Possible Virus???

Had a problem this morning I've not experienced before. After checking my email I noticed that Norton AV was not running in the taskbar as usual. I tried to access it from the menu but nothing would happen. I then tried to access Task Manager and when I did the window would open and then immediately minimize itself to the taskbar. When I attempted to open in from the taskbar bar the icon would disappear. I tried rebooting and noticed that Norton did not start up and I experienced the same strange behavior with Task Manager.

I also noticed both yesterday and today that OE would check for mail the first time it was started but if I tried again more then likely I would get an error message that there was a problem with the server.

I don't know if it's related or not, but on the 26th I received an email message that was infected with the Klez32@mm virus, but Norton caught that, quarantined the virus and I deleted the message from my system, and as is my habit I ran a virus scan after receiving this message just be sure that I was not infected and Norton gave me a clean bill of health.

Also, I have a logging program (Keyboard Spectator Lite) running in the background and when I attempted to access it using the hotkeys nothing would happen. Following the reboot I was able to access the log as the program was trying to load and in reviewing it noted that shortly after midnight on the 29th, when my son was on the computer, several warnings were recorded, but no further details were provided. It appears from the log that he was using Windows Messenger and was visting a music site.

I have also ran Ad-Aware and Spybot. Ad-Aware found three problems; Ever-ad, Double-Click and a registry key Software\P3. Spybot found nothing of real interest except for a couple of cookies. I removed the items found by both of these programs.

I was able to restore my system to an earlier date and Norton and Task Manager are working fine now. I have done a full scan of my system with Norton using latest definitions and it reports that no viruses were found.

Has anyone experienced this type of problem?
Is it Virus related?
If so, could the virus still be on my system and Norton simply missed it because I restored to an earlier date?
If it is a virus and could still be on my system does any one have any suggestions for finding and removing it?

Any help would be appreciated!

 

There are a couple of new Viri that can disable several of the major virus scanners.

Maybe you should do a couple of online scans to be sure:

Online Virus scanners
http://www.anti-trojan.net/at.asp?l=en&t=onlinecheck

http://www.bitdefender.com/scan/licence.php

http://www.commandondemand.com/eval/index.cfm

http://www.computercops.biz/modules.php?name=News&file=article&sid=770

http://housecall.antivirus.com/http...ie&venid=sym&plfid=20&pkj=OFRIWOBWYSHSFVIGMKI

http://www.pcpitstop.com/antivirus/default.asp

let us know.

mike

 

mflynn;

Thanks for the response and the links.

While waiting for someone to reply I was finally able to access Trend Micros on-line Virus scanner and it found an infected file in my sons folder. The virus, which is a variant of the W32.Yaha virus, was attached to a file named "True_Love.scr ".

Norton AV site has an explanation and manual fix at Security Response to W32.Yaha.K@mm

In reading the article I see that the virus can be delivered through several different methods, one of which is MSN Messenger.

Another interesting thing I noted while working on this issue, is that the warning messages recorded in Keyboard Spectator showed a time stamp of just before 1:00 a.m. but when I found the infected file it had a timestamp of 1:00 p.m. So either it was able to record its own timestamp or it lurked in the background for 12 hours waiting to install itself.

The Norton document says that a fix will be included in the Liveupdate Definitions that will come out tomorrow, in the meantime a manual update can be downloaded from the above link.

Thanks again for the response.

 

I would do the manual fix, then run 2 more different of the onlines to be sure and that you are clean.

Then because Norton did not even detect after restore you should seriously consider uninstalling Norton Av and do a fresh reinstall!


EDIT
Possibility if virus was still there after restore it just disabled Norton again. It does not have to be missing from the taskbar to be disabled. In other cases I have seen it always showed up on taskbar just didn't detect!

Mike

 

I'm in the process of going through the manual fix now.

The reason Norton didn't pick it up is because its not included in their Virus definitions until tomorrows update.

Following restore I ran Norton's Liveupdate, and scanned the harddrive. All worked fine.

I also ran Housecall again and it said I was clean. I'll try one of your other links just to be sure.

Thanks,

 

10-4

Mike

 

All seems O.K. now.

Ran the manual repair from Norton, installed the Intelligent Updater file, ran a full Norton scan, ran HouseCall one more time, as well as PC PitStop . Nothing found from any of them.

I have exorcised the demons. This house is clean.

 

Fannntasticcccccc!

Mike

 

rod

given the fact that intelligent updater defs are available on a daily basis...

and liveupdate defs are available on an approximate weekly (wednesday) basis...

why anyone waits around for liveupdate is beyond me!

from the W32.Yaha.K@mm symantec site you linked, it says right there that protection against this worm was included in the 12/26 defs if you go get 'em yourself, or 5 days later if you wait for liveupdate...

"Virus Definitions (Intelligent Updater) *
December 26, 2002
_____

Virus Definitions (LiveUpdateâ„¢) **
December 31, 2002 "

imo, there must be alot of confusion or flat out lack of knowledge about these intelligent updater daily defs, cause folks just don't seem to be grabbing them every day.

heck, even the daily defs are "behind the curve" so to speak, or reactionary in nature. people need to at least give themselves a chance against these viruses by not letting 5 days go by unprotected. it just doesn't make any sense to me.

hope your system stays clean



mark

 

I used to use McAfee and downloaded my own manual updates all the time, but this was primarily because their automatic update system wouldn't connect half of the time.

When I got my XP system earlier this year it came with Norton preinstalled and I guess I just got use to doing the Live Updates once a week.

I've had this system almost a year and this is the first time I've gotten stung. Lucky I guess. I think I've learned my lesson.

 

i'm sure that ultimately it comes down to what each of us feels comfortable with.

i am not embarrassed to admit that i always check with the intelligent updater page each and every day.

immediately after downloading and installing new defs, i run a manual full system scan on three different operating systems spread across two computers.

i make sure the bloodhound heuristics are enabled (the default condition, i believe), and set to the highest level of protection (a notch above the default). these settings are found by expanding the auto-protect feature in the nav options window. i figure that heuristics are my best protection against viruses that are too new to have had definitions issued yet.

i've learned my lesson without ever having had a machine infected, but by merely witnessing several viruses get quarantined by both symantec and zonealarm and by one of my isp's inbound email scanners.

i have also found (via the right-click 'scan with nav' option) a couple freshly downloaded files that were infected, and of course, i then did not install them.

these preventative steps have become second nature to me when operating my pc's, and i do not deviate from the safeguards i have put in place for myself.

but again, to each his own...

happy new year to all



mark