After Norton failed to detect the Nimda variant on my computer, I have decided to sever my ties with norton and go for a better antivirus program. Though, I'm looking for freeware software. What should I get? I've already decided I'd replace NPF with Kerio Firewall.

No antivirus program is able to detect all existing viruses. Therefore changing your current av software might not be the best idea especially if I see your question:

{QUOTE-> What's the best freeware antivirus utility? <-QUOTE}

This one should be better placed as "Is there a freeware antivirus utility that is better than NAV?" The answer is no.

wizard

{QUOTE->
This one should be better placed as "Is there a freeware antivirus utility that is better than NAV?" The answer is no.

wizard <-QUOTE}
even etrust7 promo or avast? ::)

looks like you are dropping your guard. i agree that Norton is *AHEM* but replacing it with freeware AVs will not solve the problem. if you invested in Norton then invest on some good products. like KAV or NOD32 or F-secure or F-Prot. Kerio is a good choice by the way. Hmm... AVAST is worthless and i'm going to try that eTrust. people say it has also got the VET engine so it shouldn't be that bad. for pure pattern based scanning ANTIVIR is a good one and AVG is also good with its heuristic and code emulator. but minus those AVG is not as good as ANTIVIR. did i mention anything about DOS based F-Prot? its free and its very very good. a little tweaking of the registry and you'll be able to do that right-click scan with it. but it has no ON ACCESS scanner remember that.

{QUOTE-> looks like you are dropping your guard. i agree that Norton is *AHEM* but replacing it with freeware AVs will not solve the problem. if you invested in Norton then invest on some good products. like KAV or NOD32 or F-secure or F-Prot. Kerio is a good choice by the way.
<-QUOTE}
Kerio is a firewall not an AV ;) ;) ;) ;)
{QUOTE->
Hmm... AVAST is worthless <-QUOTE}
you're must be kidding
:o :o :o :o

{QUOTE-> even etrust7 promo or avast? ::) <-QUOTE}

etrust7 I do not count as freeware. It is a one-year trial version. But anyhow you can have a look at the statistics:

Norton AV: http://www.virusbtn.com/vb100/archives/products.xml?symantec.xml

etrust:
http://www.virusbtn.com/vb100/archives/products.xml?etrust.xml

Avast:
http://www.virusbtn.com/vb100/archives/products.xml?avist.xml

This doesn't mean that etrust or avast are bad programs but compared to NAV in terms of detection there is nothing to gain while switching to one of these programs.

wizard

Okay, so maybe I'll keep Norton. Is there any utility out there that I can use to test NAV? I want to know whether it is still working because it doesn't seem like NIS is functioning properly. My NPF doesn't monitor my broadband connection for some reason and that was how I was easily hacked http://www.wilderssecurity.com/showthread.php?t=30446.

NVM, found it and ran it. All tests passed! Do you guys know anything about my firewall problem?

If your version(s) of NIS, NPF and NAV are recent enough, have you tried contacting Symantec regarding the problem with non-monitoring of your connection?

{QUOTE-> etrust7 I do not count as freeware. It is a one-year trial version.
wizard <-QUOTE}
etrust7 promo is free. eTrust EZ AV is the one-year free AV.. (As far as I remember)
::) ::)

mV's previous post said"

"Hey guys, I have a problem. Ever since I got cable and I hooked up a Microsoft MN-500 router to my system to share the connection, my norton firewall hasn't been really checking the connections. I check the log files and haven't seen any connection logs after the technician set me up for cable. How do I fix this?"

**************

mV

if I understand correct its a firewall/router problem you are having......an not so much that you are un-happy with norton virus scanner....but with the firewall it contains......is that right?
Also noticed that your previous post received no replies.....an would suggest that you bring this subject up once again in the firewall forum.

ooops....am a slow typer...you guys had already replied on the firewall issue........seeya later..gone

{QUOTE-> etrust7 promo is free. eTrust EZ AV is the one-year free AV.. (As far as I remember)
::) ::) <-QUOTE}

Yes you can use it for free for one year. Like you can use other programs for free for normally 30 days on a trial basis. What etrust offers is just a an extremly long trial period.

