Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.
Why do you think you have a virus?
Why don't you upgrade to the latest 2008 version?
My daughter went on a "Big Brother" Spoiler website and Norton detected a threat called downloader.
I haven't had a chance to upgrade to 2008 yet, but plan to soon. Are you able to help me with my question?
Thank you.
This could be one - or both - of two causes:
01. There is a problem with Norton Running in Safe Mode; the Threat is most-likely not letting you Run a Scan in Safe Mode.
a) Have you had this problem before of Running N.I.S. 2005 in Safe Mode or is this the first time you have had this problem in Safe Mode? If this is the first time this has happened, I would suggest using the Norton Removal Tool; you get to re-install your Norton Product after re-starting your computer after using the N.R.T.. Type in "Norton Removal Tool" in the Search Box, which is located at the top-right-hand-side of this Web page.
02. You have an Internet Threat which N.I.S. 2005 cannot Remove which N.I.S. 2008 should be able to Remove, which is most-likely the cause.
With regard to Detecting this Threat: Did Norton Remove this Threat? What is the exact Name of this Threat? I would also type this in the Search Box to get the Removal Tool, e.g. "Trojan.Downloader Romoval Tool".
I would highly recommend that you Upgrade to the Latest N.I.S. when your Subscription Finishes; why are you still using N.I.S. 2005?
Hi VeryBusyMom,
Good on you for monitoring your daughter's internet activities.
Please, please follow the excellent suggestions already put forward - and let us know how you go.
You did not mention the browser that you were using - some have much better ways to protect you than others.
For example, I use FF 3 (firefox version 3). Others might use IE & (internet explorer version 7). Each have inbuilt antiphishing protection. NIS2008 is supposed to have inbuilt antiphishing protection however,I'm not sure about howeffective it is based on this result ...
Please BE CAREFUL IF YOU GO TO THIS SITE. IT IS REPORTED TO BE A MAL-WARE SITE:
www.bb9spoilers.com (changed to www.www.www)
As far as I'm aware, FF 3 uses google as the default antiphishing filter service (whatever). I'm guessing it picked this up because I can't see any mention of a warning via NIS2008.
Tech support guys ... would you please take a look at this? Either NIS2008 antiphishing is broken (says it's on as you can see in the image) or ....??? Dunno.
Anyway, if you have kids you really need to be a couple of steps ahead (yeah - right :)
Let me know if you would like some info on trying to lock your kids outta the internet cookie jar. It's possible ... takes work. BTW - NIS2008 has a parental control add-on that may be of interest to you too.
So - yes, it's quite possible that you picked something up during browsing. Good call - and excellent monitoring. Please let us know if you need any additional assistance. However, DON"T FORGET TO UPGRADE :)
Thanks for all of your input......I'm not a real expert on internet security, so all of your help is much appreciated. If I'm understanding you all correctly, it's probably best if I upgrade to NIS 2008, correct? Once I upgrade, should NAV detect the Trojan Horse? BTW, I'm currently using IE 7.
Floating Red......I believe the name of the threat was "Downloader". A Red box popped up from Norton alerting me to this threat. I'm not sure if it's still in the system.......when I ran a full system scan, nothing was detected.
Also, how damaging is this dowloader Trojan Horse and other Trojan Horse viruses? Could they potentially destroy your entire system?
Thanks!
Norton AntiVirus 2008 will be much more powerful than N.I.S., AV 2005, so yes, Upgrading to the Newest Version when your Subscription Expires is strongly advised; however, see this Post if you wish to Upgrade now:
http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=2267
Downloader is a Trojan Horse which Downloads other Threats on to your computer. This means that the Downloader Trojan Horse is Very Low Risk; what the Downloader Trojan Horse Downloads, e.g. Trojan.Deleall, and Runs on your computer will harm your system.
[edit: formatting was changed to frame post correctly]
Message Edited by Floating_Red on 07-13-2008 03:33 AM
VeryBusyMom wrote:
Also, how damaging is this dowloader Trojan Horse and other Trojan Horse viruses? Could they potentially destroy your entire system?
Hi VBM (VeryBusyMom),
Thanks for filling in the missing lines. If you are not connected to the internet then you are relatively safe. I'll explain the minor qualification later and it's only here for completeness.
