Vulnerability Found On Kaspersky Scan

[Sheryl]

I know people like to "clean" computers with AV software, but the best use of it IMO is to prevent infection (there are better methods for that of course). Once a computer has been compromised, a complete reinstall of the OS is the only way to be positive a rootkit or trojan is not still lurking around in there. In your case Sheryl, a reinstall of the Lenovo partition would be in order too.

Complete reinstall of OS done already, before getting these Kaspersky vulnerability warnings (which cannot be referring to programs such as Adobe etc as I have not yet reinstakked those).

Agree re need to reinstall Lenovo partition, just haven't found anyone capable fo doing it yet but have been given a lead which I will follow up.

A pity this happen ed just as I was leaving Phnom Penh because it is easy to find good computer folk there whereas they seem remarkably scarce here. (Of course it is also Virus central there, hence the initial dilemma!)

[Smile4u]

can you "copy and paste" all the vulnerabilities for us here, please

previous to the problem started, did you download or run any "registry cleaner" or similar programs?

Edited June 15, 2009 by Smile4u

[sniffdog]

Use Kaspersky for months (wished they won't ban those serial so fast ) and works good.

Is it that difficult that you have to call to Russia? I have lots of 'vulnerability' alerts (all of the Adobe stuff). Just click on the link to the virus page and follow the instructions. Mostly you can solve it by downloading a fixed version of the software in question.

and that was only like 10% into the scan .....

Edited June 16, 2009 by sniffdog

[Sheryl]

can you "copy and paste" all the vulnerabilities for us here, please

previous to the problem started, did you download or run any "registry cleaner" or similar programs?

1. Will do as soon as I get home and reinstall Kaspersky (temporarily movbed in with my niece in order to have computer access as the work I was doing before the crash -- and now have to completely redo -- is sue imminently)

2. No. Absolutley nothing had been installed other than the reinstallation of Windows XP, done after a "restore to factory settings" from the Lenovo Rescue menu.

[Gary A]

This below is from an anti-virus review blog. I too used to use Norton and eventually it got so bloated that I gave it up and tried the free AVG and Avast. I used Avast first and got infected. I changed to AVG and got infected AGAIN. I didn't try Avira because I had made up my mind that the free stuff wasn't any good. I now use Norton Internet Security and love it because I don't even know it's there. I'm not a techy and don't want to fiddle with or have to setup everything. It updates continuously without any messages. If you click on the icon, it tells you the last update which is always just minutes ago. One license is good for three computers.

From the blog:

Recently I have tried numerous Internet security suites, I found Kaspersky to be trigger happy and McAfee pointless, finding nothing. AVG has gone heavy and boggy whilst Trend Micro is as weak as ever. Avast left you feeling fragile and unprotected and Zonealarm’s Spam killer does not work on Vista. Avira’s suite had top class protection but the firewall was weak, same result with ESET‘s smart suite. Meanwhile, Norton in the past dragged your system to the depth’s of despair with sluggishness which was soul destroying for umpteen years. Norton have unleashed their 2009 versions with new promises, promises of a new animal. This “new animal” is top dog, it is neat and quick with stealth abilities; unnoticeable on your machine. Norton have cracked it, the perfect suite? Nearly. The Spam program is pointless but over all it is top notch. I am throwing my Avira Antivir premium away, my outpost firewall pro 2009 will be joining it in the bin. Hello a new dawn, the age of Norton has indeed arrived.

[Sheryl]

Norton was one of the programs which failed in my particular fiasco, although granted it was Norton Anti-virus and not Internet Security 2009. When I say "failed", it detected the viruses all right, but only after failing to detect them on the flash drive and thus leading me to use the flash, and then crashing the system in the cleaning process.

Between that and the horrfic waste of time and money I encountered a few months back in using their tech support service, I'm pretty soured on Norton. You may be rright that this new product is different but once bitten, twice shy.....

Update on my situation: When the computers crashed I used Wininternals to copy needed files onto flash drives. Of course, virsues went along with them. I had little hope for the files (all the word docs had been changed to extensions and all the Excel files were blank, 0 bytes). But I dropped them off at a computer shop at Porntip nonetheless. The guys I spoke to were (like everyone I spoke to at Porntip) beyond clueless but said their boss was "geng mak" and they'd give it to him. Went back there today and apprently a farang named Tony (Hi gthere Tony of you're reading this!) had been able to clean the viruses using Bit Defender and I don't know what else. I did not get to meet or speak with Tony myself, but the head of the shop said Tony said he had seen this type of infection once before and that the first time it took him 3 days to clean.

