Focus on Virus Mode:
(Page 14 of 62)  < Prev  9 10 11 12 13 14 15 16 17 18 19  Next >
RE: Microsoft AntiSpyware falling further behind 2005-10-26
Richard Stiennon (RStiennon webroot com)
Before deploying SSE most of our customers spend about two hours trying
to clean up an infected machine before resorting to re-imaging. Here is
a listing of what one customer found on their network when they
initially deployed SSE. They had AV at the gateway and on the desktop.
Used freeware tactic

[ more ]  [ reply ]
RE: Microsoft AntiSpyware falling further behind 2005-10-26
Evan Mann (emann pinnaclefinancial com)
Sometimes it's a heck of a lot easier and quicker to rebuild a computer
then fight a heavy spyware infection. I can save peoples files and
re-ghost a computer in < 10 minutes. Fighting a spyware infection with
multi products can take 3-4 times longer than that.

Multi-layer approach is a good idea

[ more ]  [ reply ]
RE: Microsoft AntiSpyware falling further behind 2005-10-26
Joe George (j george conservation org)
I would also recommend running MSAS and/or any other anti-spyware
utility on normal mode and once in safe mode for good measure. I was
amazed at what wasn't being picked up in some cases after running once.
I definitely agree with Bruce Klein. Using more anti-spyware apps maybe
overkill, but if it

[ more ]  [ reply ]
RE: Microsoft AntiSpyware falling further behind 2005-10-26
Kieran Murphy (Kieran Murphy powerscreen co uk)
We take the same layered approach.

Trend IWSS at gateway with Trend OfficeScan inc Firewall / Anti-Spy on
desktops, complimented by either Spybot / MS AntiSpyware, and we do find
that one system will detect stuff the others don't.

Trend especially appears to detect lots more problematic cookies th

[ more ]  [ reply ]
RE: Microsoft AntiSpyware falling further behind 2005-10-26
Shaffer, Bruce (security stsgi com)
I read about a year and a half ago that there were over 30 million known
pieces of spyware of which over 5 million were active executables. Given
the fact that many of the worms slithering across the net out there have
"call home, self updating capabilities" there will never be a comprehensive

[ more ]  [ reply ]
RE: Microsoft AntiSpyware falling further behind 2005-10-25
Bruce Klein (bruce klein iovation com) (1 replies)
There will never be a perfect solution - don't wait.

For the moment think of Spyware as cold weather and you want to be
protected (warm); put on layers to protect yourself.

Symantec has updated themselves to add Spam and Spyware to their
antivirus product. We are using Symantec, Websweeper, MS a

[ more ]  [ reply ]
Re: Microsoft AntiSpyware falling further behind 2005-10-26
Harish Pillay (h pillay ieee org)
CFP: The First International Conference on Availability, Reliability and Security (AReS 2006), 20-22 April, 2006, Vienna, Austria 2005-10-23
Manh Tho (manhthovn gmail com)
(Apologies for multiple copies due to cross postings. Please send to
interested colleagues and students)

The First International Conference on Availability, Reliability and
Security (AReS)
ARES 2006 - "The International Dependabili

[ more ]  [ reply ]
Microsoft AntiSpyware falling further behind 2005-10-21
Quark IT - Hilton Travis (Hilton quarkit com au) (2 replies)
Hi All,

It seems that not only does Microsoft AntiSpyware recommend that
Claria's spyware is ignored, but it also misses a significant amount of
cookies that are placed on a system - I have a VPC environment where I
browse the Internet so that anywhere I go won't affect my regular
Windows session/i

[ more ]  [ reply ]
Re: Microsoft AntiSpyware falling further behind 2005-10-26
Duston Sickler (dustons charter net)
Re: Microsoft AntiSpyware falling further behind 2005-10-26
Planz (planz2009 gmail com) (1 replies)
Re: Microsoft AntiSpyware falling further behind 2005-10-26
Dave Bush (hockeystatman gmail com)
RE: Trend False Positives 2005-10-20
Larry Seltzer (larry larryseltzer com)
Trend got back to me. I'm actually using PC-Cillin 2005, btw. Seems it has
to do with messages with large numbers of attachments, and when PC-Cillin
sees such a message (20 attachments in this case) it considers the message
as possibly malformed, and therefore suspicious. The explanation it gives to

[ more ]  [ reply ]
Spyware False Positive 2005-10-19
Quark IT - Hilton Travis (Hilton quarkit com au)
Hi All,

Anyone in Australia who uses (or has a client who uses) Pracsoft
(medical practice management software) will find that both CounterSpy
and Trend's anti-spyware will detect a file in %windir%\system32\log.dll
as All-In-One SPY 2.0. This is a file from Pracsoft and is not the
spyware claimed

[ more ]  [ reply ]
Re: Trend False Positives 2005-10-19
DFW Security (dfwsecurity gmail com)
I'm running Officescan 7 and have not had any problems.

