Virus

   / Virus
  • Thread Starter
#21  
Scruffy, I assume you know you're talking waaay outa my league. On that patch you mention disabling plug-ins; don't know if I'd want that. And now you talk about disabling Scripting Host and since I don't know what that is, what's the advantage or disadvantage of disabling it?

Bird
 
   / Virus #22  
Bird, You would want to load the patch Q290108 if you are running IE 5.0/5.5 SR1 (SP1), but NOT if you have loaded SP2. SP2 has the patch in it. SP2 is for both IE 5.0/5.5. The problem with SP2 is that it disables the plugins, and has no support for them. (M$ is running your life for you) This will not allow web pages to load fully, i.e. sound, etc may not work.
Bird, I can't give you an accurate discription of what the Scripting Host does, but everything works without it. All I can say is:
Disabling the scripting host will keep your system from automatically opening scripts up....thus protecting your system...as many virus can/will be embedded in same.
P.S. - I ain't claiming to be a wizard here, just trying to pass along helpful tips and info where I can. I have tried these out before passing them along, and they have worked for me. I have yet to get I virus on my systems, although my son had a hacker get to his before I got a firewall up on his system. I now have installed a hardware firewall (on router) and software firewall (ZoneAlarm), and knock on wood, combined with the other (small) steps, have been successful in preventing problems.

P.P.S. - Official explanation of the Scripting Host is: <font color=green> Windows Scripting Host, files and programs needed to write/edit Visual Basic programs.</font color=green> <font color=red>Ain't many of us gonna be doing that!</font color=red><P ID="edit"><FONT SIZE=-1>Edited by scruffy on 09/19/01 09:36 PM (server time).</FONT></P>
 
   / Virus #23  
Bird, you're way ahead of the average computer user today who run around every time they get a virus warning telling everyone they know about the evil invasion about to take place. I have been in this business for over 20 years and people still don't get it. You are correct...over 90% of virus announcements are hoaxes. The right thing to do is to run virus software (Norton is my favorite too) and KEEP it updated. The more often, the better. If you do that consistently you can effectively ignore all the warnings, or go to Symantec like you have been to get the real scoop.

My Norton software pops up and tells me everytime there is an update available. It's been several times a day here lately. I click 'OK' every time. Easy painless and will keep you as safe as you can be. Next, always keep a backup of anything you don't want to lose. Make sure you get all of those Chalkley Cup photos on disk right away!
 
   / Virus #24  
TonyC, I've used Norton's for a few years now, but this latest go around has me concerned with it. (For my application personally that is) Norton's put out an update yesterday, and another today...for whatever reason, it tells me that everything is up to date today, and I do not get the update. Have you heard anything about their liveupdate site being slow?

NOTE: The e-mail attachment will open automatically under Microsoft's Outlook e-mail program if the program's security settings are at "low" and a security patch has not been installed. On PCs that don't use Outlook, the worm can still spread using its own e-mail engine, but it won't execute automatically.


<P ID="edit"><FONT SIZE=-1>Edited by scruffy on 09/19/01 09:51 PM (server time).</FONT></P>
 
   / Virus #25  
Scruffy, I've not heard anything about that nor have I ever had that happen to me. I would go to the website and shoot them an e-mail just to be sure.
 
   / Virus #26  
Norton's been acting a little 'off' since the last reload, I suspect something ain't tweaked right. I think I'll do the old remove and reload trick on it. It has been a little 'concerning' since all the virus bit has been going on.
 
   / Virus #27  
Well I spent the entire day fighting Nimda. Apparently the only machine infected was our Windows 2000 Server whose main function is an an email server. It runs IIS and I think it was infected just for being connected to the internet via T1. Its a security issue that I downloaded a patch for. There is also a security issue with Internet Explorer, and you should update to Service Pack 2 of either 5.01 or 5.5 I understand. ANY PC using IE can get this virus just by browsing infected websites. The third way is via email, and even then there are cases where there is no attachment and the worm can be spread by simply reading the email. Other computers with shares on the network can get the virus too.

This is a bad dude in terms of difficulty. I tried every known virus protection vendor to try and get rid of the infected files and the overall effect. I made the patches, I isolated the server from the rest of the internet, I scanned and cleaned/deleted infected files until my scans of all the files indicate no infected files. Five minutes later I had 1200 infected files.

When I left the office at 8:30 tonight my last scan showed no infected files, so we'll see in the morning.

This is so new I don't think the virus protection vendors have quite figured it out yet.

I did order the server version of Symantec Virus Scan software today to try and prevent the problem in the future.

I took a tranquilizer when I got home tonight, and my BP was 168/108.

Alan L., TX
 
   / Virus #28  
AlanL, you're right about it being a 'bad dude' in terms of cleaning. It does reside in your temp files, and they should be deleted also. The AV folk have not yet discovered its full capabilities, but it does not (to my information) do more than get passed on to servers in IE. Upgrading to SP2 is NOT the answer, not if you want your plug-ins to work anyway. The upgrades take too many of the controls away from the user/sys admin. Personally, I will stay at 5.5 SP1, and add the necessary controls to corral the little bug.
You were wise to upgrade to the Enterprise version, it will provide much better service on your network.
NOTE: The Script Hosting software that I mentioned above is introduced in the IE 5.0/5.5 SP2 upgrade. If you decide to go that route, turn off the script hosting via the pathway described above.
 
   / Virus
  • Thread Starter
#29  
TonyC, every time I hear about a virus, I go to http://www.symantec.com/avcenter/hoax.html first to see if they have it listed as a hoax (something I learned from a nephew). And I do run "Live Update" on my Norton at least once a month. Sometimes I get a message from them that updates are available and sometimes I find it's downloading updates even though I haven't gotten any message from them. I've also ordered the new version of SystemWorks and their "firewall" but it hasn't arrived yet.

Bird
 
   / Virus
  • Thread Starter
#30  
Scruffy, I downloaded updates to Norton twice in one day when I heard about nimda. The first time I checked on it, their site said no virus definition available yet (I don't remember the exact wording), but there was some other updates that I downloaded. Later in the day they supposedly had an update for nimda, so I downloaded updates again. I didn't have any problem with it either time. Of course I don't know what it's doing other than downloading and installing updates, it says.

And I go to Windows Update at least once a month and download any "critical updates" and occasionally some of the "recommended updates".

Bird
 
You must log in or register to reply here.
 

Footer Links 1

Top