Anyhow, they insisted the flash drives were now OK. Looking at them, they still had all these exe files made out of what had been win docs but they also now had the doc files back, and seemingly functional. All Excel files are still 0 bytes, nothing but a title. I manually deleted all these exe files, copied the flash drives onto the shop's desktop and scanned again from there, then took them home. Scanned them again on my laptop with AVIRA and on my niece's laptop which has AVAST. Bteween them, these found a worm and a trojan that Tony's efforts had missed but nothing worse than that and the doc files really do look like they are back except, of course, for the one I was working on when all this happened, which has vanished. It might be in the AVG vault but I decided (wisely I think) not to even try to salavage it from there and rather to do the work over again. Have just finished doing so and saved it in multiple places, and am now about to try reinstalling 15 years worth of files from the f2 flash drives. Hold your breath....

[MJo]

Good to know you got some files back.

Not sure if it was mentioned earlier but where is this pornthip? I'm sure it's not only me who wants to write the number down for future use

[Crushdepth]

Try Avira. It's got an annoying daily popup, but it works really well. It even detected a mobile phone virus being broadcast over bluetooth by someone having lunch outside my office.

[Gary A]

My Norton quickly scans whatever drive I designate. Sometimes I get programs on flash drives from friends. With just a couple of clicks I scan them before I install them. If I installed them without scanning first, I don't know what would happen.

[Mobi]

Try Avira. It's got an annoying daily popup, but it works really well. It even detected a mobile phone virus being broadcast over bluetooth by someone having lunch outside my office.

Avira can run fully automatically, and you can set it to invisible. The only thing you have to do is kill the pop up screen that appears when daily updates have finished. Takes about 1 second - not a bad investment in time for something free. Besides you then know that the up dates have been done.

You get a little whistling sound every time it become aware of a virus on your machine, either while scanning, or when downloading.

Avira also tells you about viruses on any flash drives or software disc, as soon as you put them into your computer. And it tell you about viruses on anything you have downloaded - immediately.

Difficult to find fault with it.

They'll send me the check at the end of the month

[Sheryl]

Good to know you got some files back.

Not sure if it was mentioned earlier but where is this pornthip? I'm sure it's not only me who wants to write the number down for future use

Sorry, I meant Pantip Plaza!

Shop in question was on 5th floor

"General Computer and Entertainment", 604/3 Pantip Plaza. 02-255-6988

Manager speaks English but neither he nor the usual full time staff seem to know much, it is the fabled Tony who seems to have the skills. So if you are going to go there might be worth calling to see when Tony is expected.

[lor]

I used a few Free progs such as AVC etc but my daughter loves surfing and I always got infected with a virus or two, or three!

Now I use Kaspersky. Never been infected since.

Nuff Said.

Chris

[MJo]

Good to know you got some files back.

Not sure if it was mentioned earlier but where is this pornthip? I'm sure it's not only me who wants to write the number down for future use

Sorry, I meant Pantip Plaza!

Shop in question was on 5th floor

"General Computer and Entertainment", 604/3 Pantip Plaza. 02-255-6988

Manager speaks English but neither he nor the usual full time staff seem to know much, it is the fabled Tony who seems to have the skills. So if you are going to go there might be worth calling to see when Tony is expected.

Thanks, so far i'm ok (knocks the wood....) but will keep this in file for future use.

[Sheryl]

can you "copy and paste" all the vulnerabilities for us here, please

previous to the problem started, did you download or run any "registry cleaner" or similar programs?

It has taken quite a while and several trips into Bkk but both laptop and desktop are now up and running. Here is what I am getting from Kaspersky on my desk top:

Full Scan: completed 6/24/2009 4:24:06 AM (events: 11, objects: 100823, time: 00:51:07)

6/24/2009 3:32:59 AM Task started

6/24/2009 3:34:06 AM Detected: http://www.viruslist.com/sea/advisories/34572 c:\program files\microsoft office\office11\powerpnt.exe

6/24/2009 3:34:08 AM Detected: http://www.viruslist.com/sea/advisories/35364 c:\program files\microsoft office\office11\excel.exe

6/24/2009 3:34:14 AM Detected: http://www.viruslist.com/sea/advisories/35377 c:\program files\microsoft office\office11\winword.exe

6/24/2009 4:08:53 AM Detected: http://www.viruslist.com/sea/advisories/35377 c:\program files\microsoft office\office11\winword.exe

