Norton AntiVirus Version Number Deception?

[DJ]

Hello,

I use Windows 2000, and I have/had? a virus/worm problem.

My Norton disc says Norton AntiVirus 2003 on it. But, when I click
‘help' and look at "About Norton AntiVirus", it says Copyright 2002,
and on the next tab it says 9.05.15 (which is meaningless to me). The
reason I even looked under ‘help' was that I was trying to follow the
directions for "How to configure Norton AntiVirus to scan all files"
for 2003/2004/2005, and when I clicked ‘Options', I saw that I did not
have ‘Memory' under ‘What items to scan in addition to files". I have
only "Boot records" and "Master boot records", just like the 2002
version does.

Can someone explain this to me? Norton no longer supports these
versions, so I can't ask them.

If I can make sense of this, then I will have a question about the
virus/worm part.
Thank you.

 

[Steven L Umbach]

I would not worry about the copyright as they more than likely had to right
and copyright the program in late 2002. If the program does not have the
options you want then you will need to upgrade to a newer version of an
antivirus program. There are quality free programs available such as from
Grisoft that may do what you need. Norton should still be providing
definition updates for you if your subscription is current. I know they do
for me and I am using 2003 version that cane with SystemWorks Pro. It is not
unusual for a anti virus program to not find a virus and often a second
opinion is needed. Trend Micro has a great free stand alone tool called
Sysclean that finds and removes a LOT of common malwares. You don't have to
install it. Just download it and the matching pattern file to a common
folder to run from. If you are unfortunate enough to have a root kit
compromise, more than likely your antivirus program will not detect it. ---
Steve

http://free.grisoft.com/freeweb.php/doc/2/ --- fee from AVG.
http://www.trendmicro.com/download/dcs.asp --- Sysclean
http://www.trendmicro.com/download/pattern.asp -- pattern file in .zip
http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml --
SysInternals new Rootkit Revealer.

 

[Dori]

Hi Steve,
Thanks for your explanations and suggestions.

I had cleaned part of the problem with Panda (suggested by Kim Komando
- did I say I'm a novice?) before I first posted. However, when I go
to Processes in the Taskmanager, I still have a couple of things that I
believe are viruses/worms there (mspmspsv.exe and vsmon.exe).

Also, when I tried to run Sysclean, I got:


2005-03-17, 19:09:48, An error occurred while scanning file
"C:\WINNT\system32\config\software.LOG": Access is denied.
2005-03-17, 19:09:48, An error occurred while scanning file
"C:\WINNT\system32\config\default.LOG": Access is denied.
2005-03-17, 19:09:48, An error occurred while scanning file
"C:\WINNT\system32\config\SECURITY": Access is denied.
2005-03-17, 19:09:48, An error occurred while scanning file
"C:\WINNT\system32\config\SECURITY.LOG": Access is denied.
2005-03-17, 19:09:48, An error occurred while scanning file
"C:\WINNT\system32\config\SYSTEM.ALT": Access is denied.
2005-03-17, 19:09:48, An error occurred while scanning file
"C:\WINNT\system32\config\SAM": Access is denied.
2005-03-17, 19:09:48, An error occurred while scanning file
"C:\WINNT\system32\config\SAM.LOG": Access is denied.
2005-03-17, 19:09:48, An error occurred while scanning file
"C:\WINNT\system32\config\SYSTEM": Access is denied.
2005-03-17, 19:09:48, An error occurred while scanning file
"C:\WINNT\system32\config\SOFTWARE": Access is denied.
2005-03-17, 19:09:48, An error occurred while scanning file
"C:\WINNT\system32\config\DEFAULT": Access is denied.
2005-03-17, 19:11:42, An error occurred while scanning file
"C:\WINNT\Temp\ZLT0599b.TMP": Access is denied.
2005-03-17, 19:13:47, An error occurred while scanning file
"C:\Documents and Settings\DJ\NTUSER.DAT": Access is denied.
2005-03-17, 19:13:47, An error occurred while scanning file
"C:\Documents and Settings\DJ\ntuser.dat.LOG": Access is denied.
2005-03-17, 19:23:32, An error occurred while scanning file
"C:\Documents and Settings\DJ\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-03-17, 19:23:32, An error occurred while scanning file
"C:\Documents and Settings\DJ\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-03-17, 19:29:24, Running scanner "C:\Documents and
Settings\DJ\Desktop\Sysclean Folder\VSCANTM.BIN"...
2005-03-17, 19:58:56, Files Detected:

After the above, Sysclean was able to check everything else, and found
no viruses.

