1 reply to this topic

[SmokeyPW]

I was infected with this worm over the past weekend and within days it had corrupted a huge amount of .exe files.

I have Norton Anti Virus 2004 installed with the latest virus definitions, yet following the instructions posted on their website, it was unable to remove the virus.

What is more odd is that this worm takes advantage in a security flaw over 2 years old in XP. I had all the latest updates, SP2 etc installed.

I turned off system restore, rebooted in safe mode and completed a full virus scan. If AV detected the virus it would repair or delete, yet I would further get High Risk warnings through Norton on Normal boot that W32.Licus had infected ***.exe and it couldn't repair the file or access was denied.

I have a small home network that consists of 2 PC's and a Netgear Router BB Modem and built in Firewall. The other PC also installed with XP and Norton AV has had no infection.

How has this worm slipped through? And what can I do so that it doesn't happen again?

[LoPhatPhuud]

Most exploits today are packed in one or more of the available run time packing engines. Some use custom packers.

A file, heavily packed, may escape your AntiVirus detection until it actually executes. Also, your AV may not detect the particular packer used.

Norton's greatest weakness has been its weak coverage in the unpacker area. They have improved, but many products are superior.

To supplement your AV I suggest you run an AntiTrojan as well.


Finally, checkyour surfing habits. Many exploits are the result of human error.