OT: ? backdoor.win32.bifrose.d and Grokster

[RJK]

Hello all, ...opinions please.

I recently succumbed and removed everything "Norton Internet Security" from
my PC a while a week or so ago, and installed "free" Zonealarm firewall and
AVG ant-virus ...and kept up some of my other internet security "layers".
Hosts file, Adaware and Spybot sweeps to mention just a couple.
This morning my intuition told me that this was simply not adequate, the
thought "you only get what you pay for," kept niggling away at me !!

So I dumped (uninstalled) Zonealarm and AVG and installed eTrust's EZarmour
internet security suite, (30 day free trial), and it's anti-spyware module
immediately found "backdoor.win32.bifrose.d" and grokster !!!!
...I wonder how long they've been in my PC since I dumped Norton ????

I now do not think very much of AVG, it seems completely inadequate to me !
....and before someone pipes up and says that AVG is an anti-virus program
and attempts to excuse it for not detecting "backdoor.win32.bifrose.d," and
whilst appreciating there is a "Fuzzy" crossover area between computer
viruses and spyware, it would have been reassuring if AVG had detected
"backdoor.win32.bifrose.d," but it didn't !!!!!!!! ...AVG in my view seems
completely inept !

regards, Richard

 

[PA Bear]

That's a fairly broad swipe at AVG, Richard. (I am not defending it though
it's a pretty good *free* AV app for most.) There are plenty of Trojans,
worms, viruses, Trojanware and hijackware which only /some/ AV and
anti-malware apps can identify; fewer still will be able to remove them.
It's just the way it is, now and most likely in the foreseeable future.

What's truly surprising is that NAV *didn't* find it (assuming it was
present when you had NIS installed).
http://www.sarc.com/avcenter/venc/data/backdoor.bifrose.html

 

[Guest]

I have had the same experience but in reverse of what you did. In fact the
last time I had etrust and it being completely updated I installed AVG and it
detected viruses that etrust did not.
Go figure.
I really like etrust's AV program. But last time I needed to upgrade it. It
caused alot of freezing of the system. I know it was the AV program because
an uninstall of it and the freezing would go away. CA would not help me. I
figured the newest AV program from etrust is designed more for XP then 98SE.
You can always check out the effectivness of any AV program by doing an
on-line virus scan.
I am using AVG for the only reason that CA. and their etrust program did
not work well with my 98SE system.
I am happy you got rid of Norton. You will be glad you did.
And on the same note don't try McAfee.

 

[PCR]

That's an ugly one, looks like! Glad to say I have no "system.exe" in here, nor any of those Registry values! But McAfee never said the thing ever attempted to get in. So, who knows whether it would? But I pass the Eicar tests!

http://www.eicar.org/anti_virus_test_file.htm


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
| That's a fairly broad swipe at AVG, Richard. (I am not defending it though
| it's a pretty good *free* AV app for most.) There are plenty of Trojans,
| worms, viruses, Trojanware and hijackware which only /some/ AV and
| anti-malware apps can identify; fewer still will be able to remove them.
| It's just the way it is, now and most likely in the foreseeable future.
|
| What's truly surprising is that NAV *didn't* find it (assuming it was
| present when you had NIS installed).
| http://www.sarc.com/avcenter/venc/data/backdoor.bifrose.html
| --
| ~Robear Dyer (PA Bear)
| MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org
|
| RJK wrote:
| > Hello all, ...opinions please.
| >
| > I recently succumbed and removed everything "Norton Internet Security"
| > from my PC a while a week or so ago, and installed "free" Zonealarm
| > firewall and AVG ant-virus ...and kept up some of my other internet
| > security "layers". Hosts file, Adaware and Spybot sweeps to mention just
| > a couple. This morning my intuition told me that this was simply not
| > adequate, the
| > thought "you only get what you pay for," kept niggling away at me !!
| >
| > So I dumped (uninstalled) Zonealarm and AVG and installed eTrust's
| > EZarmour internet security suite, (30 day free trial), and it's
| > anti-spyware module immediately found "backdoor.win32.bifrose.d" and
| > grokster !!!! ..I wonder how long they've been in my PC since I dumped
| > Norton ????
| > I now do not think very much of AVG, it seems completely inadequate to me
| > ! ...and before someone pipes up and says that AVG is an anti-virus
| > program and attempts to excuse it for not detecting
| > "backdoor.win32.bifrose.d," and whilst appreciating there is a "Fuzzy"
| > crossover area between computer viruses and spyware, it would have been
| > reassuring if AVG had detected "backdoor.win32.bifrose.d," but it didn't
| > !!!!!!!! ...AVG in my view seems completely inept !
| >
| > regards, Richard
|

