W32.Sobig.2 mm and TDS-3

Discussion in 'Trojan Defence Suite' started by richrf, Jan 12, 2004.

Thread Status:
Not open for further replies.
  1. richrf

    richrf Registered Member

    Dec 11, 2003

    I just purchased the DiamondCS package and I think they are all wonderful products. So first I would like to say thank you for the products and your very valuable past support. :)

    I have a question regarding a copy of W32.Sobig.F that was able to enter into my machine.

    I run NAV and Wormguard at startup and I access my email from Yahoo via the Yahoo Web-based service with Netscape Navigator 7.1.

    Today, I ran TDS-3 as regular maintenance and it reported no problems. I then ran Norton Virus Scan with the latest updates and it reported that a copy of W32.Sobig.F was found in my Mozilla Cache as application.pif and it deleted it. I have two questions:

    1) Is this the type of virus that TDS-3 should be catching?

    2) How was this application.pif file able to get through if I am accessing all of my files via the Navigator Web Browser?

    I greatly appreciate any information that you can provide to me.

  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Feb 10, 2002
    Perth, Western Australia

    Generally Wormguard can help to stop a worm getting past your defences, but newer worms are proving harder to stop. The new version of Wormguard has been designed with recent attacks in mind and will be able to unpack some compressors to help its cause.

    TDS should detect the common worms, we do add detection for any we can when we receive them. If you still have a copy of this one please send it in. Sobig.F is a variant which is covered by TDS so perhaps it is a further variant which was repackaged by the author.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.