NAV again (won't install)

Discussion in 'other anti-virus software' started by Jooske, Sep 2, 2002.

Thread Status:
Not open for further replies.
  1. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi all,
    I tried to help somebody whose system was sending hundreds of klez infected emails to newsgroups.
    I told her to get the clrav.com tool at kaspersky's and do the scan in windows, windows safe mode and in msdos.
    After to get an online scan at one of the known sites.
    Till she would come out clean not to trust her local av/at, but immediately afer to update the databases.
    She has an WinME system and her av is NAV2000.
    She says she came out all clean with every scan.
    This surprises me more then highly.
    I had told her to disable the system recovery just in case.
    She sent a few emails from the same email account, same IP, as far as i can see same routing, but i think she logged in as another user as those emails are completely clean, no klez, no iframe exploit.
    As she says she does not have different ways of logging in, no network, just her and her C:\ drive, i'm even more surprised about this.
    It can't also be done by her ISPs mailserver, for then the other emails from the same email account would not have been clean.
    In the infected emails her routing is each time pasted inside the header with extra some of her addressbook or inbox addresses, exactly like Klez always does. As all time her IP is used, i don't think any other person is involved.
    Any ideas so far?

    Good; i had told her after all the scanning and possible cleansing to update her av, NAV2000. Unfortunately she decided to uninstall that completely and to install NAV2002.
    And this does not want to be installed, it keeps telling to install NAV2000.

    I don't run NAV so i don't have the slightest idea.
    Could this mean there is still some infection somewhere on the system, or should she just try to reinstall her NAV2000 version and after that upgrade to 2002 or are there risks in that?

    Thanks in advance for the insights!
    I am sure this kind of problem has geen answered but searching here can't find the answer.
     
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,361
    Location:
    The Netherlands
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Thanks a lot! I wasn't around to react sooner, so i just emailed her, and will try to let you know when i hear results!
     
  4. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,361
    Location:
    The Netherlands
    No prob! :)

    It usually does the trick, if the uninstaller's missing or corrupted.

    One other thing: I'd run it in Safe Mode; it does a more thorough job there.
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Sounds good! I gave her the link to this thread, so she might come over to read and learn here too!
    Wished i had done so and known long ago as my system was bad with NAV on it (5, 2000), the uninstall took away files other programs really needed, so that was some stumbling more till the main programs were reinstalled.
    My system simply doen't like NAV.
     
  6. controler

    controler Guest

    She needs to turn off the recovery mode.
    Because if system files are infected , the antivirus won't fix um unless it is turned off.. ;)
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Thanks Controler, i forgot to tell i had her that far already :) which helped not getting infections back after cleansing, even though saying not being infected at all.
    That system restore is a pain in such problems, think to remember another thread here somewhere where that was an important item too :)
    In the meantime got a big thanks to the good people here as it helped her and she now is running NAV2002, updated.
    So as that NAV wanted to be installed now, i might more or less suppose she should at least have been clean at the moment of installing NAV, is that a right impression?
     
  8. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,361
    Location:
    The Netherlands
    Well these are two differerent things.

    Norton does advise to uninstall and reinstall NAV after getting rid of Klez, as vital files may have been corrupted or removed.

    I think though you can safely conclude, that if she's been able to install NAV 2002, update her virus definitions, deep scan her drives, and still come out clean, there's no trace of Klez left.
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Thanks again for the comments; it was the same i was thinking.
    I would think of my firewall too and whatever thing checking my email and letting it still pass without blocking.
    AQnd of urse after all the cleaning update all security patches at MS for windows and IE/OE as that update site too might find missing parts.
    After too many crashes i update my IE or do a repair install for IE from that site, where possible missing files are downloaded again.
    Might be necessary after uninstalling NAV, as that goes soo deep and spares nothing! :)
    For the sending of infected emails if not sent by her known computer name for instance would only be possible with another user login or another computer in a network sharing one internet connection. So if there is such a thing she knows now how to clean that and how to re-install NAV.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.