On 10/18/05, Larry Seltzer <larry (at) larryseltzer (dot) com [email concealed]> wrote:
> For months I've been getting false positives from Trend AV on the digest
> messages from the Security Basics list. It's the strangest thing. I've told
> Trend and haven't heard anyth

[ more ]  [ reply ]
Paper: Anti-Virus in the Wild 2005-10-11
ejohansen gmail com (1 replies)

Please find my Anti-Virus in the Wild paper (as well as the presentation slides) that I presented at the Virus Bulletin 2005 conference in Dublin, Ireland at the links below:

Paper -

Presentation -

[ more ]  [ reply ]
Trend False Positives 2005-10-18
Larry Seltzer (larry larryseltzer com)
Cross Reference List of Virus and Worm Names available 2005-08-26
Andreas Marx (gega-it web de)


Each vendor of anti-virus software has a different naming convention and the same virus could have a completely different name in another company's product.

To provide a candle in the dark and diminish the current confusion, we created a cross-reference list of all virus names, based on th

[ more ]  [ reply ]
AV Reaction Times of the latest MS05-039-based Worm Attacks 2005-08-24
Andreas Marx (gega-it web de)


You can find the information how fast the AV companies have reacted with a solution against Bozari.A/B, Drudgebot.B, IRCBot!Var and Zotob.A/B in an Excel sheet (18 KB ZIP file) which is available at <>. Furthermore we have checked how many AV products havn't required a

[ more ]  [ reply ]
Av solution with mysql? 2005-08-24
Wayne (wayne nightsol net)
Hey Guys,

I want to have AV on all clients (obviously I suppose)
But I want to have a central server for management running on Linux that
Will log alerts to a mysql database, reading configs from there would be
great too if possible...
Anybody know of a product that can do this?


[ more ]  [ reply ]
RE: New Virus/Worm 2005-08-22
Biswas, Proneet (pbiswas ipolicynetworks com)
The Backdoor CEB is very old as per Mcafee and the message is that of a
Reptile FTP Server.
What you might be seeing is a variant of the ZOTOB which is right now
installing FTP backdoor servers.


To have known the best, and to have known it fo

[ more ]  [ reply ]
Re: New Virus/Worm 2005-08-22
reb93720 yahoo com,14125467~start=40

The sentence you referred to is mentioned about 1/3rd down the page.


[ more ]  [ reply ]
RE: New Virus/Worm 2005-08-22
Travis Alexander (travis alexander lacamas org)
I've been receiving emails directly to me from this IP,, from Israel I think. My firewall, a Fortinet
FortiGate-200, is blocking this virus as BDoor.CEB-bdr. However,
I have yet to find anymore info about it from Fortinet's website.
Their virus encyclopedia is under maintenance. It's pos

[ more ]  [ reply ]
New Virus/Worm 2005-08-21
Jack Vizelter (jack mail rockefeller edu) (2 replies)
Since about 5pm last night, we've been hit hard, so far about 60 computers,
mostly running Windows 2000 got infected.

All infected computers show a backdoor on a random TCP port such as: 5794/tcp
220 Reptile welcomes you....

Has anyone seen or expie

[ more ]  [ reply ]
Re: New Virus/Worm 2005-08-22
jayjwa (jayjwa atr2 ath cx)
Re: New Virus/Worm 2005-08-22
Shiva Palancha (shivapalancha gmail com)
Re: wintbp.exe 2005-08-17
alex shipp (ashipp messagelabs com)
> From: "Mike" <mjcarter (at) (dot) nz [email concealed]>
> ...
> AV is reactive by design...

Where have you been the last 5 years?

Some AV is reactive in design, but not all. For instance, McAfee products such
as McAfee VirusScan 8.0 can prevent the attack with the generic buffer overflow protection enabled. No

[ more ]  [ reply ]
Re: wintbp.exe 2005-08-18
shantinathteradale yahoo com
Yes it is known as WINTBP virus and you need to apply the latest MS patch MS05-039 and MS05-041 to protect your server against this virus.

However you need to remove the virus from your servers if they are already infected. Here is the procedure to remove the virus.

1. Open Task Manager and end t

[ more ]  [ reply ]
(Page 14 of 62)  < Prev  9 10 11 12 13 14 15 16 17 18 19  Next >


Privacy Statement
Copyright 2010, SecurityFocus