions up to date.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •