Hello worm experts, I have a question. I am trying out wormguard and it doesn't seem to be installing. When I click on install in the gui, a tab comes up which says "The file wguard.inf on DiamondCS WormGuard module is needed." The tab shows a location of C:\Wormguard. The only problem is that the file is not present in that directory. So, I don't get the required protection. What do I do? I've been very satisfied with my other CS programs(TDS-3, process guard) for which I have full licenses, so decided to try Wormguard. I also have another motivation: I ran Ewido and it found an infected file. The data shown for that file is File: zip.exe Path: C:\WINDOWS Infection: worm.Alcaul.T The size is 124kb. Perhaps it's a false positive from Ewido? Don't know, so wanted to see what WormGuard will say. Any help will be appreciated. Thanks.
Hi, bluekey23 See if this link helps with your problem:- The file wguard.inf is needed Hope it is what you need in the way of help. Take Care, TheQuest
Hello, and in the meantime please submit the file to submit@diamondcs.com.au for Gavin expert advice! while we look at your problem. Did the other threads which TheQuest and D@C mentioned help already?
Hello All, Thanks for trying to help. First of all, I'm runing Winxp sp1. I followed the instructions at the link on the DS link(thanks Quest). That didn't work(had same problem). Downloaded the inf file from the DS page, dropped it into the wormguard directory. Tried again. Still no luck. Uninstalled the program, cleaned registry, tried fresh install. Before I ran wormguard after reinstalling, I made sure the inf file was in wormguard directory. Still no luck. Tried the instructions again from the DS link. Same results -same problem. Clicked "test" in the gui -no protection enabled. I have procguard installed and running. Could that be a conflict? If so, procguard isn't showing any warning. I'm baffled. Not sure what Jooske means by submitting file. What file should I send? This program obviously has some kind of bug that needs fiixing, as I have TDS-3 and procguard installed and have never had any problems. My original problem was trying to determine if the mysterious "worm.Alcaul.T" was a legitimate worm. Thought wormguard could provide some answers, but guess I'll have to wait.
I meant submitting the suspicious worm file. Fortunately it is in the TDS primaries list too so that's another way to detect it! Strange you had no luck with the remove/reinstall trick. could it be ProcessGuard is guarding too well and making installation of WormGuard difficult to impossible? Could it be ProcessGuard must be set temporary from protecting so WormGuard can install properly? EDIT: BTW: there is a new version WormGuard 4 in the build, no release date known yet. It will be all rebuild from scratch, new technologies included etc. Hope you do geth the current WG-3 working though; you'll be upgraded to version 4 anyway (free for registered users) once it's there.
Hello All, I finally got this to work and since it might help someone else, here is what I did. 1. Download the file wguard.inf from the DCS site. 2. Open up the Worm guard gui and click install 3. After the tab comes up saying wormguard needs the wguard.inf file open up the wormguard directory(in local disk C). Look to see if the inf file is in that directory. Most likely it won't be or otherwise the tab wouldn't have come up in the first place. 4. drop the inf file into the directory. 5. NOW click ok in the tab. Click test in the gui and voila. Now I'll send the mysterious file which Ewido says is a worm to DCS and see what they say. Since it's an exe file, I'm not going to mess with it until I hear from the worm experts. Curious to see what they have to say! Thanks again for your generous help.
Thanks for the description! What does your TDS say when testing the file? And www.kaspersky.com/remoteviruschk.html when you upload it there online, giving a scan result within seconds? Always nice to have several opinions! If you have Exec Protection installed TDS should block it too if malicious, as would WormGuard. Do you remember the origins of the file? At least it's location sounds suspicious to start with. You can always add an extra extension like *.tmp so it can't execute and soon enough you would get error messages if the file would be needed somewhere, waiting for expert advice.
Jooske, I submitted the file to DCS. It's a ligit file. Evidently, Ewido gave a false positive. Thanks so much for your help!
Ahhhhhh! that's real good news! So if it's part of a program now you can use it. Would be good to send a copy to Ewido too, so they can refine their database! I can feel your relief!
