What's the best freeware antivirus utility?

The server av also keeps logs of all the machines' virus activities. In respect, the server av can remotely clean an infected machine and deliver removal tools, etc.

 

Whats wrong with avast? Our team uses it successfully

Ruben

 

Nothing wrong with Avast.
(I don't see any use detecting viruses in password protected archives
and I don't know if my AV does it...)

 

avast has passed 9 VB tests and failed in 18. also the heuristic protection is only available in the e-mail module. anyway if someone still likes it he/she can use it. some variants of worms like Netsky and Bagle arrive in password protected archives. so IF you want to detect it IN ADVANCE you'll have to use AVs like F-Prot. its upto you only.

 

Hi,

Sorry, but you never told us how you discovered that you had a Nimda-variant on your computer....
Maybe that is the first question to be answered...

Which program was telling you that you had a Nimda infection?
Was it updated with the latest definitions?

Second question: how did you clean your system from that Nimda?

Third question: why didn't NAV catch it?
Have you set up your NAV in the right way?
Did you have the latest definitions?
Nimda is not exactly a new infection...

 

Well, I realized that tftp.exe was running in my processes at least 14+ at a time. I also saw a file called tftp1465 in my IIS scripts folder.

Dunno why NAV didn't catch it. I think the tftp1465 file was something dropped after I got infected with the codered worm (before I got security utilities). I think when I cleaned codered, that didn't come off. Half of the Nimda variant was probably on my comp and someone was just trying to use it via my open port 80 on my router.

NAV is setup properly. Didn't change any of the settings really. My definitions are very up to date.

 

Hi,

I'm still not understanding it, sorry !

Now you're talking about codered, and that you were infected with that one.
How do you know, which program told you so?

Have you get to the site of your router and read all there is about it?
Sorry, I don't know anything about that router.
Is there maybe an issue about how it stores its password?

The Panda site has, if I remember me well, a file with which you can check/clean this on your system (system, not router).

 

Okay, I knew I got infected by codered because when I installed NAV, it told me perfectly that I had it without a problem. I installed NIS in response to the blaster worm.

CodeRed, or the hacker, apparently dropped a file called "tftp1232" into my scripts folder in IIS. Apparently since my router's port 80 was open (my router automatically opened it because it knew I was running a server), someone exploited my vulnerability and used that scripts file. That's when I noticed that there were at least 14+ processes entitled tftp.exe running when I checked my task manager. I checked my task manager because I thought that there was something suspicious going on because my computer kept on making noises here and there.

Using background knowledge of the Nimda variant, these symptoms helped me to determine that this virus was on my computer.

The weird thing is, which I haven't told you about, was I ran many Nimda removal tools and they could not find traces of the worm on my computer. So, I just deleted the scripts file, found a way to close my open port 80, and suped up security for IIS.

Not sure what you mean by password for my router. I have a Microsoft MN-500 router and I can't really do all the advanced stuff with it like choosing what ports to open and close. The only way I was able to close port 80 was to forward it to an inexistent IP address.

Hope this answers your questions!

 

mV




tftp1232....whatever made you think that was a virus

*************
in the firewall forum Mr. J Morris offer his imput......he, imo, is a highly respected person regarding firewalls.....if he said to me that my firewall was going to have a baby I would only ask if it were going to be twins.......
Also, the persons who responded to this particular thread are all experienced.....some very highly.......

Give this some thought

 

LOL SnowMan

-----

The problem could be, if I understood mVPstar now right, that he/she was not using an AV, got an infection on the PC, and then installed NIS/NAV...

If that is right, then we have a complete different situation.
Then there could be -in theory-, on an unprotected PC, all kinds of malware installed.
We simply don't know at the moment.
Maybe only an HijackThis log could tell the experts more...

 

JAN

LOL.....its the meds...LOL


Jan I did some searching an found one site...a college...where tftp1232
can be downloaded from as a program/file........as well as numerous other "tftp"

Your suggestion is by far the most wisest.....vM should post a hijackthis log............cause this thread is going nowhere an vM may not have peace of mind until the subject is cleared once and for all.....

 

COMMENT

there are TFTP SERVERS............apperantly the college mentioned above uses such a server.......the "numbers" following "tftp" appears to indicate a particular progam/file

 

http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html

Because I read about Nimda when it was first out. I suspected tftp%%%% because I had not seen that in my scripts folder until one day. I wasn't very good at security, much less IIS security when I got attacked by the CodeRed worm. When I installed NIS, then NAV prompted that I had been attacked by "Trojan.VirtualRoot". I realized I had CodeRed and I used Symantec's removal tool to get rid of it.

I realized that I had Nimda because of that suspicious tftp%%% file that I had not seen before in my IIS scripts folder. I then suddenly realized that my computer was making noise here and there when idle. That's when I decided to check the TaskManager to see what was running. There, I found at least 14+ processes entitled "TFTP.exe". To finally come up with my conclusion that I had possibly been attacked by Nimda, I checked for the last part of the infection, listed my Symantec's site, the jscript code that Nimda places on every site that it finds on the infected computer. Sure enough, I found that lurking on a few webpages on my computer. So, what more to explain, I had figured I had Nimda.

I can't really post the HiJack this log right now as I am not writing from my home computer. I will paste it as soon as I get home.

 

Hi

Been running Avast home edition for more than 7, months as far as
i am concerned it is a fine AV it has never let me down updates regular even has online help for free if needed, it scans just fine takes up very little system resources, i have run Norton and also AVG in the past.
As far as a free anti virus i would recommend Avast home Edition to anyone

regards stones

 

My HiJackThis Log:

 

Hi mVPstar,

May I please ask you to post your HijackThis-log in the "adware, spyware & hijack cleaning"-forum-section.

You can find the guidelines here

I'm sure that the experts will have a look there at your log !
You could add a link to this thread so they know about your problem.

Thanks
Regards, Jan.

 

Just wondering - what does avast claim to be??

 

A richly deserved compliment for JM.

 

Maybe this was what he was referring to from the website "You can expect 100% detection of In-the-Wild viruses (the ones what are really spreading amongst people) and very good detection of Trojan horses, all that with only a minimum number of false alarms." I don't know, just throwing it out there.

 

NFP not excludes AV but NIS have it( 2in 1). so far i have no prob with norton, but also had AVG free soft in my pc.