-
May 8th, 2004, 02:19 AM
#1
Senior Member
Virus active in quarantine
I've been having some strange problems with the roron / oror worm.
I'm assuming its coming through the network, although I have no shared folders. But could it transfer from a folder in My Network Places even if i don't physically open the folder?
Anyway, the main problem is that Norton is giving me virus alerts from files which are in its Quarantine, namely Quarantine\Portal.
Mama always said, keep your virus definitions up to date.
-
May 8th, 2004, 02:21 AM
#2
I don't think NAV gives alerts for quarentined files. I think you are just getting reinfected through another vector. If you are on a LAN you might want to start by checking the other boxes out. Monitor connectoins made to your computer, and set up a firewall to help stop the spread. If you are not the administrator, report it to them so they can fix the problem.
-Cheers-
-
May 8th, 2004, 02:32 AM
#3
djhuk,
Are the number of entries in quarantine increasing............if so, I would say that you are being re-infected, as PM8228 has suggested, if not, then empty the quarantine folder and wait a bit before running Norton again, and see if it finds any more.
AFAIK antiviruses do not report items they have already put into quarantine, but Norton is probably telling you that it found the virus, and where it has put it ..........i.e. the quarantine folder?
Just a thought
-
May 8th, 2004, 02:51 AM
#4
Senior Member
I've deleted the files manually (the Quarantine program said there were no quarantined files) so I will see if they reappear again. I'm assuming they will as the same situation happened a few weeks ago.
I have no idea how they could be transferred to me from the network, and ZA is showing hardly any connections to my computer (all UDP).
Mama always said, keep your virus definitions up to date.
-
May 8th, 2004, 07:07 AM
#5
Hi,
http://www.avp.ch/avpve/worms/email/roron.stm
You need to be careful getting rid of this one...............it bites
It seems to spead through IRC, mIRC, e-mail, Kazaa, shared folders, mapped network drives.
Try running "Housecall" from the Trend Micro site and see what that says.
Good luck
-
May 8th, 2004, 08:02 AM
#6
Greets
Originally posted here by PM8228
I don't think NAV gives alerts for quarentined files. I think you are just getting reinfected through another vector. If you are on a LAN you might want to start by checking the other boxes out. Monitor connectoins made to your computer, and set up a firewall to help stop the spread. If you are not the administrator, report it to them so they can fix the problem.
-Cheers-
This is very good advice. Good stuff PM!
As usual I will give my simple laymans answer, PM is correct by saying that Norton, and most every AV. prog. will not give alerts regarding Quarantined files. Thus the reason for having a Log of them. Depending on the config. of you AV. you will more than likely know that the Virus exists, in a quarantined state.
I always pay attention to the log, as it will remind you of the actual source of the infection. It is quite easy (especially with my bong soaked memory), to forget about that one "COOL" site that originated my problems.
I also never settle for the "cannot be cleaned" messages I have received, and on more than one occasion have been able to google a removal option.
IMHO
Good luck.
P:
-Edit
Good info too Nihil. just as I always suspect Kazaa! Why do ppl. insist on using it with confidence. I have collected Virii. intentionally on my old beat ass Dell (spare), by installing Kazaa, and unleashing it without any Security. lol Pretty interesting actually, damn wanna buy a Kentucky Fried HD?
Get some good religion from Bad Religion.
-
May 8th, 2004, 12:11 PM
#7
lol Pretty interesting actually, damn wanna buy a Kentucky Fried HD?
I'd rather have a Kitchen Fresh HDD if you dont mind.
-
May 8th, 2004, 01:31 PM
#8
Senior Member
Well i've put ZA to highest security, and I don't use Kazaa.
Just had a look at the Reports:
Source: C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\Portal\673167A8.exe
Click for more information about this virus : W32.HLLW.Oror.B@mm
seemed a bit strange when the reports are usually:
Source: C:\Documents and Settings\All Users\Documents\BritneyUltimatev4.5.exe
Click for more information about this virus : W32.HLLW.Oror.B@mm
i.e. the actual location of the file.
Is it possible for virii to transmit through other people's shared folders that are in My Network Places, even if I don't open that folder?
Also, when I find myself in the Workgroup, it shows my printer (and queue) and my scheduled tasks, as well as the printers and faxes folder. how can I stop all these from displaying?
Mama always said, keep your virus definitions up to date.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|