Chalk one up for NOD32 v.2

Here's an exact copy of the note my son left me after he was here last night (I was at work):

"Dad,
Scan my profile. I got a virus warning while I was on the computer tonight.

I wasn't looking at anything wrong, but I was searching for bikini models which I know is a bad idea.

Sorry. Ummm, All of a sudden all these windows started popping up so I x'ed out of them. Then I got the virus warning and I chose to delete the file.

I don't know if it worked or not.

Sorry, I am stupid, I know.

Love, Steven"

According to NOD's log (and the email NOD sent me about it), this is what it was : Time   Module   Object   Name   Virus   Action   User   Info
11/13/2003 20:11:41 PM   AMON   file   G:\Documents and Settings\Steven Yevchak.N-8YSRYQ7EARQ6G\Local Settings\Temporary Internet Files\Content.IE5\WHM70DYN\webcam-software[1].exe   Win32/TrojanDownloader.Swizzor.C trojan   deleted (after the next restart)   N-8YSRYQ7EARQ6G\Steven Yevchak   


So THANK YOU, Eset! Not only for detecting/stopping it in the first place, but for making the "choices" panel so easy-to-understand that even my son could figure it out and use it in a crunch.

It's experiences like this that sharply point out why everyone needs a resident (on-access) virus scanner - and as long as NOD32 keeps doing this good a job, it'll be on my computer as long as I own one.

(P.S. - My son's not in too much trouble - I appreciated the fact that he owned up to the event honestly and even handled it correctly). Pete

 

Bikini Models (riiiiight )

Well frankly there is more then one type of virus floating around the web when one looks at that stuff....I guess real life dangers have moved onto the matrix (internet) .
Next you are going to see a prompt saying "Internet Explorer just got the Clap and it will shutdown."

But yes I like the fact that Nod32 worked. It looks like you got infected with an downloader thus if you had a firewall in place most of the times it will stop the program from getting the real thing. (well unless it was smart enough to masquerade as an IE DLL and your firewall does not have dll detection).
One thing that Nod32 might not protect you against and that might be running on your system now is a dialer. Thus download spybot search and destroy (or better yet ADAware since they are updated more often) and give it a scan.

 

Spy1:

Good testimonial! It sounds like you've got a pretty good kid, too.

Tempnexus:

Had to say that clap joke cracked me up.

 

Yes, I believe I may have heard of SBS&D and AA (in SBS&D, click on "Info & License, then "Credits" and scroll to the bottom of the list).

I'm pretty sure I don't have to worry about a dialer as I'm on cable (seemingly confirmed by fullscans with the latest versions/updates to both SBS&D and AA, TDS-3 and NOD32 v.2.) - but thank you, that's very good advice!

If OutPost Pro failed at all in this situation, it's probably due to the fact that I just had to re-install everything three days ago and I forgot to password-protect it - my children have a habit of turning things off that inhibit their full experience of the Internet. I've rectified that situation this morning. Pete