Therefore it is not really what is meant by the term freeware. 8)

wizard

No that's not it. I am a bit unhappy with Norton's AntiVirus Program and even more unhappy with Norton Personal Firewall. NAV...okay, fine so it let Nimda slip through undetected, no problem there...so NAV, after what you guys said about it, is pretty fine to me now. So I am a little happy about NAV, although, I did, and should have mentioned this in the original post, wanted an AntiVirus program that was pretty light on resources and didn't slow many programs down like NAV does. Office takes way too long to open, even with the Office option disabled in NAV.

I am unhappy with NPF because of this problem. I had contacted Symantec about this. Apparently, they must have only one technical support rep because I e-mailed them 3 times and the same person e-mailed me back with the same answer to reinstall NPF. Noticing how difficult it is to reinstall, less uninstall a firewall program, I was hoping for a more feasable answer like "change your current ruleset to allow....". Their tech support is very displeasing so as to make Norton even more contemptuous.

mV

Yes it is a big deal when anything can bypass any firewall....an should be taken very seriously. An would again suggest that you discuss the problem in the firewall forum where it will answered particularly.
Am delibrately not going to discuss anti-virus.....but you do need to see about that firewall issue....as soon as possible.

Hi mVPstar,

I'm using NIS 04 ... I know NPF isn't popular ... but I've never had a problem- Intrusion wise ...it passes all the online firewall tests ... including the exploit test at PC Flank ... I'd Try uninstalling and reinstalling ... I've had to do this before ... for a different reason ... but it wented smoothly with no hicups! :)

And I'm happy NAV too - also never had a problem. So seeing as you've already paid for the Suite ... try a reinstall and see if that corrects the problem. ;)

And Yes, I agree Symantec's Support leaves a lot to be desired! ;D

dog - *puppy*

Here's a link that might be useful for you concerning NIF ... CrazyM is the resident Firewall Expert and his site is a great resource - Crazy M's Site (http://www.gpick.com/agnisrules/index.html) ... post in the other firewall forum and he'll help you out! ;)

HTH

dog - *puppy*

{QUOTE-> I am unhappy with NPF because of this problem. I had contacted Symantec about this. Apparently, they must have only one technical support rep because I e-mailed them 3 times and the same person e-mailed me back with the same answer to reinstall NPF. Noticing how difficult it is to reinstall, less uninstall a firewall program, I was hoping for a more feasable answer like "change your current ruleset to allow....". Their tech support is very displeasing so as to make Norton even more contemptuous. <-QUOTE}

For great support, a friendly & helpful forum {right here at Wilders}, & a SUPERB FW, go for Look'n'Stop.

dear Minacross no offence meant but if you read carefully you'll see than i didn't mention anywhere that Kerio is an AV. you took me for a neophyte didn't you? ok i'm spelling it for you, i meant Kerio is a good firewall and it was originally quoted that NPF was going to be replaced by Kerio.

AVAST is not what it claims to be as i tested it. Wizard is right we can't consider eTrust EZ as freeware. eTrust 7.1 is available as an evaluation version where as the 1yr free version is eTrust EZ which comes with licensed firewall technology from Zone Labs. but the antivirus version is 6.1 not 7.1. also it couldn't detect viruses from password protected archives. products like F-Prot sniffed a 3 layered password protected file and marked it as suspicious.

Could Kerio be a good replacement to Norton? Rather than install NPF, could I just install Kerio v.2?

yes you can use Kerio instead of NPF. but a good firewall should be backed by a good AV. installing a firewall is not enough, you have to tweak it and test it against attacks and if possible even DDoS attacks.

Well, I'm not sure if I should worry so much about my firewall issue. My router has a built-in firewall and so far, it has blocked every attack, even the recent ones that have been generating for the past week.

I really only need something to execute program control and monitor outbound access.

{QUOTE-> Yes you can use it for free for one year. Like you can use other programs for free for normally 30 days on a trial basis. What etrust offers is just a an extremly long trial period.

