Norton CE detects virus in C:\Recycler...

October 24, 2008

But there's nothing in C:\Recycler\...

I'm using the Corporate Edition of NAV on our Win2k Server based

network. It's an older version but it gets updates regularly. I'm not

really interested in discussing the merits (or lack thereof) of Norton

unless it directly involves my situation. I don't know, maybe NAV is

broken.

Norton is reporting that there is a virus found in my C:\Recycler\

(Win2k Pro). It says it's Trojan.Gernid and it's an .exe within a zip

file. I've researched what this virus is suppose to do but as far as I

can tell my computer isn't infected, other than the fact that Norton

says it's there.

The recycle bin is empty and I empty it on a semi-regular basis. A

manual scan shows nothing but every 10 minutes the virus history list

in NAV shows another instance of the virus.

Is NAV broken or is there something I haven't considered?

--

Jordon

October 24, 2008

From: "Jordon" <jordon.haguewood@gmail.com>

| But there's nothing in C:\Recycler\...

| I'm using the Corporate Edition of NAV on our Win2k Server based

| network. It's an older version but it gets updates regularly. I'm not

| really interested in discussing the merits (or lack thereof) of Norton

| unless it directly involves my situation. I don't know, maybe NAV is

| broken.

| Norton is reporting that there is a virus found in my C:\Recycler\

| (Win2k Pro). It says it's Trojan.Gernid and it's an .exe within a zip

| file. I've researched what this virus is suppose to do but as far as I

| can tell my computer isn't infected, other than the fact that Norton

| says it's there.

| The recycle bin is empty and I empty it on a semi-regular basis. A

| manual scan shows nothing but every 10 minutes the virus history list

| in NAV shows another instance of the virus.

| Is NAV broken or is there something I haven't considered?

| --

| Jordon

If it is there it is hidden.

Download MULTI_AV.EXE from the URL --

http://www.pctip.ch/ds/28400/28470/Multi_AV.exe

or

http://212.98.39.7/ds/28400/28470/Multi_AV.exe

http://www.pctip.ch/downloads/dl/35905.asp

or

http://212.98.39.7/downloads/dl/35905.asp

English:

http://www.raymond.cc/blog/archives/2008/0...virus-for-free/

To use this utility, perform the following...

Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }

Choose; Unzip

Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT

{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your

FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}

This will bring up the initial menu of choices and should be executed in Normal Mode.

This way all the components can be downloaded from each AV vendor's web site.

The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can

download the files and perform a scan in Normal Mode. Once you have downloaded the files

needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key

during boot] and re-run the menu again and choose which scanner you want to run in Safe

Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help

file.

Additional Instructions:

http://pcdid.com/Multi_AV.htm

Please report back your results

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

October 24, 2008

On Oct 24, 1:07Â pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>

wrote:

> From: "Jordon" <jordon.haguew...@gmail.com>

>

> | But there's nothing in C:Recycler...

>

> | I'm using the Corporate Edition of NAV on our Win2k Server based

> | network. It's an older version but it gets updates regularly. I'm not

> | really interested in discussing the merits (or lack thereof) of Norton

> | unless it directly involves my situation. I don't know, maybe NAV is

> | broken.

>

> | Norton is reporting that there is a virus found in my C:Recycler

> | (Win2k Pro). It says it's Trojan.Gernid and it's an .exe within a zip

> | file. I've researched what this virus is suppose to do but as far as I

> | can tell my computer isn't infected, other than the fact that Norton

> | says it's there.

>

> | The recycle bin is empty and I empty it on a semi-regular basis. A

> | manual scan shows nothing but every 10 minutes the virus history list

> | in NAV shows another instance of the virus.

>

> | Is NAV broken or is there something I haven't considered?

>

> | --

> | Jordon

>

> If it is there it is hidden.

>

> Download MULTI_AV.EXE from the URL --http://www.pctip.ch/ds/28400/28470/Multi_AV.exe

> orhttp://212.98.39.7/ds/28400/28470/Multi_AV.exe

>

> http://www.pctip.ch/downloads/dl/35905.asp

> orhttp://212.98.39.7/downloads/dl/35905.asp

>

> English:http://www.raymond.cc/blog/archives/2008/0...ur-computer-wit...

