| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 31873 | 2003-04-03 02:46:00 | W32.Frethem virus - puzzle | Jen C (20) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 133054 | 2003-04-03 02:46:00 | Much to my horror I just had NAV give me my first virus alert with W32.Frethem.Gen@mm. The puzzle is that the file infected was my CrazyBrowser.exe (internet browser). Reading the info on Symantec about this virus suggests that it arrives via emails: W32.Frethem is a family of mass-mailing worms which use their own SMTP engines to spread. They obtain email addresses from the Microsoft Windows Address Book and from .dbx files. They retrieve the infected computer user's SMTP server information from the registry. The worms then send themselves to all email addresses that they find in the Microsoft Windows Address Book and in .dbx files. They do not typically contain any type of malicious payload. I ran a full system scan last night with the latest definitions at that time and no infections were detected. The only emails received today are a couple of PF1 notifications. All my emails are automatically scanned by NAV as they arrive and leave. Looking in my sent folder shows no strange activity. Ten minutes before getting this virus alert, I had run live update to get the defs released today. So how did this virus get onto my PC and why was my CrazyBrowser infected with it? Perhaps this is a new variant? Being new at dealing with viruses I don't know what to make of all this ?:|. I would like to know how I came by this infection to ensure I don't get a repeat performance. Does anyone have any suggestions? Thanks Jen PS* The PC is squeaky clean again, but my CrazyBrowser no longer works (will download another copy) |
Jen C (20) | ||
| 133055 | 2003-04-03 03:11:00 | > So how did this virus get onto my PC and why was > my CrazyBrowser infected with it? > > Perhaps this is a new variant? yes - You've just been infected with the latest variant of a virus - It begins from your PC, being created out of sheer will of your PC to get back at your for all those times that you turned it off without shutting it down properly! It will infect the PC's of all your loved ones and the world will come to and end! No, not really, but my thoughts are that it may have been there for longer than just the one or two days... When did you last do a full system scan? But then again, isnt this a rather new variant? |
Chilling_Silence (9) | ||
| 133056 | 2003-04-03 03:13:00 | Jen C, Well these virii exploit a known issue in various mail systems etc... and you obviously have your AV setup to help combat them. Have a look at this article from Symantec on that particular virus variant W32.Frethem.G (www.symantec.com) for any further info on manual removal and checking. The Symantec virus database is helpful in showing what each virus can do and how to cleanup and/or combat them see Symantec Virus database (www.symantec.com). For McAfee the virii db is McAfee Virri DB (vil.nai.com) Babe. |
Babe Ruth (416) | ||
| 133057 | 2003-04-03 03:16:00 | Hmmmm - an update on the virus situation ....... I just downloaded a new copy of CrazyBrowser and during installation NAV leaped up and shouted "W32.Fretham.Gen@mm" again. I aborted the installation. Perhaps something in the CrazyBrowsers programming is similar to what NAV *thinks* is a virus. It must be included in the latest NAV definitions. Does anyone else using CrazyBrowser and NAV get this occuring? |
Jen C (20) | ||
| 133058 | 2003-04-03 03:20:00 | Thanks Babe and Chilling for your comments. Chilling - did a full system scan using NAV 2003 only 12 hours ago (with the then latest defs) BabeRuth - I looked at the Symantec site straight away and did following their instructions for using the fixtool. Strangely enough, the logs of the fix tool declared that it could find no such virus?!? Cheers Jen |
Jen C (20) | ||
| 133059 | 2003-04-03 09:35:00 | Well I have been mulling all afternoon over my CrazyBrowser and its recently departed friend, and having re-scanned my PC another dozen times and still getting the all clear, I tried to re-install CrazyBrowser again. This time it installed smoothly with no NAV leaping up and down :-). What I did differently this time was to run Nortons One Button Checkup first which detected and fixed several registry errors all relating to CrazyBrowser. It is scary that an up to date virus system (and firewall) can still let a virus past its frontline defences and get as far as infecting a file (my browser) without catching it as it initially entered the system. I am relieved that at least NAV grabbed it straight away when it activated and before it could do anything nasty (apart from upset me :-() However, having lost my smug "never been infected status", my paranoia has now settled and I have decided that it is not necessary to run scans every 20 minutes "just-in-case" and will carry on with the same sensible precautions as before (fingers/toes crossed). :D Thanks Jen :-) |
Jen C (20) | ||
| 133060 | 2003-04-03 11:30:00 | Hi Jen, You've got to always remember that there is a period were a virus is in the wild without anyone being aware of it. Once it has been discovered the anti-virus vendors still need to create their fix and then you need to update the anti-virus files on your PC. There was also a bit of a furor about a month back when it was discovered that one of the anti-virus vendors had released information and fixes for a new virus solely to their large corporate clients 24 hours before telling everyone else. A little something to make you sleep easier at night :) |
Gorela (901) | ||
| 1 | |||||