There are vast numbers of downloaders and like all viruses (virii) and trojans etc, they evolve over time. Picture losers who get off by tweaking virus code just enough to cause worldwide problems ... such is life. It's possible that your non-current AV identified it correctly - and possible that it picked up a pattern (family) but does not have current info to zero in on the precise nasty.
Downloaders do as they sound - they download "stuff" onto your system. So there are two stings in the tail of these beasties: the first is an open door to your PC and the second is whatever the downloader puts onto your system. It takes little imagination to see that your questions is sorta like "how long is a piece of string".
Prepare for the worst and be delighted when it doesn't happen :) Crooks are after different things - your identities, kid details (paedophile rings - BB has a high youth audience), bank details etc. Some are more sophistocated - they can turn off your security systems entirely and use your PC as a porn server or email spamming server. Sorry ... not nice. It's life.
Most of the time we think in terms of deleted files or damaged registries (to those who know what a registry is :) or embarrassment caused by having all of the contacts on your email list (Outlook / Outlook Express) sent a porno infected message couresty of your email address and PC. We need to stretch our imaginations if we are to be well prepared. Yes, it's embarrassing and annoying to have files deleted / renamed. But it does not generally get the crook money. They might empty your accounts while you sleep ... slowly over months so as not to get noticed. They might 'rent' out your PC as a porn server or email spammer.
There are many ways to get infected. The most obvious ways involve free downloads (pirate movies, songs, software and porn). Some will try to infect you duing an IM chat .... it's why kids need to be so very alert.
Now all you need do is arrive on a webpage (see the malware site above) and you get left a little surprise. I've linked the following terms to wikipedia - the info is more than adequate for your needs. Phishing, pharming, page hijacking are relatively well known while DNS cache poisoning, mutual authenticationand others cause major grief but are less well known. Recently a major design flaw was discovered in the backbone of the internet (hopefully resolved) and we will always be at least one step behind criminals.
While it is insane to surf without taking precautions, you can go overboard: think of this as risk management coupled with sensible human behaviours (good internet habits). No security will help if your kids give out your creidt card details to a stranger online. But you can make it less easy by getting a hardware firewall / router that lets you filter out keywords / phrases plus all the nice good things that mid range ones do now.
I'm surprised at how often people leave the firewall / router admin account and password on the factory default. Change these immediately and never use names / birthdays / pets. Mix case and numbers and punctuation for passwords.
Turn off remote assistance in XP. Make certain all user accounts are password protected (not the same passwords) and have one single admininstration account which is used to install programs / modify sytem settings. Leave all other accounts as basic users to limit the damage.
I sit behind a hardware firewall, use a reasonably good AV (antivirus) program and software firewall (NIS2008). Sometimes it can be a pain (occasional impact on internet speed or system performance) but I really don't pay much attention to all this unless I need too. As for your kids, no software / hardware can replace sound education on good internet practices. Never give out personal info to anyone online. Who really know who people are on the internet? Internet scamming is serious multi-million dollar crime - people are killed.
Hope this little primer helps ... I've only touched the issues but hope I did it well enough to help you decide to upgrade your security.
When you upgrade, you can get the antispam / parent control add-on pack. It's worth the effort.
Cheers.
There are a few things that N.I.S. 2005 will not Protect you against:
01. Fake Web Sites (Phishing Protection).
02. Keylogging Activity, e.g. can record your Username and Password as you enter them in to a Web Site (Crimeware Protection).
For further information regarding Viruses, Trojans, e.t.c., Click on the Norton Heading and then Click on the Viruses & Risks Sub-Heading.
Wow! Thank you so much for all of the info. I'm always telling my girls to be very careful which websites they visit. I almost always know which sites they visit. They also know not to give out any personal info. My older daughter does IM, but I need to approve her "friends" first, and she can only IM those friends. I'll need to go over all of this info with them, so they know how serious a virus can be.
I appreciate everyone's time in responding to my situation here. I will definitely upgrade my anti-virus. I also got a new adaware software. It detected a "downloader" bug in my registry keys. I'm not sure if this will permanently wipe out the bug, but hopefully so.
Thanks again, everyone!