>

> To use this utility, perform the following...

> Execute; Multi_AV.exe { Note: You must use the default folder C:AV-CLS }

> Choose; Unzip

> Choose; Close

>

> Execute; C:AV-CLSStartMenu.BAT

> { or Double-click on 'Start Menu' in C:AV-CLS }

>

> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your

> FireWall to allow it to download the needed AV vendor related files.

>

> C:AV-CLSStartMenu.BAT -- { or Double-click on 'Start Menu' in C:AV-CLS}

> This will bring up the initial menu of choices and should be executed in Normal Mode.

> This way all the components can be downloaded from each AV vendor's web site.

> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

>

> You can choose to go to each menu item and just download the needed files or you can

> download the files and perform a scan in Normal Mode. Once you have downloaded the files

> needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key

> during boot] and re-run the menu again and choose which scanner you want to run in Safe

> Mode. Â It is suggested to run the scanners in both Safe Mode and Normal Mode.

>

> When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help

> file.

>

> Additional Instructions:http://pcdid.com/Multi_AV.htm

>

> Â Please report back your results Â

>

> --

> Davehttp://www.claymania.com/removal-trojan-adware.html

> Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp

NAV must be broken. I used your tool and scanned with multiple

scanners and

nothing was found. FWIW, you mentioned that "if it is there it must be

hidden".

You're referring to the hidden attribute? First thing I do after

installing an OS is

to turn on viewing of system and hidden files.

--

Jordon

October 24, 2008

From: "Jordon" <jordon.haguewood@gmail.com>

| NAV must be broken. I used your tool and scanned with multiple

| scanners and

| nothing was found. FWIW, you mentioned that "if it is there it must be

| hidden".

| You're referring to the hidden attribute? First thing I do after

| installing an OS is

| to turn on viewing of system and hidden files.

| --

| Jordon

First off you have to view outside of Explorer.

Download and run Gmer

http://www.gmer.net/index.php

Let's see if you have a RootKit causing this issue.

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

October 25, 2008

Just a shot.

Is it in the Norton Recycle Bin by any chance

--

Peter

Please Reply to Newsgroup for the benefit of others

Requests for assistance by email can not and will not be acknowledged.

"Jordon" <jordon.haguewood@gmail.com> wrote in message news:70a49c31-6e12-4994-8511-8de78c062ded@v22g2000pro.googlegroups.com...

> But there's nothing in C:Recycler...

>

> I'm using the Corporate Edition of NAV on our Win2k Server based

> network. It's an older version but it gets updates regularly. I'm not

> really interested in discussing the merits (or lack thereof) of Norton

> unless it directly involves my situation. I don't know, maybe NAV is

> broken.

>

> Norton is reporting that there is a virus found in my C:Recycler

> (Win2k Pro). It says it's Trojan.Gernid and it's an .exe within a zip

> file. I've researched what this virus is suppose to do but as far as I

> can tell my computer isn't infected, other than the fact that Norton

> says it's there.

>

> The recycle bin is empty and I empty it on a semi-regular basis. A

> manual scan shows nothing but every 10 minutes the virus history list

> in NAV shows another instance of the virus.

>

> Is NAV broken or is there something I haven't considered?

>

> --

> Jordon

>

October 25, 2008

Should we be suspicious?

"Peter Foldes" <okf22@hotmail.com> has recently said..

"You should see my W2K3 Enterprise Sever boot. From cold boot to fully

loaded Desktop 46 seconds including LAN connection"

(his mis-spelling of 'Server')

Wikipedia tells me ( http://en.wikipedia.org/wiki/Enterprise_Server )

"An enterprise server is a computer system which performs an essential

service for a large organization. Examples include corporate web servers,

print servers, and databases. A key feature distinguishing an enterprise

server is that even a short-term failure can cost more than purchasing and

installing the system. For example, it may take only a few minutes' down

time at a national stock exchange to justify the expense of entirely

replacing the system with something more reliable."

