Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with 10.x
Showing posts in English
riva11 | 30 Apr 2009 | 9 comments

I'd like to share an interesting application that allows to uninstall dozens of different antivirus programs from a computer system.
It can help for example in case you have to remove an antivirus applications in case of errors during removal or when you need to replace a security application with another .

The AppRemover program is a portable software , free for your personal, non-commercial, use.

Supported Operating Systems :
Windows 2000, 2003, XP (32 / 64 bit), Vista (32 / 64 bit), 2008, Windows 7 beta

Antivirus & Antispyware Applications removed : Support Charts 

Link : AppRemover

Nel Ramos | 26 Apr 2009 | 7 comments

Let’s face it team, all of us know that we shall be facing with a virus infection/ outbreak in the near future. Preparation is the key to be resilient on pending virus attacks. In order for us to be prepared, we need to be informed with accurate, intelligent and factual data coming from a reliable source. With these things put together, the chances for us to be pillaged by unknown destructive elements would be minimal.

One good example was when we got information that CNN.com had word on a possible outbreak of the computer worm CONFLICKER.C a.k.a. W32.Downadup.C on April fool’s Day. Since the site was legitimate, we then geared on how we could deflect a possible breach. We also verified this with other reliable sources with the same positive information. Good thing, Symantec already had posted multiple articles on this worm. We then started to monitor virus definitions updates in all our branches and initiated/ follow up the manual...

SAM_SHAIKH | 23 Apr 2009 | 3 comments

W32.Sality

Overview
W32.Sality is a parasitic virus which infects shared drives and Windows executable files by putting its code to host files. It contains downloader functionality to further install Trojan or key logger components. Sality opens a backdoor that allow the remote attacker to get the full control over the infected computer and in turn the confidential information, representing a serious security risk.

Aliases
Microsoft - Virus: Win32/sality.am
Kaspersky - Virus.Win32.Sality.aa

Symptoms
W32.Sality has the following symptoms:

• Modifies System.ini files (Check for the modified date)
• Services listening on the network port(s).
• Unexpected network trafic to one or more of the domain(s).
• No access to File Monitor.
• Disables Safe mode boot
• Disables regedit and taskmanager
• Disables Antivirus

Characteristics
Upon execution, it starts...

Peter_007 | 21 Apr 2009 | 7 comments

svchost a windows process which used to take about 1200k of ram space now takes 7000k space .
I have not installed any third party software.
Kindly suggest any remedy.

BNH | 21 Apr 2009 | 1 comment

In the past, we see threats modify Windows host file to redirect AV vendor websites to 127.0.0.1 loopback address.
Some security software also injects known bad URLs into the same host file with 127.0.0.1 loopback address.

Well nowadays the bad guys are getting smart and does more advanced stuff than host file modification.

In few recent malwares [ie. Conficker aka Downadup], we see that infected machines are unable to access AV vendor sites although the host file is empty.
And ping to av website yield a 127.0.0.1 address resolution.

Well now there are a few tricks we can do to evade this issue.

Its an old trick by removing DNS cache on our machine and check it everytime required to the DNS server.
Microsoft has a KB for this as written in support.microsoft.com/kb/318803 .
It is as simple as typing : 'net stop dnscache' or 'sc servername stop...

ShadowsPapa | 20 Apr 2009 | 0 comments

I was facing another issue - being a gov't agency, we run at short staff all the time. The boss wants central management of everything, but that still takes people to manage it.
One of the things deemed most critical is the antivirus protection on our clients. Yes, there are audits one can perform, be it by SMS (but it has to know what to look for) or by Symantec's own products, but that takes people to RUN the audit, then filter through and understand what one is seeing. And if you have 45 different subnets, then searching computers via subnet is painstaking. There's the old "get a list from xxx and search from that list" trick, but computers constantly change, they must be turned on to successfully audit, and what if they are off at that very moment of your audit? Some were always falling through the cracks.
There is only one constant - any time a person here logs in, they run our login script. Period. I've found not exceptions (hope not, I set it up that...

Peter_007 | 19 Apr 2009 | 7 comments

My computer is suffered by virus which goes on creating .exe files of folder name inside the folder
It also cuurpted my antivirus
It slowed down my pc
regsvr proces is consuming more cpu memory

Please help me out

HimalayanITGuy | 30 Mar 2009 | 2 comments

 

"Many have been worrying that the Conficker worm will somehow rise up and devastate the Internet on April 1. These fears are misplaced, security experts say. April 1 is what Conficker researchers are calling a trigger date, when the worm will switch the way it looks for software updates. But the worm has already had several such trigger dates, including Jan. 1, none of which had any direct impact on IT operations, according to Phil Porras, a program director with SRI International who has studied the worm. 'Technically, we will see a new capability, but it...