Remember you should only use one Security Software Product at a time as there could be clashes so, when you do Upgarde to N.I.S. 2008, or the Latest N.I.S., I would un-install that Adware Software before installing N.I.S. 2008/the Latest Version of N.I.S..
The problem here seems to be that N.I.S. 2005 cannot Remove that Downloader because it [N.I.S. 2005] is not advanced enough; N.I.S. 2008 should have been able to Remove it, I am very sure.
Upgrade as soon as possible!
gang, just a little more insight on this one. when you consider older security products (at least those from us), there are often many, many changes that have taken place "under the hood" that you'll never be able to really see but nonetheless are essential for protecting you against the latest threats. a great example of this is the antirootkit engine we added a couple years back. it was a lot of work for us and very effective, but not very visble inside the product.
if you're using a product that's a few years old, it's a good time to think about grabbing the latest version of the product which has more up-to-date protection technologies. while we provide every new protection engine/feature as far back in product versions as we can, there's some new engines and capabilities which just can't be supported by the old products due to a variety issues, such as technical architecture changes across versions.
btw, if you're dealing with a suspected infection, pls follow the steps posted here.
--dave
Hi Dave,
Excellent points.
Program features have changed dramatically and so too have the way programs are designed, written, debugged and maintained.
I bet most readers intepretted the last sentence purely in terms of security solutions developed by Symantec and others.
IT advances apply to those who write "good code" and those who write "bad programs". Welcome to electronic warfare stage 1.
You are perfectly correct - old AV (security) programs won't cut it. But the problem you identified goes further. Unwary users may be lulled into a false sense of security and engage in high risk behaviour that they would not otherwise do if they had no security (protection) at all. Nothing makes you feel all safe and secure as the little AV protection icon in the taskbar <g>
Anti Bot is being promoted as a separate security solution. With respect, it seems to be a risky strategy to carve this off as a separate product rather than incorporate it into NIS. Perhaps it might generate added revenue (maybe) but only if enough consumers understand the nature of the threat it is designed to address - big leap of faith here.
More likely, it will give the completely wrong impression that IT security can be purchased like health insurance: "No, I won't need to worry about ovarian cancer because I'm a guy." Fragmenting solutions like this risks creating a sense of false security. We end up with infected (affected) users who are unaware of their true compromised state... yet feel all warm and safe because they have NIS (insert other solution).
Worse case: lots of Symantec customers might get 'infected' thinking they were safe and then blame Symantec. On this forum it is not uncommon for users (with little or no IT skill) to blame Symantec for apparent product failure. This strategy may harm the company and confuse the market.
There is a new batch of products getting ready for release - 2009. Every company in the market will try to make their products stand out among the crowd. Some will stand out for all the worst reasons. IMHO - it makes good commercial (and practical) sense to incorporate AntiBot into the next iteration of NIS ... after all, the product is called Norton Internet Security as opposed to Norton Incomplete Security.
I respect the hard work that Symantec folk put into bringing products to market. My comments are not criticisms but concerns.
Just a thought ...
hello again mike, you make some good points. one of the reasons antibot was a separate product is that it uses a broad set of heuristics/behavior-blocking that result in higher false positive rates. across a small customer base of tech savvy people or when you're dealing with an active infection, this is fine. nonetheless, when you take the same approach across millions of customers, it may cause real problems.
i don't want to give away too much of 2009 yet, but suffice to say we will be adding the antibot features that are ready for more general release to NAV and NIS customers.
--dave
Just one quick question.......I am going to download the latest version of NIS 2008. Will the download uninstall my my 2005 version, or do I need to uninstall it first before downloading?
Thanks!
VeryBusyMom wrote:Just one quick question.......I am going to download the latest version of NIS 2008. Will the download uninstall my my 2005 version, or do I need to uninstall it first before downloading?
Thanks!
Jumping in -- the download itself will not uninstall the earlier version but the act of installing will.
However I personally recommend and do when getting an application by download from the internet always use the SAVE option rather than the RUN and I note carefully where it downloads to. Often the default is the desktop for convenience of finding it later (but yuo haven't seen my desktop on the computer or outside it <g>) so I have a folder named Internet Downloads and Windows usually defaults to that once you use it (VISTA has its own called Downloads I think but I still make mine).