6/24/2009 4:17:46 AM Detected: http://www.viruslist.com/sea/advisories/23655 c:\WINDOWS\system32\msxml4.dll

6/24/2009 4:17:46 AM Detected: http://www.viruslist.com/sea/advisories/23655 c:\WINDOWS\system32\msxml6.dll

6/24/2009 4:20:33 AM Detected: http://www.viruslist.com/sea/advisories/34012 c:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx

6/24/2009 4:21:38 AM Detected: http://www.viruslist.com/sea/advisories/23655 c:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll

6/24/2009 4:21:38 AM Detected: http://www.viruslist.com/sea/advisories/23655 c:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\msxml4.dll

6/24/2009 4:24:07 AM Task completed

If you can interpret/tell me what I should do (if anything), I'll appreciate it. All of these vulnetrabilities are listed as either "highly dangerous" (the first one) or "very dangerous" (all the others). The website referenced is defunct.

Other than having nio idea what the report means, not having any trouble with Kaspersky on the desk top. I did have to abandon it on the lap top though as simply could not connect to the internet while it was installed, maybe because it is a Lenovo whioch uses special programs to configure internet connections. So on the laptop I have Avira.

Thanks!

[jackiechan]

The vulnerabilities that detected by Kaspersky is not a list of virus.

Vulnerability is a weakness in a program that can be exploited by people to harm/damage your computer.

To fix this, it is recommended that you install the latest version of the program that is listed in the detected list.

Once you have done that, launch a full scan again and the list will go shorter.

Only Kaspersky has this special feature to detect vulnerability? ? ?

From all the previous post look like other av can't scan vulnerability.

Edited August 24, 2009 by jackiechan

[lopburi3]

Also be aware that the 2009 version, if that is what you are still using, is two generations old. You can download and instaill the newest version and your present time will be credited to the new version. And the original 2010 had a security problem and has been replaced by version 9.0.0.463 so be sure to get that, or later, from Kaspersky website.

[PS3]

lopburi3: I tried update from 2009 to 2010 last week. Got directed to Kaspersky "pay by creditcard" site. I never use creditcard on net, not want take that risk.

Do you have a Link to a free upload?

My headache is next month my Kaspersky is up for renewal and I only see 2 options:

1: risk pay w credit card on net renewal Thb 590.

2: buy new version "2010" cash for Thb 800 in a shop.

[jackiechan]

lopburi3: I tried update from 2009 to 2010 last week. Got directed to Kaspersky "pay by creditcard" site. I never use creditcard on net, not want take that risk.

Do you have a Link to a free upload?

My headache is next month my Kaspersky is up for renewal and I only see 2 options:

1: risk pay w credit card on net renewal Thb 590.

2: buy new version "2010" cash for Thb 800 in a shop.

You can purchase at Kaspersky Southeast Asia eStore. antivirus365.net right..

[lopburi3]

If you only have one month remaining it may not be worthwhile - but the below is the update page. You can download the current version and it keeps your remaining time count.

http://www.kaspersky.com/productupdates

[gvallee2]

i just want to say something about norton.

My stepdad has had about 5 computers over the last year, after about 6months they screw up completely and you have to replace them. Everytime the source is norton.

even after uninstalling it, the computer is dead.. as if it ran 25 media transcoding softwares 24/7

[NUMBNUTTS]

Now that we have all stopped yelling, why dont we get down to the business of solving for X

I am not gonna read thru all this stuff, but will suggest a couple scenarios - all your drives are by now infected - too late to backup anything.

I would install a simple Linux O/S - try MM09 - it is quick and works very well, reboot into it, then remove all the offending files,

from wherever they are. Makes sure they dont hide in the trash.

Download the M$ version of Avast.

Then reboot and install Avast - it will install instantly and upon reboot will scan everything before anything M$ or GUI is loaded

Go to a bar for a couple shots - at least your machine is well protected.

I dont use M$ anything, but have used this method on many of my colleagues NB

They are now also Linux fans - use it whenever ya go out on the net.

Happy surfing!!

http://download.cnet.com/Avast-Home-Editio...&tag=button

http://linuxtracker.org/index.php?page=tor...a3a7d9b10608506

[PS3]

lopburi3; Thank you - always helpful.

Version 2010 downloaded and said "last update 09/07/2009" ..... but i know I update daily. Guess that is one of K. faults.

Did 3 different scan in Safe mode yesterday, no problems reported.

