Mushy Peaches needs opinions??

Discussion in 'other security issues & news' started by Peaches4U, Feb 16, 2004.

Thread Status:
Not open for further replies.
  1. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    Well guys & gals, Peaches went mushy a bit yesterday. Last night I had problems connecting to the internet and when I did I had trouble bringing up my favorite sites. So I did an Ad-Aware scan and found: [my name here]@server.iad.liveperson[2]txt and had that nasty deleted. But things were still not as smooth as it normally is. I did an AVG scan and it came up "no viruses found", Did SpyBot and all was well, nothing found. I checked my firewall ZoneAlarm Pro and there was no indication of any quarantines. So I shut everything down and off to bed I went. This morning as I was on the forums, lo & behold my Firewall popped up that Word wanted to act as a server and would I grant permission .. the answer was NO. Checked my firewall log & found one log where a virus with an obscene name was listening at a specific port which was blocked by ZAP. Now my antenna is up & flags raised. I have a problem! Did an online Panda scan and my goodness, I had a virus and 6 files infected. I did not open anything I shouldn't have so how did this critter get in? Was my Firewall Mailsafe asleep as well as AVG? ... both are always up-to-date. I am now of the opinion that AVG has to go and am looking into AVAST but wanting suggestions & opinions from all you experts here. . Is my ZAP really vulnerable? If it is, I shall try Sygate. . Hmm, now I am in a quandry as I thought I had it made!! Oh well, can't win them all even though I try to!! :D

    Coincidence, the following just came up in my surfing. Would I be the first to be a victim given the above experience or is this report over-reactionary??

    http://www.dslreports.com/shownews/38909

    Short extract : "Security firm eEye warns of a new vulnerability affecting both Zone Alarm and Black Ice software firewalls that could allow remote access and control of a user's system. "
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    Peaches,

    I rather doubt the infection came in through your firewall. (I know you said the malware name was obscene, so obviously you don't want to post it here, but if you want to IM the particulars - name, files infected, etc. We can check out just what that malware is and take some guesses as how it might have come in.)

    Mailsafe can't really be bypassed because if merely renames file extensions when certain attachments come in via email. If you had a virus infected email that "was not based on attachment", but rather based upon some email exploit, then Mailsafe doesn't come into play. AVG would of course, but it could miss something. Still, email or download is the most likely attack vector so long as you haven't lowered your ZA security by allowing unneeded or unsafe programs "to act as server", or allowed a piece of malware access outbound.
     
  3. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    That's an interesting one. :doubt:

    I'm going to go out on a limb and guess that that nasty came in through the browser, and AVG didn't have a def for it.

    Interested in hearing more, Peaches. Good luck! ;)
     
  4. Technical

    Technical Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    471
    Location:
    Brazil
    Peaches, there are a lot of opinions about AVG and avast! in this forum: http://www.wilderssecurity.com/showthread.php?t=22260;start=0

    Hope this help! :cool:
     
  5. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    Thank you Technical .. I have been following that thread and seems like it's hands up for AVAST. I am not completely happy with AVG because lately I cannot get it to update when I want it to. [I changed nothing to cause this].. it is always a day behind .. not good enough for me. I guess I will try AVAST and see if I like it, if not, then I can always revert back to AVG. AVG did catch stuff for me that Norton AV didn't so there are pros & cons and it all boils down to what the user prefers & their needs.
     
  6. Technical

    Technical Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    471
    Location:
    Brazil
    You are completely right! Unfortunatelly, as far I know, the AVG automatic update must be at a certain time of the day (you must be connected at that time if you have a dial-up). The avast! update will occur 20 seconds after it detects a connection and then, if there is not an update, it will try 4 hours later in the same day...

    If you need some help or troubleshoting I can try to help.
    See you round.
     
  7. beetlejuice

    beetlejuice Registered Member

    Joined:
    Oct 12, 2002
    Posts:
    8,523
    Hi Peaches. I used to run Avast and had some problems. W98SE didn't want to shutdown, and sometimes it doesn't play well with other AV's. It didn't like my ZA too much either. I've forgotton what it did, but it wasn't good.
     
  8. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    I am on cable and have AVG set to update at 11:00 a.m. every day - computer is running then. It never used to delay but for some reason it does now. However, even if I try to download manually, it will not download the current components. Oh well, :rolleyes:
     
  9. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    Hi BJ - I run WinXP and have ZAPro. MailSafe in ZAP works like a charm. Avast I have been reading here appears to be improving and getting good reviews now. My neighbor installed it today so will see how it goes for her ... if she has any problems I know I will hear about it. She too has ZAP, WinXP and is on cable. I think I will sit back and do a tad more checking for now.
     
  10. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Regarding the latest update from AVG :mad: I run AVG 7 and Sygate Pro and when then update was issued for the new components I could not access the update site again. Sygate asked if I allowed permission etc which I did but then I received the notice failed connection try again from AVG. I uninstalled the software completely thinking I had a corrupt download - reinstalled and all the updates ran smoothly until I reached the latest update and once again Sygate refusd to recognise the updater.

    I have a router firewall so as a test I disabled Sygate and ran AVG's update and it worked this time downloading the latest virus defs. There was a lot of communication with the tech support at AVG who did not seem to know why this had happened apart from the fact there was a new updater exe in the download. I have now had to create a rule within Sygate to allow my updater for AVG even though it is listed in the allowed applications! Whatever AVG have done to the exe for updating Sygate Pro does not accept it and therefore the rule has to be created.

    AVG have failed to come back when this was pointed out to them but it has certainly disappointed me regarding this AV. I feel they are sending us to various servers and this is why Sygate does not trust the IP addresses unless it is specified within an Advanced rule.

    I hope this helps anyone else who has encountered this issue with AVG and Sygate Pro. It is the update exe in AVG that has caused the conflict :(
     
Loading...
Thread Status:
Not open for further replies.