That way I know where to look, I can right mouse click on it and get Norton to check it for security and by clicking on the Last Modified Date column I can arrange them in Date order, last at the top and find the most recent.
It's worth doing this so that if you have to reinstall you have the file on your hard disk.
FWIW
It is fine to just Run the Installer for the Latest Version if you have an Older Version of a Norton Product. If you want, you can Run the Norton Removal Tool first and then Install your Latest-Version Product; just type "Norton Removal Tool" in to the Search Box at the top-right-hand-corner of this Web Page and Select the "Download and Run the Norton Removal Tool".
Floating_Red wrote:It is fine to just Run the Installer for the Latest Version if you have an Older Version of a Norton Product. If you want, you can Run the Norton Removal Tool first and then Install your Latest-Version Product; just type "Norton Removal Tool" in to the Search Box at the top-right-hand-corner of this Web Page and Select the "Download and Run the Norton Removal Tool".
Message Edited by Floating_Red on 07-14-2008 06:09 PM
This is highly recommended by the way.
You can find it here.
davecole wrote:
i don't want to give away too much of 2009 yet, but suffice to say we will be adding the antibot features that are ready for more general release to NAV and NIS customers.
--dave
Hi Dave,
Thanks for this - very interesting. I can see where you're pointing ... concept testing while balancing on a tightrope over a sea of molten lava. No pressure.
Out of pure curiosity ... has Symantec noticed any reduction in product support costs because of the forum? This forum has an excellent user support base. It's difficult to tell if anything we (forum users) do helps or hinders ... too close to the ground.
I've seen a number of commercial product forums and this one (Symantec's) is streets ahead of others in terms of activity, quality of assistance and speed of problem resolution. The operation and 'culture' of the forum really is a credit to you guys (symantec staffers). Great work...
______________________
If the development door has not totally shut on 2009, there are a few things I'd dearly like to see.
ZAPRO (Zonealarm) produced quite good firewall products initially. That has changed for the worse. I really liked having easy control over the firewall. Others thought differently - any pop up was a bother. I know NIS has quite fine firewall control ... however, it is not exactly easy to use.
I'd like to be advised that "program X is attempting to access the internet - destination IP xxx.xxx.xxx.xxx". It would be handy to be asked if I want to allow it and better if I could do an on the fly whois search of the IP. (Incomming triggers? Not really an issue unless we are talking port probes.)
This ability helped me pick up malware early. Not all nasties trigger NIS. Perhaps they are better defined as nuisances. They don't fit into a malware category per se yet chew up resources for no useful purpose (eg logitech program updaters) and often cause code conflict with legitimate products (eg creative labs drivers and 'phone home' modules).
I'd really like to have an RSS news panel on the main program. This way users could elect to see relevant Symantec news / alerts / warnings ... and with a little creative thinking, Symantec could gather real time polling info ... powerful for all parties. The recent mis-step with the update from 15.0 to 15.5 would have been totally avoided ... "news flash: click here to get this big update because ..."
Thinking laterally, why not have push promotions via the panel's RSS feed? Symantec is in business to make money - perfectly legitimate. The main website is very good ... but you have to make the effort to go there to see any promotions. Many users either auto-update or buy off the shelf (no thought required). Push promotion is an application of the law of large numbers to an established client base - nearly zero costs to operate.
It would be nice to have a bug report button that produced a standardised system report as well as the user's feedback. I suspect FF 3 (and / or various add-ons) is responsible for a lot of problems being attributed to NIS ... a bug report button could enable data collation (for statistical analysis etc) which, in turn, could give Symantec a good idea about client systems in real time (snapshot) and over time (trend / hypothesis testing and other useful analytical operations). A minor adjustment ... link the button to the forum perhaps?
Sigh ... yes, yes I am so looking forward to the next version.
Whoops ... gotta wipe the drool away. <g>
(Hey I do have a life ... :)
Stu wrote:
This is highly recommended by the way.
You can find it here.
If you mean that use of the Norton Removal Tool is highly recommended I don't believe that is the case by Norton Staff -- I've seen many posts that the NRT is intended for use if normal removal -- Uninstall in the Norton menu or Remove Programs in Windows -- fails.
The big danger is that people will start it without realizing that it removes all Norton programs you may have installed -- not just the one you want to get rid of.