Re: OT-ish: Virus or not?

---

• From: "Roger Hamlett" <rogerspamignored@xxxxxxxxxxxxxxxxxxx>
• Date: Tue, 05 Jul 2005 08:58:05 GMT

---

"Paul Burke" <paul@xxxxxxxxxx> wrote in message
news:3iut18FnhfanU1@xxxxxxxxxxxxxxxxx
> Yesterday, testing a new Ethernet based thingy, having problems. Thought
> the firewall might be involved, disabled it. Forgot, logged onto www.
> Pzzzang, all sorts of popups, logged off fast. Restarted firewall, got
> alert 'netlib.exe trying to access the web'.
>
> Searched for netlib.exe, the virus folks say it's a component of a
> virus. Ran virus check with latest updates, no virus found. Ran spybot
> with latest updates, no problems.
Key thing here, is that you have to run the virus checker 'clean'. You
need to be booting a seperate check disk, and using this, rather than the
OS. Unfortunately many worms, 'mark themselves' as friendly to the virus
checker on the machine (basically add themselves to the list of files
excluded).

> So is this a virus or not? I don't know if it was there before, I don't
> look at what's running except when one of my own programs has crashed.
> Can't get rid of netlib.exe, access denied.
>
> The virus description says it installs a number of other files- I can't
> see these (I always display hidden files).
>
> Any experiences/ advice much appreciated.
>
> Paul Burke
Spybot is good, but you should try another package like AdAware as well.
You should be able to rename netlib.exe, and this may get rid of this
after a reboot, but many of the packages are smart enough to restore their
own files on reboot.
There are a couple of packages that will allow you to remove a file
automaticaly during the boot process before the OS has fully launched, and
these may get rid of the main body of the infection.

Best Wishes



.

---

• References:
  • OT-ish: Virus or not?
    • From: Paul Burke

• Prev by Date: PROBLEM! misc.business.product-dev.. Extending floating point precision
• Next by Date: Re: Just for Genome?
• Previous by thread: Re: OT-ish: Virus or not?
• Next by thread: Re: OT-ish: Virus or not?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: virus wont leave even after formating? ... > Norton 03 as a boot disk to see if it could get rid of it, ... the virus might be on your network. ... clean install and installed a firewall. ... (alt.computer.security) Re: Identity P/W and Security question ... If all you use the permanent connection for is surfing, ... A firewall that just blocks all incoming connections ... and a virus scanner to take care of the mail worms is all they've ever ... >> around the net surfing news sites or whatever it does the job. ... (alt.computer.security) Re: VIRUS FILE IN TEMP FOLDER ... Virus file found in temp file wrote: ... Windows Update ... You should at least turn on the built in firewall. ... I see that AntiVirus software is an absolute necessity given ... (microsoft.public.windowsxp.help_and_support) Re: spyware is ruining my computer ... > I seemed to have picked up a trojan virus. ... > I always refused to download that thing. ... disable your Windows Messenger service. ... by the normal home user and in cooperation with a good firewall, ... (microsoft.public.security) Re: help again !!! ... Were the virus definitions up-to-date? ... If Windows XP, was internal firewall enabled? ... Third party firewall (like Zone Alarm or Norton Personal Firewall) present? ... (microsoft.public.security.virus)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

sci.tech-archive.net  > Archive  > sci.electronics.design  > 2005-07