Why is my Norton AntiVirus program not giving me the same information? I have their latest virus updates, too.

You're removing certain information from what you claim Norton provided doesn't help, either.

I'm running the Symantec AntiVirus Corporate Edition with everything up to date and every time I go to that page the box pops up and says Virus alert and then I get that text underneath it. And I remove information becasue I don't want everyone to know things about my computer system that might allow bad people to do bad things to it.

I'm not saying it's definately a virus, but my antivirus and apparently others are showing that there is something on that page that shouldn't be there.

This is what Symantec says about the virus that is coming through on that page.

"I'm running the Symantec AntiVirus Corporate Edition with everything up to date..." As do I! I'm not getting the message.

From Norton's site:

"HTML.Redlof.A is a polymorphic, encrypted, Visual Basic Script virus that infects .html, .htm, .asp, .php, .jsp, and .vbs files on all drives. Depending on the location of the Windows System folder, the virus copies itself to either %windir%\System\Kernel.dll or %windir%\System\Kernel32.dll. It changes the default association for .dll files."

As I said elsewhere, it looks like, if I read the above correctly, that the virus is already on your computer.

im sorry vid.. I use NORTON.. I have an updated version.. 2003.. what i have noticed though through experience is that i had an older version that would allow me to update as it has the live update feature.. Ok so I go to store and buy the latest Norton Antivirus and install it and it finds worms on my computer.. ???
I am not sure how or why Norton dint find it before I installed their latest version despite my updates..

The actual flag came up the secongd I went to their website .. It was on my computer at home Im at work now.. I will update my post when i get home tonight.. Sorry about that.. I think it was an H.REF or something like that.. It said that it changes all your DLL registry and attaches itself through outlook to spread...

The actual flag said it was unable to repair it.. So I did another full system scan and it showed nothing.. I am confused.. I will post this eve. the actual virus so maybe someone in the know can help us that have clicked on this link.. lol .. Thanks

Nope, virus scans and virus definition updates are done on this machine every morning at 8AM, I have never had a virus detected. I can say with 100% certainty that this virus was not on my machine before visiting that page and thankfully my AntiVirus software picked up on it and didn't allow it to get into my system.

Scotty, I'm glad you found the problem and I certainly hope, for your sake, that you can get it fixed ASAP.

Best of luck!

So are you saying VID that i already had it and by going to this page it triggered a result that showed Norton that it already existed on my computer??? WOW!!!

I started to look at the fix and it didnt look easy.. Im not a coder nor do I know hardly anything about DOS registry.. My Norton doesnt show it is still there when i do a secondary scan.. What should I do?? Im tempted to reload and start over.. OS and all .. Before I go to that extreme can anyone help??

I need to get a seperate computer for the internet.. The continous assaults I recieve as far as Trojan attempts ..People installing somehow Network connections with a NEThood.. from this Invidious.net.. Im overwhelmed with continious bombardment of A!@#holes without jobs haaving the time to actually go into my computer and cause harm...

No, Scotty. What I'm saying is that MAY have been the case. I don't know for certain. I'm not sure of anything any more, so far as these outfits are concerned. All I know is they are quick to take our money and slow to help us when problems arise (or even charge us additional sums to fix problems they should have fixed before delivering their buggy software).

I just had a VERY unfortunate experience with McAfee earlier this week. I installed SpamKiller from their site in June. It never worked right. Finally, after 3 months of haggling with them, the tech guy told me to uninstall and reinstall it. I couldn't. They wouldn't allow me to reinstall without buying another year's subscription (I had 9 months to go!). They wouldn't refund my money. I'm filing an action in small claims court. Yep, I am--matter of principle, now. I advise everyone to stay away from McAfee!

Marquat, where in the file was it? Please send me a copy at
jaygladwell[at]hotmail.com.

I called SafeHarbor (e-mailed the webmaster, too) and told them about it.

It wasn't the safeharbor link that had the virus it was the second link for http://www.worldtechdev*******.com/vegas.html that had the virus in it. The Safe harbor one was fine.

