Hello Customers,
Please find below support newsletter for Home User &
Standalone installation for InVircible Anti-Virus software:
1.HOW TO RUN AUDIT INTEGRITY SCAN
2. FILE TEST FACILITY
3. OTHER MEASURES TO INCREASE YOUR PC'S SECURITY
4. INFORMATION FOR WINDOWS XP & ME USERS USING IV
5. AUDIT INTEGRITY SCAN SAYS MY FILES HAVE CHANGED IN SIZE??
6. RECENT THREATS
1.HOW TO RUN AUDIT INTEGRITY SCAN:
As long as the green IV is in the system tray next to the
time in the bottom right corner of the screen you are protected,
this is the realtime protection of IV. However, if you would
like to run an on demand scan the Audit Integrity Scan will
allow you to do. To run an Audit Integrity Scan:
1. Click on the green IV
2. Select Audit Integrity
3. Select Options, & select 'Ask on Each', select Ok.
4. Press Start to run scan.
2.FILE TEST FACILITY:
If you are unsure about a files nature you can now email
the file through to filetest@virusdefence.com.au
& an automated response will be sent out to you advising
of the result on the check of the file. Please don't hesitate
to give us a call, and discuss the findings, or questions
about the file.
3. OTHER MEASURES TO INCREASE YOUR PC'S SECURITY
Along with the use of IV some other steps to increase the
overall of your pc are:
*Open up internet explorer, select Tools (at the
top of the screen), select Tools, Internet Options, Advanced,
under Security, select Empty Temporary Internet Files when
browser is closed, and press Apply. Many dubious files are
written to the temporary internet files folder when you
are viewing websites unknowingly to the user by doing this
you will increase you security dramatically.
*Click on Microsoft Start button, select Programs,
Accessories, System Tools, Disk Cleanup. Disk Cleanup will
remove all temporary files from your pc along with temp
internet files this will not only free up valuable space
on your pc which is great for the health of it, but also
remove many files from common areas for dubious files to
reside.
* Updating Internet Explorer: Many viruses these
days exploit vulnerabilities within Internet Explorer. I
would suggest to update to Internet Explorer 6.0 as it's
the most secure browser of IE sort this is available from:
http://www.Microsoft.com/windows/ie/downloads/critical/ie6sp1/default.asp
4. INFORMATION FOR WINDOWS XP & ME USERS USING IV
Windows XP and Millenium Edition use a system restore feature
that allows the reverting of the system to a previous state,
by reinstating files from an indexed backup, known as 'restore
points'. When enabled, 'system restore' keeps track of changes
in files by storing 'restore points' in a special system
directory labelled _RESTORE.
The restore image files under _RESTORE do not keep their
original name, but are referred to by their index instead.
This may create InVircible false alarms. To explain the
issue, suppose that a file named Benign.exe caused an IV
false alarm, and you added 'Benign.exe' to the executables
exclude list, under IV options. Benign.exe will eventually
be imaged by 'system restore' and will be given an index
name.If the image file is now accessed by Interceptor, for
whatever reason, then it will flag it as potentially infected
since Interceptor will not recognize the file with the index-name
as being part of the exclude list. To work-around this problem,
you may:
*Ignore the false alarm, if certain that it's caused by
the excluded file.
*A safer approach is to discard the image file from the
system restore database. Disable 'system restore' as explained
in article http://www.virusdefence.com.au/news/systemrestore.asp,
and remove the image file by aid of the IV Audit & Integrity
program. Deleting an application's restore point won't affect
its functionality.
5. AUDIT INTEGRITY SCAN SAYS MY FILES HAVE CHANGED IN
SIZE??
Occasional reports of changed files are normal as part
of the day to day operations of the pc, provided the change
pattern isn't consistent. InVircible discriminates between
viral changes and legitimate replacement of programs with
new versions. IV will then automatically update its integrity
signatures database. In few cases, user intervention is
required to resecure programs that IV won't resecure automatically.
Resecuring programs is easy through the IV menu shell (run
IV.EXE from the Start/Run menu dialog box of your Windows
desktop). With IV's directories tree, first select the directory
that contains the program to resecure, then press Enter
and select the "Secure" option from the menu.
6. RECENT THREATS
*PALYH WORM:Palyh, also named Mankx and Sobig.b
by various AV producers, was discovered on May 18, '03,
and became widespread in a matter of days.
Distribution: The Palyh worm is a mass-mailer, distributed
as e-mail attachment, using a PIF extension, and pretending
to be sent from support@microsoft.com. When the attachment
is opened, the worm attempts to install its driver to Windows'
startup queue, as Msccn32.exe. The attempt is blocked
by InVircible. On an infected PC, the worm copies itself
to all shared resources where there is "write"
permission. Palyh life ends on May 31, '03, when it stops
sending itself as mass-mail.
http://www.virusdefence.com.au/news/palyh.asp
*FIZZER WORM: The Fizzer worm was discovered on May
8, '03 and is now one of of the most common malware. Fizzer
is a mass-mailer that has multiple plug-ins:
*It contains a backdoor that communicates through mIRC,
to alert a remote hacker of its presence on a particular
machine.
*It has a keylogger that captures the keying of sensitive
data, such as user-name and password pairs, logs them to
a file, and can transmit them on request.
*It attempts to spread through the Kazaa file-sharing network.
*It deactivates background anti-virus protection by terminating
their processes.
Fizzer drops the file ISERVC.EXE to the windows folder.
Fizzer spreads as an e-mail attachment, using COM, EXE,
PIF, or SCR as extension. On an infected computer, Fizzer
will locate the KaZaA shared folder, replace files with
itself, and modify the extension name of the replaced files
by adding to their name an executable second suffix. For
example, an MP3 file will change to MP3.EXE, to deceit an
unaware downloader. Fizzer will install when the infected
e-mail attachment is opened, or by attempting to play the
bogus Kazaa download. Fizzer will then copy itself as Iservc.exe
to Windows, and attempt to install itself to the startup
queue. Both attempts are intercepted by InVircible and
reverted, failing Fizzer to install.
http://www.virusdefence.com.au/news/fizzer.asp
If we can be of any further assistance please don't hesitate
to contact us.
Best Regards,
Support Team
Virus Defence Bureau
2 Atherton Road
Oakleigh VIC 3166
Phone: (03) 9569 8848
Fax: (03) 9569 8858
support@virusdefence.com.au
www.virusdefence.com.au
"Advanced Software Technology to keep your site
secure"
Back
