Dear,

Some time ago I got Infected with Internet Antivirus. I blocked all executable files in my firewall which is part of BitDefender Total Security 2008. I thought that it was now impossible for the program to update but it was able to do so. I could see it because the files that were putted inside the installation directory were indeed changed.

I even opened the section of BitDefender firewall were you can see all open ports or processes which are sending or receiving packets. I couldn't find anything suspicious.

How is that possible?

Thanks in advance,
Kind regards,
Niels

Hi Niels,

First I need to ask. If you have an infection that you can see, then why is it still there. Would you not be better to remove it.

I would say to remove the infection, not attempt to control its internet access.

From the point of its outbound/updating, there are many ways such as control of other applications already given internet access (as simple example: dll injection)



- Stem

Dear Stem,

First I want to thank you for your prompt response. I really appreciate that.

Sorry that I didn't mentioned in my opening post but Internet Antivirus is removed. I contacted BitDefender support and after an update Internet Antivirus was found and deleted. I can't say that it's completely removed but I couldn't see any pop-up's anymore also the installation directory wasn't there anymore. I denied access as a temporary measure so the program wasn't able to update itself because it wasn't yet detected by my antivirus.

When this happened only iexplore.exe was connected to the internet. I couldn't find any other executable files that had access to the internet.


Kind regards,
Niels