Kevin Groat

Before the mods delete this question, nowhere do I advocate file downloading/uploading and nor do I suggest I've ever done such a thing - after all, there have been threads on here discussing firearms and the mods didn't delete these because they can be used to kill people

Okay, I've had Imesh installed for quite some time and in general not had any problems. But, recently started using a newly configured laptop and it developed a virus or two. I'm using Mcafee and a Sygate firewall but had switched off the firewall and only discovered the viruses when I tried to restart the firewall (wouldn't start, locked out of Regedit). Would the virus have sneaked past McAfee with the firewall down or would it have come via Imesh (because firewall down?). Rebuilt lappy and wondering if I should install Imesh again - probably will anyway
Looking for some experienced techy advice, could do without the usual p2p scaremongering as I've had it installed for ages on my desktop without any probs.

Thanks

JackClark

The name of the virus would be a great help. Also the version of the McAfee DAT files and Engine you were using at the time.

Chris L

The viruses could have come from anywhere, but I know what my money would be on. As Jack says, we'll need more details to have any chance of finding out what's wrong.

Also - why did you disable your firewall?

Chris

Kevin Groat

ntsys32.exe and musirc4.72.exe are the offending items. McAfee wasn't latest vesion but no more than 2 months old. Disabled the firewall as I couldn't connect to an IP address and I thought it may be the firewall as I'm used to Zonealarm

Thanks

JackClark

On an average month we recieve around 750 new threats. Even being a week out of date leaves a huge hole. I'd suggest updating and keeping things that way. It sounds like you were a victim of one of the Sdbot family, this would most likely have been a file downloaded from an untrusted source.

Kevin Groat

Thanks Jack - just to try and understand, if my protection was up to date and everything working as it should, could the virus sneak in through IMESH undetected or would McAfee find it as it downloaded/arrived?

Kevin.

JackClark

We would not have allowed you to execute the infected program.

Nick

2 MONTHS!!!!

Chris L

Just to expand on what Jack has said. If the infection came via a trusted source, then, even if your firewall was operating correctly, it is possible that the file would have actually been received. Basic firewalls for home use wouldn't have stopped it. As JC said, a good AV system would actually stop the payload from activating and installing.

If you are also treating your internal connections as untrusted, then in theory the firewall, had it been operating, would have flagged up a new outgoing connection if the virus had installed and activated - bypassing the AV. If the virus had attaempted an outgoing connection using a standard port (such as HTTP - port 80) then it is unlikey that the firewall would have flagged this up. The deep inspection engines used by commercial firewalls such as Netscreen and Check Point may have stopped this - but then you are unlikey to have these running at home.

Jack can probably confirm this, but most AV systems tend to have some form of intelligence to detect virus-like activity - even if they don't have an actual signature file for the virus. It would be interesting to know if your AV software flagged up any kind of warning.

Some of the P2P warnings may be scaremongering, but there is a very real threat. I deal with large corporates with considerable budgets and large amounts of advanced security equipment who are struggling to cope with this kind of stuff, so it is most definetly a threat to the average home user.

JackClark

Correct Chris, most - but not all - Antivirus Software can detect some viruses or variants of viruses before they've even been written. I'm at home right now - well the sun is shining - so can't check with the labs, but I'm pretty sure that we - McAfee -have a generic driver for the virus mentioned above. But, it may not have been released 2 months ago.

As a company we're heading towards Intrusion Prevention, the numbers are just too great for us to carry on with current methods. Luckily this is something we've been experimenting with for years, other vendors might not be as fortunate. The technology has already entered our corporate software and will be on our home users desktops next year. Reports so far are very positive.

Chris L

Good to know Jack

Kevin Groat

Thanks folks.
Nick, it's an old laptop that I just use for email and web access. The virus was a minor inconvenience, nowt of importance stored on it. Reformatted and reinstalled everything in under two hours. We do have desktops that my wife uses for her business and these are updated weekly - if we lost one of these we'd be in the ****.
Jack, must keep a look out for the new McAfee technology - I'm a corporate user as well

JackClark

Version 8i is the one you want.