General SecurityPost any general questions related to security, viruses or spyware here.
Mission Statement
WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.
Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.
Serious problem with NAV Virus Definitions dated 04-01-07 through Live Update?
Hello all!
NAV 2003 version 9.05.15, up-to-date according to Live Update.
New Virus Definitions as of yesterday (04-01-07) is the only change to the system.
Today, for the first time, when opening a word-document, navW32.exe asked permission to connect to the internet. As adviced by the firewall (NIS) I granted permission.
Now, opening any word- or excel-document takes 1 - 1― minute, as compared to a few seconds before. I had to disable "Miscellaneous - Enable Office Plug-in" to get things back to normal but without that protection.
During computer start, initializing of NAV takes much longer than before.
Opening the applications, NSW, NIS and NAV, each takes some 20 seconds, compared to 4-5 seconds before.
I have scanned for Virii and other Malware but the computer is clean.
I will restore a Ghost Image to find out if the new Virus Definitions is the culprit or possibly any other update to NAV.
Has anyone else experienced the same?
Thanks for Your time,
Christer
Didn't find the information you thought to find? Check out these Similar Threads
I have done further "research" and it seems like I was wrong in assuming that the latest Virus Definitions caused this problem. It was a coincidence since when the system was rolled back using a Ghost Image, it is the same situation.
It seems like whenever Iīm connected (via broadband) to the Internet, the described problem is there but as soon as I physically disconnect, it is back to normal.
There is a connection to NAV though, since only Norton applications and Office applications through the Plug-in are affected.
Is it possibly a conflict with the antivirus and anti spam service provided by my ISP?
I havenīt signed up for it and shouldnīt have that service but I donīt know what else ...... ......
Christer
Last edited by Christer; 8th January 2004 at 18:47.
Hi Christer, here's a link to another BBS that discusses the NAV slowdown problem. There are some links within the posts that lead to other discussions. Hope it may be of some help.
I have never before had any problems with Norton and this struck "over night". It is not a general slowdown, most applications run like before but the Office XP programs, connected via the Plug-in and the Recycle Bin connected via Norton Protection are like molasses when loading or emptying respectively.
Everything runs normally when physically disconnected from the broadband connection with Norton still running in the background.
My ISP is on a spammer hunt and have notified us about changes in the new year and I have a feeling ...... ...... that if there is a connection, it will be difficult to get them to admit it.
Thanks for the link, Iīll go there and have a peek!
Iīve started reading a thread on this issue which can be found here . Iīm on page 6 and there are 14 ...... still counting.
It seems like there are different symptoms to this issue and it is not certain that it is the definitions.
More people have used Ghost to "roll back" but it doesnīt matter, it doesnīt resolve the problem.
There is one thing however:
Yesterday or the day before, I received an e-mail from someone that I didnīt know of. It had an attachment which I have set OE to not allow to open. It had a *.ppt.exe suffix and despite Norton not complaining, I identified it as a possible virus.
I tried to figure out how to submit it to Symantec without opening it but I found no way to do that. I deleted the e-mail and its attachment with the shift-delete to bypass the bin.
I have run Trend Micro's online scan but it didnt find anything and nor did Norton.
If I got infected and this is the result, then it is wide spread.
Christer--Sounds like good detective work to me! I am sure others will be helped.
That *.ppt.exe attachment is weird. As you know .ppt is a Powerpoint file, but the .exe tacked on makes it look like someone was trying to fool you into thinking that an executable .exe file was a PowerPoint file. I think Powerpoint files are harmless, but executable files could contain all sorts of nasties.
Concerning sending an attachment to Symantec, I would have thought you could have right clicked on it, click "Save As" and then sent the saved attachment (without opening it) to Symantec. Or you could have just forwarded the message with the attachment to Symantec (unless it contained personal stuff).
P.S. You also can determine the true file type of a file, by right-clicking on it and then clicking Properties. The file type is indicated on the "Type" line. .exe files will show "Application". (You also may have to make sure that "Show all files" is checked in Start|Settings|Folder Options|View tab.)
Jim,
Iīve heard that a double extension is an almost sure sign of a virus or something else that you donīt want. In this case trying to lead me to believe it is a ppt file but it is an executable.
Since I didnīt know of the sender and the body of the message was of the "cut and paste" type, I was pretty convinced.
I didnīt even untick the OE > Tools > Options > Security > "donīt allow attachments to be opened" box and concequently could neither save nor copy the greyed out file.
I know that I was a chicken, having Ghost and all but I didnīt. Now I almost wish I had because today, I have restored Ghost Images on three occasions trying to figure things out ...... ...... so, one more hadnīt made any difference.
Christer
Last edited by Christer; 9th January 2004 at 01:07.
Christer--Yes, a double extension is not a good sign.
You were lucky that the double extension was showing. Often, a "nasty" attachment shows only the first extension--in your case .ppt--and that really fools the recipient. I think it has something to do with that "Show all Files" setting, but I could easily be wrong on that.
According to this, some of the new worms are using forced hidden extensions, so that it doesn't even show up when you are set to show all extensions. It doesn't mention using .exe's, but certainly doesn't rule them out either.
A temporary workaround:
In IE > Tools > Internet Options > Advanced > Security > untick CheckForPublishersCertificateRevocation
Sorry guys if I'm alittle slow tonight...
I have Nav 2003, definitions current through 1-07-04 inclusive.
Updates managed via automated Live Update.
Not having any negitive symptoms with computer.
Do I follow / enable the above workaround?
Last edited by Dennis L; 9th January 2004 at 07:59.
......
...... that if there is a connection, it will be difficult to get them to admit it.
Just keep the workaround in mind in case you need it.