The log below came, I think, from Panda. They disinfected everything,
except the Operating system. BTW, the 'sysinternals' you
recommended seems to be for NT and up. Wouldn't that mean that I
can't use it on 2000?

Thank you in advance for any suggestions you can offer.
Dori


Incident Status Location





Virus:W32/Gaobot.DRC.worm No disinfected Operating
system



Virus:W32/Gaobot.DRC.worm Disinfected
C:\WINNT\system32\payload.dat



Virus:W32/Gaobot.DRC.worm Disinfected
C:\WINNT\system32\dIIhost.exe



Virus:W32/Gaobot.DRC.worm Disinfected
C:\Documents and Settings\DJ\payload.dat

 

[Steven L Umbach]

I did a Google search and vsmon.exe is normally associated with Zone Alarm
and mspmspsv.exe with Media Player. If they were infected files masquerading
as legitimate files usually the antivirus programs would detect that. Panda
did remove some worms and Sysclean reports nothing found though Sysclean is
great it is not as comprehensive as a full fledged antivirus program. The
"access denied" is normal to see with Sysclean and does not indicate an
infection. The important thing to consider with any antivirus program is
that you use the latest definitions downloaded from the vendors website and
you regular antivirus program must also scan all your emails as that is the
number one source of malware infections. The program from SysInternals will
work on Windows 2000 but it may be difficult for a novice to interpret the
results. In addition to an antivirus program you should also periodically
run a program that checks for and removes parasites such as
spyware/adware/hijacks that can slow down your computer's performance.
AdAware SE is free for personal use and works well. --- Steve

http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
--- AdAware SE
http://www.liutilities.com/products/wintaskspro/processlibrary/vsmon/
http://www.liutilities.com/products/wintaskspro/processlibrary/mspmspsv/
http://www.microsoft.com/athome/security/protect/default.mspx --- Microsoft
Protect My PC tips.

 

[Dori]

Wow, thank you so much.
I've downloaded Adaware. I have Spybot, but it seems there have been no
updates forever. I don't know if that's normal. I think it doesn't hurt
to have 2. Someone also suggested I switch to Mozilla, so I've done
that. I'm going to read everything on the other sites too.
Do you think AVG is as good as Norton?
I feel very relieved.
Dori

 

[Steven L Umbach]

From what I could find out Spybot's last update was 03/03/2005 and can be
uploaded at the site below. As for spyware/adware/hijack problems it
certainly does not hurt to try more than one as often one will catch
something that the other will not. Microsoft also has an AntiSpyware program
that is available no charge that is in beta testing right now but many users
have reported favorable results. Many are using Mozilla but just beware that
it is not without faults either and needs to be checked for security
updates. I have not tried AVG myself but many users have had great results
with it and you can not beat the price for such a quality product. ---
Steve

http://www.safer-networking.org/en/download/index.html -- Spybot update
http://www.microsoft.com/athome/security/spyware/software/default.mspx ---
Microsoft AntSpyware
http://www.mozilla.org/projects/security/known-vulnerabilities.html --
known security vulnerabilities in Mozilla.

 

[Dori]

Hi Steve,
I finally got spybot updated. Then I tried to download a Windows
update and it wouldn't download. "No Updates Were Installed The
following items failed to install. To try installing them again, click
Review and install updates, and then click Install Now again. Security
Update for Microsoft Data Access Components (KB832483)" I get that
message everytime I try to download it. Any ideas?

I'm not sure what to do with the foxfire info, but I found a tutorial
there, so I'll read that.

Thank you,
Dori