Perhaps that isn't true.

Mr Foldes has also previously advised that he has a T3 Connection.

Detailed/Technical DS3-T3 Definition

http://www.realtimet1search.com/news/article_282.php which mentions:

"Who uses DS-3s? Companies who host high traffic web sites, support web

hosting, and need high capacity bandwidth on an as-needed basis. Also

universities/colleges, government offices, and high volume call centers. A

full DS3 can accommodate many simultaneous users depending on the

requirements of the business. Generally a DS3 line is installed as a major

networking channel for large corporations or universities with high volume

network traffic. This is an always-on, high-speed connection that provides a

dedicated, stable and reliable link to the Internet, and can support up to

500 or more computer users."

I still can't help wondering who he really is ............ and what he

actually does.

Does anyone reading here know - or care?

Surely someone 'out there' must be curious too!

--

October 25, 2008

Re: Should we be suspicious?

LOL David. Does my posting properties suggests otherwise ? Or is it faked according to you.

I will ask you very nicely and politely David. Can you stop with your childish and unintelligent postings. Be a man and not a 8 yr old running to mommy and daddy.

--

Peter

Please Reply to Newsgroup for the benefit of others

Requests for assistance by email can not and will not be acknowledged.

"~BD~" <~BD~@no.mail.afraid.com> wrote in message news:uSamAynNJHA.588@TK2MSFTNGP06.phx.gbl...

>

> "Peter Foldes" <okf22@hotmail.com> has recently said..

>

> "You should see my W2K3 Enterprise Sever boot. From cold boot to fully

> loaded Desktop 46 seconds including LAN connection"

>

> (his mis-spelling of 'Server')

>

> Wikipedia tells me ( http://en.wikipedia.org/wiki/Enterprise_Server )

>

> "An enterprise server is a computer system which performs an essential

> service for a large organization. Examples include corporate web servers,

> print servers, and databases. A key feature distinguishing an enterprise

> server is that even a short-term failure can cost more than purchasing and

> installing the system. For example, it may take only a few minutes' down

> time at a national stock exchange to justify the expense of entirely

> replacing the system with something more reliable."

>

> Perhaps that isn't true.

>

> Mr Foldes has also previously advised that he has a T3 Connection.

>

> Detailed/Technical DS3-T3 Definition

> http://www.realtimet1search.com/news/article_282.php which mentions:

> "Who uses DS-3s? Companies who host high traffic web sites, support web

> hosting, and need high capacity bandwidth on an as-needed basis. Also

> universities/colleges, government offices, and high volume call centers. A

> full DS3 can accommodate many simultaneous users depending on the

> requirements of the business. Generally a DS3 line is installed as a major

> networking channel for large corporations or universities with high volume

> network traffic. This is an always-on, high-speed connection that provides a

> dedicated, stable and reliable link to the Internet, and can support up to

> 500 or more computer users."

>

> I still can't help wondering who he really is ............ and what he

> actually does.

>

> Does anyone reading here know - or care?

>

> Surely someone 'out there' must be curious too!

>

> --

>

>

October 25, 2008

Re: Should we be suspicious?

"Peter Foldes" <okf22@hotmail.com> wrote in message

news:eXm3xKpNJHA.3640@TK2MSFTNGP02.phx.gbl...

LOL David. Does my posting properties suggests otherwise ? Or is it faked

according to you.

--

Peter

>

Thank you for responding, Peter Foldes (aka Derek Feldman? - hence

registration at Annexcafe as 'Derek'?)

I have not suggested the faking of anything. I do not have the skill to know

(as you have told me many times!). However, there may be others here who

may be able to determine if all is not exactly as it should be. You have

made mistakes before!

So - here are the full Headers of your two recent messages for others to

look at - and maybe comment upon thereafter: There will be some here who

remember 9/11 ......... and that maybe folk should have asked more questions

beforehand. I seek only the truth. A private email to explain who you are

and what you do, had you sent same nearly three years ago, would have made

posts such as this one, in the public domain, totally unnecessary. It has

been your choice (and right) to remain silent, but this is no game.

Subject: Re: XP versus Vista?