 

[RJK]

I've just had a more careful look at it, and it appears that
"backdoor.win32.bifrose.d" / "grokster" were not active in my machine but,
were lurking in *.zip files !

regards, Richard

 

[AlmostBob]

avg by default doesnt scan inside archives until you open the archive, but
does as soon as you open extract,. a perfectly reasonable idea since an
archive file is inert until opened. a self extracting archive is executable
and does get scanned.

to enable archive scanning
open avg control center
shell extension
settings
checkbox [] scan inside archives
OK

read the install instructions, only one text screen, and include this item


--
-
Adaware http://www.lavasoft.de
spybot http://security.kolla.de
AVG free antivirus http://www.grisoft.com
Etrust/Vet/CA.online Antivirus scan
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Panda online AntiVirus scan http://www.activescan.com
Panda online AntiSpyware Scan
http://www.pandasoftware.com/virus_info/spyware/test/
Catalog of removal tools (1)
http://www.pandasoftware.com/download/utilities/
Catalog of removal tools (2)
http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?CID=40387
Trouble Shooting guide to Windows http://mvps.org/winhelp2002/
Blocking Unwanted Parasites with a Hosts file
http://mvps.org/winhelp2002/hosts.htm
links provided as a courtesy, read all instructions on the pages before
use
Grateful thanks to the authors/webmasters
_

 

[RJK]

Thanx AmostBob

I may give ZA firewall and AVG a/v a second chance soon. I'm sticking with
CA's eTrust internet security suite, with it's "bought in" ...or "out"
Zonealarm, a/v and anti-spyware module for the time being, and it's 30 day
free trial. If it performs I may buy it.
....I think it was CA's anti-spyware prog. that detected
"backdoor.win32.bifrose.d / grokster," ...can't remember now whether I'd
run a full hd sweep with the a/v prog. or not !
....the anti-spam module makes OE6 die when I click on a NG, can't find any
way of tweaking it, so that part can stay switched off.

regards, Richard

avg by default doesnt scan inside archives until you open the archive, but
does as soon as you open extract,. a perfectly reasonable idea since an
archive file is inert until opened. a self extracting archive is
executable
and does get scanned.

to enable archive scanning
open avg control center
shell extension
settings
checkbox [] scan inside archives
OK

read the install instructions, only one text screen, and include this item


--
-
Adaware http://www.lavasoft.de
spybot http://security.kolla.de
AVG free antivirus http://www.grisoft.com
Etrust/Vet/CA.online Antivirus scan
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Panda online AntiVirus scan http://www.activescan.com
Panda online AntiSpyware Scan
http://www.pandasoftware.com/virus_info/spyware/test/
Catalog of removal tools (1)
http://www.pandasoftware.com/download/utilities/
Catalog of removal tools (2)
http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?CID=40387
Trouble Shooting guide to Windows http://mvps.org/winhelp2002/
Blocking Unwanted Parasites with a Hosts file
http://mvps.org/winhelp2002/hosts.htm
links provided as a courtesy, read all instructions on the pages before
use
Grateful thanks to the authors/webmasters
_

I've just had a more careful look at it, and it appears that
"backdoor.win32.bifrose.d" / "grokster" were not active in my machine but,
were lurking in *.zip files !

regards, Richard