|Just another Perl shrine|
(OT) Virus Relative Question.by Nik
|on Jul 24, 2004 at 18:17 UTC||Need Help??|
Nik has asked for the
wisdom of the Perl Monks concerning the following question:
Question about viruses and other ackward behaviours. Not a perl one but because you guys are very good i think i wann learn ti from you. I postd this in other places but no one until now, knew exaclty hwy things work like this to expl;ain. please dont hate me for asking this. i wont again.
Well i use Kasperksy on my XP. I Updates 3-4 times a day! I though i was safe! But i am not! Even though i use an updated AntiVirus and Firewall i still get infected with viruses, worm stuff like that. Epsecailly the Sasser and Lovesan worms.
Within some minutes after the worm infection kasperkey tells me that have found a worm in systerm32 folder calles TFTP(some number) and after some other minutes it founds more and more and more files liek this, only the muber changes. I even get lsass windows telling me that the ystem will shutdwon in 1 minute.
WHY am i infected? Well for one thing until 1 week ago i was never turned on automatic win upadtes. I always have this feature disables ( i really dont know why). Ok then i realised that my system had way to many open holes (windows programming errors) that patches claim to correct. Although i ahve googled and found the appropriate patch my system wont accept it! What happens exaclty is that when i try to install the patch the program tries to run and then closes immediately or i get an error access denied even though i am the admin of my pc and logged in as in.
a) Why the patch wont install although my win is activated?!? What must i do to make it install??!?!
b) Kaspersky screams that finds worms every 10 minutes or less. Why damn it?!?! If it is able to find them and identify them after i am infected with these why it does not detect the worm the minute that atttemtps to break into my pc? After all is nt that AV soft is supposed to do? Preventing virus to break in into pcs? Do i have to get infected and then clean/delete the virus? Why not just work like "The Prevention is way better than the Cure"??
c) Kasperksky asks me what i want to do with the virus(.exe) that found in system32. Well i say delete it of course but then damn AV cant delete because it says that the virus is in use or access denied! Well thats logical meaning that the virus(.exe) is already been executing/running in memory as a proccess but then again why not the aV just KILL the damn process and all its relevant files ?!??! After all it knows the virus id and how exaclty the virus is working!!! Well ic an fic it by booting in safe mode where no other proccesses runs except basic system ones.
d) If you care to answer and i know Gandalf is 9and i appreciate that) please explin to me this in detail so that i can clarify this one and for all!
e) Thanks and sorry i ask these here but i know you can answer this!
f) Also wantes to mention is these problems relevant to the fatc than i cant run Xnews because it just closes by itself as well as Kerio v2.5.1 does the same?!? I cant explin thise ackward behaviour!! Thank you and i am sorry for askig this here...
The Devil Is In The Details!
Edit by castaway - added 'OT' to title (since there were enough keep votes.. )