From: "Peter Foldes" <okf22@hotmail.com>

Date: Thu, 23 Oct 2008 09:37:53 -0400

Message-ID: <1224769069_32811@pegasus.annex.net>

References: <1224589399_22182@pegasus.annex.net>

<1224736399_31974@pegasus.annex.net>

Bytes: 4105

Lines: 105

NNTP-Posting-Host: 69.70.248.208

Path: pegasus.annex.net!not-for-mail

Newsgroups: annexcafe.uk.general.user2user

X-Authenticated-User: Derek

X-Trace: pegasus.annex.net 1224769069 69.70.248.208 (23 Oct 2008

08:37:49 -0500)

MIME-Version: 1.0

Content-Type: text/plain;

charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable

X-Priority: 3

X-MSMail-Priority: Normal

X-Newsreader: Microsoft Outlook Express 6.00.3790.3959

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325

Xref: pegasus.annex.net annexcafe.uk.general.user2user:6949

Andrew and Peter

You should see my W2K3 Enterprise Sever boot. From cold boot to fully =

loaded Desktop 46 seconds including LAN connection

Reply-To: "Peter Foldes" <bounce@bounce>

From: "Peter Foldes" <okf22@hotmail.com>

References:

<70a49c31-6e12-4994-8511-8de78c062ded@v22g2000pro.googlegroups.com>

<OgZ#cnkNJHA.4088@TK2MSFTNGP05.phx.gbl>

<uSamAynNJHA.588@TK2MSFTNGP06.phx.gbl>

Subject: Re: Should we be suspicious?

Date: Sat, 25 Oct 2008 07:13:36 -0400

Lines: 77

MIME-Version: 1.0

Content-Type: text/plain;

charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable

X-Priority: 3

X-MSMail-Priority: Normal

X-Newsreader: Microsoft Outlook Express 6.00.3790.3959

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325

Message-ID: <eXm3xKpNJHA.3640@TK2MSFTNGP02.phx.gbl>

Newsgroups: microsoft.public.security.virus,microsoft.public.security

NNTP-Posting-Host: modemcable208.248-70-69.mc.videotron.ca 69.70.248.208

Path: TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl

Xref: TK2MSFTNGP01.phx.gbl microsoft.public.security:104406

microsoft.public.security.virus:83360

LOL David. Does my posting properties suggests otherwise ? Or is it

faked according to you.

October 25, 2008

Re: Should we be suspicious?

Lots of people have servers.

People need to be suspicious of only you!

"~BD~" <~BD~@no.mail.afraid.com> wrote in message

news:uSamAynNJHA.588@TK2MSFTNGP06.phx.gbl...

"Peter Foldes" <okf22@hotmail.com> has recently said..

"You should see my W2K3 Enterprise Sever boot. From cold boot to fully

loaded Desktop 46 seconds including LAN connection"

October 25, 2008

Re: Should we be suspicious?

David

First of all do not use these forums are not for your personal vendetta arising from dementia. My email is listed as per the Properties and you can send these concerns there not posting it here

I as I said it is unfortunate that your son passed away and unfortunately life goes on.

Secondly when you reported me to the Police in England that I am a International Terrorist it was not appreciated by me and especially by my family for what we were put through.

They (from England) advised me that I can take you to court for causing my family and myself grief and besides that they also found that you were a very sick individual and the best compromise that they came up with is to ignore you and they also did the same if you have not already noticed.

You have been doing this since you started to post on the newsgroup going back a few years and I have been ignoring you and even being nice when answering you since the inception of this regrettable sickness of yourself

There is more people than me using this computer (Server) . So I ask you again very nicely to stop your witch hunt and get a life.

You are a sick individual and periodically you go off the deep end with this good guy\bad guy personality which I see is starting again.

Yes I am using a Server and Yes I have a T3 connection along with a LAN when not using it also for which my business pays an incredible amount per month for rental of that service.

I hope that answers your curiosity

Dave

Put an end to your witch-hunt about everybody and go and enjoy your life on your Longboat with your Family

--

Peter

Please Reply to Newsgroup for the benefit of others

Requests for assistance by email can not and will not be acknowledged.