[welo]

Full Scan: completed 6/24/2009 4:24:06 AM (events: 11, objects: 100823, time: 00:51:07)

6/24/2009 3:32:59 AM Task started

6/24/2009 3:34:06 AM Detected: http://www.viruslist.com/sea/advisories/34572 c:\program files\microsoft office\office11\powerpnt.exe

If you can interpret/tell me what I should do (if anything), I'll appreciate it. All of these vulnetrabilities are listed as either "highly dangerous" (the first one) or "very dangerous" (all the others). The website referenced is defunct.

Other than having nio idea what the report means, not having any trouble with Kaspersky on the desk top. I did have to abandon it on the lap top though as simply could not connect to the internet while it was installed, maybe because it is a Lenovo whioch uses special programs to configure internet connections. So on the laptop I have Avira.

Hi Sheryl,

I am sorry I didn't see this thread when it was prevailing. I am a bit disappointed how some of the posters got caught up in argueing about the 'best' antivirus software and failed to actually support you with your problem. So maybe a bit late, but I hope some of my answers might help you to avoid problems in the future.

Kaspersky's Online Advisories

It took me only 5 minutes of guessing to fix the links to Kaspersky's advisories - obviously the structure of the website has changed since your version of the program was published. Lopburi3 actually gave the good advise to upgrade the program which would probably fix the links. Also jackiechan gave a good explanation about the nature of the warnings (which are actually warnings about outdated programs that contain vulnerabilities that might be used by viruses to attack your system).

The solution is to keep your software uptodate, this is espacially true for the Windows Update Service. I see too many computers in Thailand that have this feature disabled - the reason behind it is that enabling it 'brings troubles' since most Windows installations are 'unpaid'. Of course this is true since Microsoft has issued updates to the Windows Genuine Advantage (WGA) component in the past that made life more difficult for those, but this is no reason to expose your system to attacks due to outdated system components (especially since Microsoft will never be able to avoid Windows copies completely), and it does not happen on a monthly basis, maybe once every 2 years...

If you want to check the messages yourself, the advisories are now located under the following URL:

http://www.viruslist.com/en/advisories/XXXXXX

So the link http://www.viruslist.com/sea/advisories/34572 will translate to http://www.viruslist.com/en/advisories/34572.

Securing Your Thumb Drive

Another thing that nobody has mentioned is how to prevent infections via your thumb drive.

I recommend disabling the Autorun/Autoplay feature completely. This will prevent viruses infecting your system just by plugging in an infected thumb drive (or external harddisk or cd-rom). Just google for a tutorial (http://www.google.com/search?q=disable+autorun+thumb+drives).

To avoid infections of your thumb drive (or any other drive) you can create a read-only autorun.inf folder at the root of your drive and place an empty txt file in it. This will prevent viruses from creating an autorun.inf file on your drive, the file will make it harder for the virus to delete the foler. The virus will still infect your thumb drive with an infected .exe file (or whatsoever) but will not be able to automatically run this program as part of the autorun process.

There might still be viruses that can delete the folder during infection but so far it worked for me every time I had to bring my thumb drive to an internet cafe. At home my antivirus program would report the infected files upon listing the contents of the drive in explorer and I would delete them.

Of course this does not avoid viruses infecting or destroying existing files on your thumb drive, it just prevents the infection of your (or other) systems by means of autorun.

Google: http://www.google.com/search?q=autorun.inf+folder

Another good practise is to not use 'double-click' to list the contents of thumb drives in explorer. A double-click might trigger the autorun feature if the thumb drive is infected (even if the Autoplay feature is disabled I think) with a virus using the autorun.inf file to spread automatically. Better open the folder structure panel and click the drive there. This will NOT trigger the autorun. You can then examine the contents and delete any suspicious exe file or an existing autorun.inf. You can even open the autorun.inf file in notepad and see where it points to (and delete this file).

Don't rely on one Antivirus software alone

My last recommendation is to use a second On-Demand antivirus/malware scanner in addition to your main antivirus program. The discussion about the best antivirus software is very misleading in the sense of it makes you think there is one antivirus program that can detect 100% of the viruses. By using more than one program you might avoid that one virus that slipped through. Of course you SHOULD NOT run two antivirus shields/guards at the same time, this is asking for troubles and instabilities. Rather get a second program that supports to disable the real-time protection and use it as On-Demand Scanner maybe once a week/month or whenever you encounter suspicious files.

It seems you know more about computers than the average user, and the virus that hit you was a really nasty one. I hope you can prevent troubles like this in the future, good luck!!

welo

Edited August 25, 2009 by welo