Therefore it is not really what is meant by the term freeware. 8)

wizard <-QUOTE}
The quote on the VB awards you have given dear Wizard,for e trust is using InoculateIT . EZ anti virus does not use InoculateIT but uses Vet which has 20 VB awards http://www.virusbtn.com/vb100/archives/products.xml?vet.xml

E trust v7 Promo is a lifetime free liscence that Mina is referring to As that is the version that most of us have http://www3.ca.com/Solutions/Collateral.asp?CID=41370&ID=3249,
rather than the 30 day trial version that is now available. This version has 2 scan engines InoculateIT (16 VB awards) and Vet (20 VB awards) .

How does a server AV differ from a desktop AV?

The eTrust promo server ed. is at version 7.0.139

{QUOTE-> How does a server AV differ from a desktop AV? <-QUOTE}
Just one important aspect of a server av is the ability to update all the computers on a network with the latest virus defs. There are other differences but they don't apply to me useing it on a single computer.

The server av also keeps logs of all the machines' virus activities. In respect, the server av can remotely clean an infected machine and deliver removal tools, etc.

Whats wrong with avast? Our team uses it successfully

Ruben

Nothing wrong with Avast.
(I don't see any use detecting viruses in password protected archives
and I don't know if my AV does it...)

avast has passed 9 VB tests and failed in 18. also the heuristic protection is only available in the e-mail module. anyway if someone still likes it he/she can use it. some variants of worms like Netsky and Bagle arrive in password protected archives. so IF you want to detect it IN ADVANCE you'll have to use AVs like F-Prot. its upto you only.

{QUOTE-> After Norton failed to detect the Nimda variant on my computer... <-QUOTE}

Hi,

Sorry, but you never told us how you discovered that you had a Nimda-variant on your computer....
Maybe that is the first question to be answered...

Which program was telling you that you had a Nimda infection?
Was it updated with the latest definitions?

Second question: how did you clean your system from that Nimda?

Third question: why didn't NAV catch it?
Have you set up your NAV in the right way?
Did you have the latest definitions?
Nimda is not exactly a new infection...

Well, I realized that tftp.exe was running in my processes at least 14+ at a time. I also saw a file called tftp1465 in my IIS scripts folder.

Dunno why NAV didn't catch it. I think the tftp1465 file was something dropped after I got infected with the codered worm (before I got security utilities). I think when I cleaned codered, that didn't come off. Half of the Nimda variant was probably on my comp and someone was just trying to use it via my open port 80 on my router.

NAV is setup properly. Didn't change any of the settings really. My definitions are very up to date.

{QUOTE-> Well, I realized that tftp.exe was running in my processes at least 14+ at a time. I also saw a file called tftp1465 in my IIS scripts folder.

Dunno why NAV didn't catch it. I think the tftp1465 file was something dropped after I got infected with the codered worm (before I got security utilities). I think when I cleaned codered, that didn't come off. Half of the Nimda variant was probably on my comp and someone was just trying to use it via my open port 80 on my router.

NAV is setup properly. Didn't change any of the settings really. My definitions are very up to date. <-QUOTE}

Hi,

I'm still not understanding it, sorry !

Now you're talking about codered, and that you were infected with that one.
How do you know, which program told you so?

Have you get to the site of your router and read all there is about it?
Sorry, I don't know anything about that router.
Is there maybe an issue about how it stores its password?

The Panda site has, if I remember me well, a file with which you can check/clean this on your system (system, not router).

Okay, I knew I got infected by codered because when I installed NAV, it told me perfectly that I had it without a problem. I installed NIS in response to the blaster worm.

CodeRed, or the hacker, apparently dropped a file called "tftp1232" into my scripts folder in IIS. Apparently since my router's port 80 was open (my router automatically opened it because it knew I was running a server), someone exploited my vulnerability and used that scripts file. That's when I noticed that there were at least 14+ processes entitled tftp.exe running when I checked my task manager. I checked my task manager because I thought that there was something suspicious going on because my computer kept on making noises here and there.

Using background knowledge of the Nimda variant, these symptoms helped me to determine that this virus was on my computer.

The weird thing is, which I haven't told you about, was I ran many Nimda removal tools and they could not find traces of the worm on my computer. So, I just deleted the scripts file, found a way to close my open port 80, and suped up security for IIS.

Not sure what you mean by password for my router. I have a Microsoft MN-500 router and I can't really do all the advanced stuff with it like choosing what ports to open and close. The only way I was able to close port 80 was to forward it to an inexistent IP address.

