Virus active in quarantine

[djhuk]

I've been having some strange problems with the roron / oror worm.
I'm assuming its coming through the network, although I have no shared folders. But could it transfer from a folder in My Network Places even if i don't physically open the folder?

Anyway, the main problem is that Norton is giving me virus alerts from files which are in its Quarantine, namely Quarantine\Portal.

[PM8228]

I don't think NAV gives alerts for quarentined files. I think you are just getting reinfected through another vector. If you are on a LAN you might want to start by checking the other boxes out. Monitor connectoins made to your computer, and set up a firewall to help stop the spread. If you are not the administrator, report it to them so they can fix the problem.

-Cheers-

[nihil]

djhuk,

Are the number of entries in quarantine increasing............if so, I would say that you are being re-infected, as PM8228 has suggested, if not, then empty the quarantine folder and wait a bit before running Norton again, and see if it finds any more.

AFAIK antiviruses do not report items they have already put into quarantine, but Norton is probably telling you that it found the virus, and where it has put it ..........i.e. the quarantine folder?

Just a thought

[djhuk]

I've deleted the files manually (the Quarantine program said there were no quarantined files) so I will see if they reappear again. I'm assuming they will as the same situation happened a few weeks ago.

I have no idea how they could be transferred to me from the network, and ZA is showing hardly any connections to my computer (all UDP).

[nihil]

Hi,

http://www.avp.ch/avpve/worms/email/roron.stm

You need to be careful getting rid of this one...............it bites

It seems to spead through IRC, mIRC, e-mail, Kazaa, shared folders, mapped network drives.

Try running "Housecall" from the Trend Micro site and see what that says.

Good luck

[Galdron]

Originally posted here by PM8228
I don't think NAV gives alerts for quarentined files. I think you are just getting reinfected through another vector. If you are on a LAN you might want to start by checking the other boxes out. Monitor connectoins made to your computer, and set up a firewall to help stop the spread. If you are not the administrator, report it to them so they can fix the problem.

-Cheers-

This is very good advice. Good stuff PM!

As usual I will give my simple laymans answer, PM is correct by saying that Norton, and most every AV. prog. will not give alerts regarding Quarantined files. Thus the reason for having a Log of them. Depending on the config. of you AV. you will more than likely know that the Virus exists, in a quarantined state.

I always pay attention to the log, as it will remind you of the actual source of the infection. It is quite easy (especially with my bong soaked memory), to forget about that one "COOL" site that originated my problems.

I also never settle for the "cannot be cleaned" messages I have received, and on more than one occasion have been able to google a removal option.

IMHO

Good luck.

P:


-Edit

Good info too Nihil. just as I always suspect Kazaa! Why do ppl. insist on using it with confidence. I have collected Virii. intentionally on my old beat ass Dell (spare), by installing Kazaa, and unleashing it without any Security. lol Pretty interesting actually, damn wanna buy a Kentucky Fried HD?

[Cybr1d]

lol Pretty interesting actually, damn wanna buy a Kentucky Fried HD?

I'd rather have a Kitchen Fresh HDD if you dont mind.

[djhuk]

Well i've put ZA to highest security, and I don't use Kazaa.

Just had a look at the Reports:

Source: C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\Portal\673167A8.exe
Click for more information about this virus : W32.HLLW.Oror.B@mm

seemed a bit strange when the reports are usually:

Source: C:\Documents and Settings\All Users\Documents\BritneyUltimatev4.5.exe
Click for more information about this virus : W32.HLLW.Oror.B@mm

i.e. the actual location of the file.

Is it possible for virii to transmit through other people's shared folders that are in My Network Places, even if I don't open that folder?
Also, when I find myself in the Workgroup, it shows my printer (and queue) and my scheduled tasks, as well as the printers and faxes folder. how can I stop all these from displaying?