Hack 70 Antivirus FAQ

 < Day Day Up > 

figs/beginner.gif figs/hack70.gif

Rod Trent of myITforum .com, shares his answers to some frequently asked questions on the subject of virus protection .

As CEO of myITforum.com (http://www.myitforum.com) and author of several white papers on security topics, I frequently get questions on protecting Microsoft platforms from viruses, worms, and other threats. Here's a short selection of some questions and my answers. By the way, you can find lots of additional information about protecting your networks at myITforum.com.

Is It Real or a Hoax?

Q: How can you tell whether a virus threat is real or just a hoax?

A: Keep the following links handy the next time a user sends you an email saying that one of their AOL buddies alerted them to a new and threatening virus. These links should be your first line of defense when a new virus is reported in the wild:

CERT Institute (http://www.cert.org)
McAfee's Virus Hoaxes (http://vil. mcafee .com/hoax.asp)
Symantec's Hoax Page (http://www. symantec .com/avcenter/hoax.html)
TrendMicro Hoax Page (http://www.antivirus.com/vinfo/hoaxes/hoax.asp)
Sophos' Hoax Page (http://www. sophos .com/virusinfo/hoaxes/)
Virus Busters (http://www.itd.umich.edu/virusbusters/)
Virus Myths (http://www.stiller.com/myths.htm)
Hoax Warnings (http://www.europe.datafellows.com/news/hoax.htm)

Disabling Antivirus Programs Is Not Enough

Q: How can I disable my antivirus software temporarily when I need to troubleshoot some problem on my system?

A: Occasionally, you might be forced to disable antivirus software temporarily to troubleshoot problems with applications, printing, or the OS itself. On Windows 2000 computers, just shutting down the virus engine service is not enough to disable it temporarily. You also have to disable the device drivers associated with the antivirus software.

Here's how to temporarily disable popular antivirus products on Windows 2000. Right-click on My Computer and select Properties. Click the Hardware tab and click the Device Manager button. Click the View menu and click Show Hidden Devices. Now, expand Non-Plug and Play Drivers to find the Antivirus drivers on your system. Right-click on the correct driver and click Disable.

Table 8-1 identifies the names of the device drivers that correspond with products from popular antivirus software vendors. Note, however, that the device drivers for each application can change, so be sure to verify these device drivers at the appropriate vendors ' web sites.

Table 8-1. Device drivers for antivirus software products

Vendor

Device drivers

Symantec

symevent.sys

McAfee

NaiFiltr and NaiFsRec

Norton

NAVAP , NAVENG , and NAVEX15

Inoculan

INO_FLPY and INO_Fltr

Kernel32.exe Has Encountered a Problem

Q: I get an error message saying that Kernel32.exe is encountering a problem. Is that a system glitch or a virus?

A: If you receive error messages about Kernel32.exe encountering a problem, you need to update your antivirus program, because Kernel32.exe is not a Microsoft file (though Kernel32.DLL is). So, if you see this error message, quickly update your antivirus program and attempt to fix the virus outbreak on the computer.

This issue can occur if your computer is infected by one of the following viruses: Worm_Badtrans.b, Backdoor.G_Door, Glacier Backdoor, Win32.Badtrans.29020, W32.Badtrans.B@mm, and Win32/PWS.Badtrans.B.Worm.

Stinger Tool

Q: Is there a virus-removal tool that can remove multiple viruses, instead of the single tools offered by vendors?

A: On the McAfee help forums, you'll find information on a removal utility called Stinger. This tool is constantly updated to include new removal information for new viruses. You can find more information about Stinger at http://forums.mcafeehelp.com/viewtopic.php?t=764, and you can download the tool from http://vil.nai.com/vil/stinger/.

Rod Trent

 < Day Day Up > 


Windows Server Hacks
Windows Server Hacks
ISBN: 0596006470
EAN: 2147483647
Year: 2004
Pages: 163
Authors: Mitch Tulloch

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net