Hope this answers your questions!

mV




tftp1232....whatever made you think that was a virus?????????

*************
in the firewall forum Mr. J Morris offer his imput......he, imo, is a highly respected person regarding firewalls.....if he said to me that my firewall was going to have a baby I would only ask if it were going to be twins.......
Also, the persons who responded to this particular thread are all experienced.....some very highly.......

Give this some thought

{QUOTE-> mV
if he said to me that my firewall was going to have a baby I would only ask if it were going to be twins....... <-QUOTE}


LOL SnowMan ;D

-----

The problem could be, if I understood mVPstar now right, that he/she was not using an AV, got an infection on the PC, and then installed NIS/NAV...

If that is right, then we have a complete different situation.
Then there could be -in theory-, on an unprotected PC, all kinds of malware installed.
We simply don't know at the moment.
Maybe only an HijackThis log could tell the experts more...

JAN

LOL.....its the meds...LOL


Jan I did some searching an found one site...a college...where tftp1232
can be downloaded from as a program/file........as well as numerous other "tftp"

Your suggestion is by far the most wisest.....vM should post a hijackthis log............cause this thread is going nowhere an vM may not have peace of mind until the subject is cleared once and for all.....

COMMENT

there are TFTP SERVERS............apperantly the college mentioned above uses such a server.......the "numbers" following "tftp" appears to indicate a particular progam/file

{QUOTE->
tftp1232....whatever made you think that was a virus?????????
<-QUOTE}
http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html

Because I read about Nimda when it was first out. I suspected tftp%%%% because I had not seen that in my scripts folder until one day. I wasn't very good at security, much less IIS security when I got attacked by the CodeRed worm. When I installed NIS, then NAV prompted that I had been attacked by "Trojan.VirtualRoot". I realized I had CodeRed and I used Symantec's removal tool to get rid of it.

I realized that I had Nimda because of that suspicious tftp%%% file that I had not seen before in my IIS scripts folder. I then suddenly realized that my computer was making noise here and there when idle. That's when I decided to check the TaskManager to see what was running. There, I found at least 14+ processes entitled "TFTP.exe". To finally come up with my conclusion that I had possibly been attacked by Nimda, I checked for the last part of the infection, listed my Symantec's site, the jscript code that Nimda places on every site that it finds on the infected computer. Sure enough, I found that lurking on a few webpages on my computer. So, what more to explain, I had figured I had Nimda.

I can't really post the HiJack this log right now as I am not writing from my home computer. I will paste it as soon as I get home.

Hi

Been running Avast home edition for more than 7, months as far as
i am concerned it is a fine AV it has never let me down updates regular even has online help for free if needed, it scans just fine takes up very little system resources, i have run Norton and also AVG in the past.
As far as a free anti virus i would recommend Avast home Edition to anyone

regards stones

My HiJackThis Log:

Hi mVPstar,

May I please ask you to post your HijackThis-log in the "adware, spyware & hijack cleaning"-forum-section.

You can find the guidelines here (http://www.wilderssecurity.com/showthread.php?t=15913)

I'm sure that the experts will have a look there at your log !
You could add a link to this thread so they know about your problem.

Thanks ;)
Regards, Jan.

{QUOTE-> AVAST is not what it claims to be <-QUOTE}

Just wondering - what does avast claim to be?? :o

{QUOTE-> in the firewall forum Mr. J Morris offer his imput......he, imo, is a highly respected person regarding firewalls.....if he said to me that my firewall was going to have a baby I would only ask if it were going to be twins <-QUOTE}

:) A richly deserved compliment for JM.

{QUOTE-> Just wondering - what does avast claim to be?? :o <-QUOTE}


Maybe this was what he was referring to from the website "You can expect 100% detection of In-the-Wild viruses (the ones what are really spreading amongst people) and very good detection of Trojan horses, all that with only a minimum number of false alarms." I don't know, just throwing it out there.

{QUOTE-> If your version(s) of NIS, NPF and NAV are recent enough, have you tried contacting Symantec regarding the problem with non-monitoring of your connection? <-QUOTE}

NFP not excludes AV but NIS have it( 2in 1). so far i have no prob with norton, but also had AVG free soft in my pc.