"~BD~" <~BD~@no.mail.afraid.com> wrote in message news:u2cXwzpNJHA.588@TK2MSFTNGP06.phx.gbl...

>

> "Peter Foldes" <okf22@hotmail.com> wrote in message

> news:eXm3xKpNJHA.3640@TK2MSFTNGP02.phx.gbl...

> LOL David. Does my posting properties suggests otherwise ? Or is it faked

> according to you.

>

> --

> Peter

>>

>

> Thank you for responding, Peter Foldes (aka Derek Feldman? - hence

> registration at Annexcafe as 'Derek'?)

>

> I have not suggested the faking of anything. I do not have the skill to know

> (as you have told me many times!). However, there may be others here who

> may be able to determine if all is not exactly as it should be. You have

> made mistakes before!

>

> So - here are the full Headers of your two recent messages for others to

> look at - and maybe comment upon thereafter: There will be some here who

> remember 9/11 ......... and that maybe folk should have asked more questions

> beforehand. I seek only the truth. A private email to explain who you are

> and what you do, had you sent same nearly three years ago, would have made

> posts such as this one, in the public domain, totally unnecessary. It has

> been your choice (and right) to remain silent, but this is no game.

>

> Subject: Re: XP versus Vista?

> From: "Peter Foldes" <okf22@hotmail.com>

> Date: Thu, 23 Oct 2008 09:37:53 -0400

> Message-ID: <1224769069_32811@pegasus.annex.net>

> References: <1224589399_22182@pegasus.annex.net>

> <1224736399_31974@pegasus.annex.net>

> Bytes: 4105

> Lines: 105

> NNTP-Posting-Host: 69.70.248.208

> Path: pegasus.annex.net!not-for-mail

> Newsgroups: annexcafe.uk.general.user2user

> X-Authenticated-User: Derek

> X-Trace: pegasus.annex.net 1224769069 69.70.248.208 (23 Oct 2008

> 08:37:49 -0500)

> MIME-Version: 1.0

> Content-Type: text/plain;

> charset="Windows-1252"

> Content-Transfer-Encoding: quoted-printable

> X-Priority: 3

> X-MSMail-Priority: Normal

> X-Newsreader: Microsoft Outlook Express 6.00.3790.3959

> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325

> Xref: pegasus.annex.net annexcafe.uk.general.user2user:6949

>

> Andrew and Peter

>

> You should see my W2K3 Enterprise Sever boot. From cold boot to fully =

> loaded Desktop 46 seconds including LAN connection

>

> Reply-To: "Peter Foldes" <bounce@bounce>

> From: "Peter Foldes" <okf22@hotmail.com>

> References:

> <70a49c31-6e12-4994-8511-8de78c062ded@v22g2000pro.googlegroups.com>

> <OgZ#cnkNJHA.4088@TK2MSFTNGP05.phx.gbl>

>

> <uSamAynNJHA.588@TK2MSFTNGP06.phx.gbl>

> Subject: Re: Should we be suspicious?

> Date: Sat, 25 Oct 2008 07:13:36 -0400

> Lines: 77

> MIME-Version: 1.0

> Content-Type: text/plain;

> charset="Windows-1252"

> Content-Transfer-Encoding: quoted-printable

> X-Priority: 3

> X-MSMail-Priority: Normal

> X-Newsreader: Microsoft Outlook Express 6.00.3790.3959

> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325

> Message-ID: <eXm3xKpNJHA.3640@TK2MSFTNGP02.phx.gbl>

> Newsgroups: microsoft.public.security.virus,microsoft.public.security

> NNTP-Posting-Host: modemcable208.248-70-69.mc.videotron.ca 69.70.248.208

> Path: TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl

> Xref: TK2MSFTNGP01.phx.gbl microsoft.public.security:104406

> microsoft.public.security.virus:83360

>

> LOL David. Does my posting properties suggests otherwise ? Or is it

> faked according to you.

>

>

October 25, 2008

Re: Should we be suspicious?

I don't care one whit. Lots of us run servers for fun or business.