Serious problem with NAV Virus Definitions dated 04-01-07 through Live Update?

Hello all!

NAV 2003 version 9.05.15, up-to-date according to Live Update.
New Virus Definitions as of yesterday (04-01-07) is the only change to the system.

Today, for the first time, when opening a word-document, navW32.exe asked permission to connect to the internet. As adviced by the firewall (NIS) I granted permission.

Now, opening any word- or excel-document takes 1 - 1½ minute, as compared to a few seconds before. I had to disable "Miscellaneous - Enable Office Plug-in" to get things back to "normal" but without that protection.

During computer start, initializing of NAV takes much longer than before.

Opening the applications, NSW, NIS and NAV, each takes some 20 seconds, compared to 4-5 seconds before.

I have scanned for Virii and other Malware but the computer is clean.

I will restore a Ghost Image to find out if the new Virus Definitions is the culprit or possibly any other update to NAV.

Has anyone else experienced the same?

Thanks for Your time,
Christer

 

I have done further "research" and it seems like I was wrong in assuming that the latest Virus Definitions caused this problem. It was a coincidence since when the system was rolled back using a Ghost Image, it is the same situation.

It seems like whenever I´m connected (via broadband) to the Internet, the described problem is there but as soon as I physically disconnect, it is back to normal.

There is a connection to NAV though, since only Norton applications and Office applications through the Plug-in are affected.

Is it possibly a conflict with the antivirus and anti spam service provided by my ISP?
I haven´t signed up for it and shouldn´t have that service but I don´t know what else ...... ......

Christer

 

Hi John!

I have never before had any problems with Norton and this struck "over night ". It is not a general slowdown, most applications run like before but the Office XP programs, connected via the Plug-in and the Recycle Bin connected via Norton Protection are like molasses when loading or emptying respectively.

Everything runs normally when physically disconnected from the broadband connection with Norton still running in the background.

My ISP is on a spammer hunt and have notified us about changes in the new year and I have a feeling ...... ...... that if there is a connection, it will be difficult to get them to admit it.

Thanks for the link, I´ll go there and have a peek!

Christer

 

Hi Jim!

I´ve started reading a thread on this issue which can be found here . I´m on page 6 and there are 14 ...... still counting.

It seems like there are different symptoms to this issue and it is not certain that it is the definitions.

More people have used Ghost to "roll back" but it doesn´t matter, it doesn´t resolve the problem.

There is one thing however:

Yesterday or the day before, I received an e-mail from someone that I didn´t know of. It had an attachment which I have set OE to not allow to open. It had a *.ppt.exe suffix and despite Norton not complaining, I identified it as a possible virus.
I tried to figure out how to submit it to Symantec without opening it but I found no way to do that. I deleted the e-mail and its attachment with the shift-delete to bypass the bin.

I have run Trend Micro's online scan but it didnt find anything and nor did Norton.
If I got infected and this is the result, then it is wide spread.

Christer

 

Now I have come to the end of that mammoth thread and it seems like the Symantec Updates are not the culprit but that it is a server problem.

See: Expiration of VeriSign Global Server ID Intermediate Root CA on 1/7/2004

A temporary workaround:

In IE > Tools > Internet Options > Advanced > Security > untick CheckForPublishersCertificateRevocation

This indicates that if it was a virus in the e-mail attachment which I deleted, then I was probably not infected.

Not assuming any responsibility,
Christer

 

That last "workaround" sped up my computer considerably, not only regarding this issue but comparing to normal function.

Booting faster, loading applications faster.

I guess that there is some serious checking of certificates when that box is ticked!

Christer

 

Jim,
I´ve heard that a double extension is an almost sure sign of a virus or something else that you don´t want. In this case trying to lead me to believe it is a ppt file but it is an executable.

Since I didn´t know of the sender and the body of the message was of the "cut and paste" type, I was pretty convinced.

I didn´t even untick the OE > Tools > Options > Security > "don´t allow attachments to be opened" box and concequently could neither save nor copy the greyed out file.

I know that I was a chicken, having Ghost and all but I didn´t. Now I almost wish I had because today, I have restored Ghost Images on three occasions trying to figure things out ...... ...... so, one more hadn´t made any difference.

Christer

 

About the double extension:

In Folder Options, I have unticked "hide extensions for known file types" and the extension shows as *.ppt.exe.

If I tick that box, the double extension becomes a "normal" extension, *.ppt.

To test, create in Notepad a document with any contents and save as *ppt.exe. Choose "all file types" in order not to get an additional .txt extension.

Tick/Untick that box and see what happens.

Christer

 

This is a response from a Symantec representative on Broadband Forums:

A link to the site in a previous post.

Christer

 

My computer is back to normal again.

To get it back to normal requires undoing the temporary workaround(s), especially in IE > Tools > Internet Options > Advanced > Security > untick CheckForPublishersCertificateRevocation .

If You want the integration between Norton and Office, go back and re-tick that box for Office Plug-in, in NAV > Options > Miscellaneous (if You un-ticked it in the first place).

Christer