Virus in newsgroup dbx?

Virus in newsgroup dbx?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Virus in newsgroup dbx? Marek Kalisz 09-27-2006
Posted by Marek Kalisz on September 27, 2006, 6:31 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
My AV founded a virus in some message in the group (or, at least, in this
group dbx): microsoft.public.windowsxp.help_and_support

Generic.Botget.C7C6EB6C.Generic.Botget.ABF6C813

So, after initial quarantining, I had to delete this group dbx and
reconstruct it from scratch (download all). But... Isn't this strange?
All messages are scanned, right?
Marek Kalisz



Posted by David H. Lipman on September 27, 2006, 6:41 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| My AV founded a virus in some message in the group (or, at least, in this
| group dbx): microsoft.public.windowsxp.help_and_support
|
| Generic.Botget.C7C6EB6C.Generic.Botget.ABF6C813
|
| So, after initial quarantining, I had to delete this group dbx and
| reconstruct it from scratch (download all). But... Isn't this strange?
| All messages are scanned, right?
| Marek Kalisz
|

It is kind of too late now. You could have excluded the DBX file and based upon
the LOG
entry, just removed the supposedly malware hosting News Post.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by Charlie Tame on September 30, 2006, 1:10 am
If you were  Registered and logged in, you could reply and use other advanced thread options

> My AV founded a virus in some message in the group (or, at least, in this
> group dbx): microsoft.public.windowsxp.help_and_support
>
> Generic.Botget.C7C6EB6C.Generic.Botget.ABF6C813
>
> So, after initial quarantining, I had to delete this group dbx and
> reconstruct it from scratch (download all). But... Isn't this strange?
> All messages are scanned, right?
> Marek Kalisz


Several things here.

First, when doing real time scanning you do NOT want your AV program to
include .dbx files, if this had been a mail folder like inbox.dbx you would
have lost email messages that are probably not recoverable. The .dbx files
are data stores and are not executed unless you actually execute the malware
while viewing it in Outlook Express. The AV will detect the signature but
can only remove the whole file, it cannot read it like OE does and remove
the bad message.

Scanning emails is a bad thing with OE, sooner or later OE will get upset
about it and you will get a damaged .dbx file. You AV real time scanning
will protect you just as well if a virus tries to execute. If it doesn't see
the virus then it won't see it when scanning emails so you gain nothing but
increase the risk of damage.

I don't know of any AV that scans newsgroup messages. The convention with
groups such as these is to avoid using active content like HTML and post in
plain text. Also, unless there is some useful advantage in using an
attachment (A helpful picture maybe) attachments are discouraged. It would
generally be better to post a link to a picture on the web if possible.


--
Still the best sites for OE details
http://www.insideoe.tomsterdam.com/
http://www.oehelp.com/

Charlie



Posted by Marek Kalisz on September 30, 2006, 1:17 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Thanks. I again learned something new.
As my late father used to say: Until you still can learn you are nor dead
yet...
Marek Kalisz

>
>> My AV founded a virus in some message in the group (or, at least, in this
>> group dbx): microsoft.public.windowsxp.help_and_support
>>
>> Generic.Botget.C7C6EB6C.Generic.Botget.ABF6C813
>>
>> So, after initial quarantining, I had to delete this group dbx and
>> reconstruct it from scratch (download all). But... Isn't this strange?
>> All messages are scanned, right?
>> Marek Kalisz
>
>
> Several things here.
>
> First, when doing real time scanning you do NOT want your AV program to
> include .dbx files, if this had been a mail folder like inbox.dbx you
> would have lost email messages that are probably not recoverable. The .dbx
> files are data stores and are not executed unless you actually execute the
> malware while viewing it in Outlook Express. The AV will detect the
> signature but can only remove the whole file, it cannot read it like OE
> does and remove the bad message.
>
> Scanning emails is a bad thing with OE, sooner or later OE will get upset
> about it and you will get a damaged .dbx file. You AV real time scanning
> will protect you just as well if a virus tries to execute. If it doesn't
> see the virus then it won't see it when scanning emails so you gain
> nothing but increase the risk of damage.
>
> I don't know of any AV that scans newsgroup messages. The convention with
> groups such as these is to avoid using active content like HTML and post
> in plain text. Also, unless there is some useful advantage in using an
> attachment (A helpful picture maybe) attachments are discouraged. It would
> generally be better to post a link to a picture on the web if possible.
>
>
> --
> Still the best sites for OE details
> http://www.insideoe.tomsterdam.com/
> http://www.oehelp.com/
>
> Charlie
>



Posted by Charlie Tame on September 30, 2006, 1:45 am
If you were  Registered and logged in, you could reply and use other advanced thread options
That is what the groups are for, and you will sometimes get different
opinions because we all use our machines for different purposes, sometimes
there is no "Right" solution, you're welcome.

Charlie

> Thanks. I again learned something new.
> As my late father used to say: Until you still can learn you are nor dead
> yet...
> Marek Kalisz
>
>>
>>> My AV founded a virus in some message in the group (or, at least, in
>>> this group dbx): microsoft.public.windowsxp.help_and_support
>>>
>>> Generic.Botget.C7C6EB6C.Generic.Botget.ABF6C813
>>>
>>> So, after initial quarantining, I had to delete this group dbx and
>>> reconstruct it from scratch (download all). But... Isn't this strange?
>>> All messages are scanned, right?
>>> Marek Kalisz
>>
>>
>> Several things here.
>>
>> First, when doing real time scanning you do NOT want your AV program to
>> include .dbx files, if this had been a mail folder like inbox.dbx you
>> would have lost email messages that are probably not recoverable. The
>> .dbx files are data stores and are not executed unless you actually
>> execute the malware while viewing it in Outlook Express. The AV will
>> detect the signature but can only remove the whole file, it cannot read
>> it like OE does and remove the bad message.
>>
>> Scanning emails is a bad thing with OE, sooner or later OE will get upset
>> about it and you will get a damaged .dbx file. You AV real time scanning
>> will protect you just as well if a virus tries to execute. If it doesn't
>> see the virus then it won't see it when scanning emails so you gain
>> nothing but increase the risk of damage.
>>
>> I don't know of any AV that scans newsgroup messages. The convention with
>> groups such as these is to avoid using active content like HTML and post
>> in plain text. Also, unless there is some useful advantage in using an
>> attachment (A helpful picture maybe) attachments are discouraged. It
>> would generally be better to post a link to a picture on the web if
>> possible.
>>
>>
>> --
>> Still the best sites for OE details
>> http://www.insideoe.tomsterdam.com/
>> http://www.oehelp.com/
>>
>> Charlie
>>
>
>



Similar ThreadsPosted
Earthlink Newsgroup Difficulty and My Recent Post on Magic Mail December 13, 2006, 12:01 pm
HELP: Virus is preventing me from installing anti virus software!! January 11, 2007, 2:17 am
I have a virus that uses "anti virus software" downloads as a cover up March 24, 2007, 1:40 pm
I have a worm or virus that does not allow me to go to ANY anti-virus website January 28, 2006, 10:29 pm
Caught a Virus: Virus:Trj/Shutdown.Z -- need advice June 13, 2007, 12:59 am
Vundo fix not finding vundo virus - windows tool deletes virus May 14, 2008, 2:06 pm
Does anybody know what virus i've got? July 5, 2005, 8:23 am
New Virus? July 6, 2005, 11:22 am
virus July 19, 2005, 12:20 pm
Virus help August 8, 2005, 10:34 am

The site map in XML format XML site map

Contact Us | Privacy Policy