Marquat, I looked at the source code for that page, and I didn't see anything that looked out-of-the-ordinary. Where was it???

DOes anyone know then.. As i only went to the safeharboer site if I was infected or not??? Please help

That time I got the warning!

I found the code, too. <pause>

Just got off the phone with the Pres. of the company. Told him about the infected page. He was very grateful.

Thanks to EVERYONE who pointed this out. If I offended anyone by anything I said, please accept my MOST SINCERE apologies!!!

J--

When are you guys going to learn to install a firewall if you're on the Internet?

Its getting to be more DANGEROUS out there. Just the other day my firewall picked up a wannabe Trojan that was pretending to be Windows Update. Hackers are getting more clever.

It is getting more common to fake being a "trusted" application, like above and in fact be something else living up to being a Trojan in the real sense I guess.

Luckly, good firewire software compares the file signature to any instance asking for permission to go outbound and then brings up a warning that the asking application has changed from its previous known configuration. This of course can be harmless if you've just updated the software or more sinister if something is just pretending to be what it isn't.

Are you reading between the lines?

Let me spell it out in more detail. Somehow, somewhere I picked up a trojan. Its on my system now. It renamed itself Windows Update. It could have been on my system for days, weeks, months, just sleeping. Who knows. Then suddenly it activiates wanting to phone home* for who knows what purpose.

Because I have a firewall installed, it monitors all outbound traffic (any application from my PC) that wants Internet access and compares the application to a list of "trusted" applications I approved. If it isn't on the list, the firewall warns such and such wants a Internet connection, should it allow it?

The sneaky part is I do allow Windows Update. That's the little Microsoft applet that tells you there is a new patch, security update, whatever. Now what apparently happened is a Trojan snuck into my computer, but because the file signature of the Trojan doesn't match the known file signaure of the real Microsoft Windows Update, it flashed a warning, asking should it (the firewall) allow it to pass. Obviously, not, since it was a Trojan.

The question is, if stuff like this can get into your system WITH good anti-virus and a firewall installed, what do you think is happening if you're running naked?

The point is while I picked up some Trojan and apparntly a fairly clever one, and its still on my system, the firewall blocked it from phoning home* and doing any real malicious activity.

* phoning home in the broader context simply means some application (spell that trojan, a form of a virus) unknown to you the user, totally in the background, is attempting to gain access to the Intenet and in effect hijack your computer for who knows what purpose. If successful some hacker my network your computer with others to for example engage in a DOS (denial of service) attack against some popular web site or simply snoop on your computer anytime you're connected to the Internet, and either damage some files or copy them back to some remote computer, etc..

A good way to monitor if your computer is uploading data is to install software that monitors that and diplays such activity in a little window you can keep open. Such as DV Meter. All download traffic is shown in red, uploading (stuff coming off your computer and going to the Intenet) is shown in green. So just taking a quick look at the real time graph you can see what's going on. It does the typical daily totals and other reports too, plus monitors speed of downloads/uploads, etc..

Interesting, but different then what I caught:

http://www.networkpro.co.nz/news/Newsletter/virusnews.htm

But with this particular virus my firewall didn't pick up on it (Zone Alarm) But my Antivirus did. It's best to run both for complete protection.

I have heard very good things about the Panda software antivirus program. If anyone is thinking of upgrading.

It's not very well known, but I have heard raves about it from folks who know their stuff

DOes anyone know then.. As i only went to the safeharboer site if I was infected or not??? Please help

You should be fine, it was only the other link that had the virus. But if you are extremely paranoid then you should run a virus scan and if nothing pops up you're fine.

i did a secondary scan and it found nothing... SO i wasnt suree if somehow it masked itself.. So I ask Billyboy... i have a firewall.. Norton 2003 addition.. It tells me once everyonther day or so that I had an attempt by subseven Trojan.. Does this mean its on my computer trying to connect with the person that placed it there??? If so how do we make that go away.. And how are they placing it on my computer..

Recently I found an additional network connection to my computer.. www.invidious.net is where it was linked to.. It shows under construction.. with a logo of a nightmarish plaid psycodelic rabbit head.. Scary stuff.. And how did they do that???I dont download anything from the compouter really unless its a nesscary verified update to a program etc...

