Prozer virus

Discussion in 'NOD32 version 2 Forum' started by DC, Aug 11, 2003.

Thread Status:
Not open for further replies.
  1. DC

    DC Guest

    Has a patch been made yet to kill the Prozer virus found by VET and Nortons this morning 12th August 2003. o_O
     
  2. Gray

    Gray Guest

    Is that the same as Lovsan (or Poza)? I'd like to know if NOD32 updates viruses by name as much as I found VET used to.
     
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Have a look at www.nod32.com, and click the "Win32/Lovsan.A" link - detection as of August 11th ;).

    regards.

    paul
     
  4. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    NOD removed this worm/virus for me.

    http://www.wilderssecurity.com/showthread.php?t=12348

    Do you need to install the Microsoft Patch if you have a firewall running?

    I do not have my firewall to run on startup, and with old age I sometimes surf the web without the firewall running as I have forgotten to enable!!

    I was probably originally infected in this way!

    Will a software firewall stop this infection?
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    >> I do not have my firewall to run on startup...

    Does your Internet connection startup automatically at boot? If it does and your firewall doesn't, then yes, you could get reinfected. The rate this new worm is sweeping its way around is rather impressive. I've seen as high as 3 attempts a minute at times.

    I would advise you to get all the patches regardless, and keep your firewall up. This one is very nasty.

    Ah, you edited... ;)

    Well, yes, a software firewall prevents the worm from exploiting RPC via TCP port 135. If you could ensure that your firewall will always be up, technically you could do without the patch. But, as you say, people forget sometimes.

    I almost forgot myself today... I do have my firewall start at boot up, but, I was fighting what looked to be a corrupt AV download, and I had disconnected and shut everything down trying to fix the AV defs when I said, wait let me just reconnect and grab another copy. A few seconds after connecting I realized I hadn't restarted my FW (since it was shutdown with everything else while troubleshooting) :eek:

    So, I decide a clean reboot and properly connecting with the FW in place was better than risking it. I disconnected immediately and did so.
     
  6. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Thanks Mike ;).

    I will follow your advice as usual.
     
  7. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    ... and I edited above, too. ;)
     
  8. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    I checked back, Mike :).

    Over the last 24 hours I was getting these error messages stating that my computer was due to shut down in a short period of time and Internet connection icon in the system tray would not shut down. My connection would therefore not manually shut down unless I rebooted the system!.

    I tried reverting back the Registry and other settings with WinRescue 2000 but to no avail!

    It was only when I installed and ran my little present from Wilders that the penny dropped!

    I have applied the patch, firewall is running and NOD has come up blank in the last full scan. Fingers crossed.
     
Thread Status:
Not open for further replies.