Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Attack of the Viruses

Dec 12, 2003 12:55PM PST

I have an Athlon 1400 with 512MB memory running Windows 2000 Pro.

A few weeks ago my computer store had to reformat my hard drive twice and re-install my OS due to major damage caused by viruses (I was using PC-cillin 2003 as my virus checker). After I got my PC back I installed Norton AV 2003.
I have cable Internet and now it appears that whenever I am connected (not necessarily on any web site) Norton identifies a virus which ranges from all variations of Randex through IRC Trojan, Backdoor Roxy, Trojan Byte Verify etc.
I run Adaware, Spybot, Trojan Cleaner and a full Norton scan regularly and have Tiny Personal Firewall activated, but it is almost as if something in my PC is inviting these viruses in (fortunately Norton is picking them up and no damage has been done).
I now close my cable connection after doing my surfing and reading my mail to avoid these viruses (I use IE6 and OE6).
Have the number of virus attacks generally gone up or do I have some unique weakness in my system?

Discussion is locked

- Collapse -
Re:Attack of the Viruses
Dec 12, 2003 1:37PM PST
First, if you aren't running on a LAN (network), then you don't need to have a network service called "File and Printer Sharing" installed. It allows the "hole" whereby the infected files are being transferred to your computer. If you are on a LAN, then you need to create correct "permissions" for your shared drives/folders. If you are not on a network, please uninstall "File and Printer Sharing" like this:

Windows 2000/XP: Click on Start-Settings-Control Panel, (or Start-Control Panel in XP), then double click on the "Networks and Dial Up Connections" icon, then find your type of connection type being used currently, either "Local Area Network" or "Dial-Up", then RIGHT click on it, choose "Properties". You should then be able to see the network components that are installed on the computer. If "File and Printer Sharing for Microsoft networks" is listed, click once on it to highlight it, then click on the "remove" button.

If you are on a LAN and file sharing is required,(on Win95/98/ME computers) then double click on "My Computer" RIGHT click on the C drive, choose "Sharing" from the menu and type a password in the password lines. Click on Apply, then OK, etc. On Win2000/XP machines you will need to establish specific "permissions" for each shared drive/folder. Don't share the entire C drive, and by all means, don't allow "Full" permissions.
_________________

In addition, please run the free online scan from the link below, then download "The Cleaner" which is a free trojan scanner.

Panda Antivirus Online Scanner

"The Cleaner"
http://www.moosoft.com
- Collapse -
Thanks Grif
Dec 12, 2003 7:50PM PST

for your advice. I uninstalled the "File and Printer Sharing" network service, and ran the on-line virus scanner (no viruses). I already had The Cleaner installed and this had showed no trojans on previous runs.
I will see if the virus attacks now stop or slow down and give you some feedback in a few days.

- Collapse -
(NT) Good Luck & Glad It Helped !
Dec 13, 2003 3:45AM PST

.

- Collapse -
If it doesn't help...
Dec 13, 2003 3:35PM PST

check your security settings in IE, especially the "install on demand" stuff (don't allow it). Are you up to date on your Windows/IE patches to ensure that attachments can't autoexecute? For example, Trojan.ByteVerify uses an IE exploit that was patched a long time ago. If your PC is fully patched, then take note of which site(s) you're visiting when these things show up and don't go there anymore.

- Collapse -
Update for Keith and Grif
Dec 14, 2003 7:38AM PST

Thanks Keith (and Grif again) for your suggestions. I have the latest patches for Windows 2000 and IE6. As mentioned in my original post, the viruses would mostly appear when I had an open cable connection and with my browser not open (ie. not on any web site).
The good news, however, is that since I disabled File and Printer Sharing in network properties last Saturday afternoon (Melbourne Australia time) I have not had any viruses appear (Monday morning).
A secondary benefit, coincidental or not, is that my IE browser is now much more stable - I was getting a regular "IE has encountered a problem and needs to close" message, and also problems when clicking on links. In the same time frame, no such problems.

- Collapse -
(NT) Schokers, Thanks For The Feedback And Glad We Could Help !
Dec 14, 2003 9:11AM PST

.