Any education or help to my above question is appreciated

I too have both a firewall and anti-virus. REMEMBER... the only things certain in life are death, taxes AND someone will always find a way around firewalls and anti-virus protection!

I'm no expert by any measure. Just keep that in mind when reading the following.

Most people are aware they can pick up a virus by opening an email attachment, dowloading some file pretending to be a graphic and in fact its a exe file (mypicture.jpg.exe) or if you visit some web pages something nasty got embedded in the page coding.

A lot of people are unware that simply being on the Internet poses a risk. How great that risk depends. If you've got broadband, as long as your computer is on, you're on the Internet regardless if you're surfing the web or not. Remember what the Internet is, just the mother of all computer networks. When you're connected, your PC is part of that network and every computer all up and down the Internet is capable of talking to any other computer on the network... even yours. All that's needed is what makes your computer uniquie, its IP address, which is just like a phone number.

Again, what a lot of people may not know is your computer as-is is a blabber mouth. It will constantly broadcast the equilvant of 'here I am', lets talk. It does that by responding to requests other computer send out. Rember those 65,000 plus ports? Each one is a doorway into your computer. A hacker will "sniff" a range of IP addresses. Similar to you using a phone book, only they are arranged in such a way a hacker with just minimal experience can "find" some ISP, then see what range of IP addresses it has, then one by one see which customer is currently connected. That's called port sniffing.

Of course there is software that will scan a whole range of IP address and try to "get in" selected ports. Rarely trying all 65,000 at each IP adress, that would take too long. Just focusing on maybe 50 or so of the most popular and commonly used ports. If your computer responds to a request, then the hacker knows he's got a "live one" and next he's likely to try to gain access to YOUR computer, if it reponded, hey I'm here, which it will if you don't have a firewall. A good firewall will just pretend its not there. In other words it won't refuse the connection, that's a dead give away the hacker found you and there are ways around that. Rather by not responding at all. The hacker will quickly get bored and figure you're not online right now and move to the next target.

This forum really isn't the place to get too deep into the topic so we won't go too far. The sad fact is there are a good number of people out there commonly called "hackers" that get their kicks from spreading a virus around which is easy enough to do since there are web sites that have a whole laundy list of to pick from. Boredom creeps in and soon these types try to improve on the virus they downloaded and make it "better" meaning more malicious.

Not surprising there are many Usenet newsgroups where hackers hang out and learn from each other. One such group is alt.hackers.malicious. The news server I use has almost 60,000 newsgroups and only ONE with malicious in its name. The one I mentioned. They are a nasty if not demented group, yet some of them are pretty clever. If you visit the above group I STRONGLY suggest to simply lurk and don't mess with them.

A "game" such characters frequently engage in is to attempt to break into each other's computer. That long ago got extendted into breaking into other people's computers. First they thought it was funny to try to break into some corporate main frame. Now the game is to go after Joe Average.

How? By exploiting the vulnerabilities in Windows. The most common means is by trying to plant a Trojan by coming in a backdoor, an open port. There are roughly 65,000 ports to pick from.

Now to answer your question. A firewire will first attempt to prevent any incoming Trojan or virus. That has been fairly successful. However nothing is perfect. So either by you the user doing something dumb, or just being a hapless victim you can still get infected. Even if you are, unless the virus has some payload that does X, Y, Z to your system, no real harm is done.

With a Trojan its different. As the name suggests a Trojan may sit there waiting. Before it can do anything malicious it most likely needs to phone home. If it can't, its just like you getting a busy signal on the phone. It may keep trying and trying, but it can be blocked by the firewall. Which is why the latest thrend now is to try to defeat the firewall by the Trojan pretending to be another application, one you trust to access the Internet, like maybe a FTP client, or a browser, or Windows Update.

So, just maybe some hacker did find you. Maybe. Just to be safe, you may want to do the dreaded reinstall of Windows. but don't panic. What I would do first is watch for any suspecious activity, like unaccounted for uploads.