I've been recently infected by a trojan (little question : what's the difference between a trojan and a worm ?). My pc is yet clean, but I have several question about what has append on my computer.
1° during the infection, I was alerted by Avast (personnal edition). So I deleted the file, but it was still active and I've should deconnect Internet to stop the communication between the trojan and Internet. So deleting the file is not enough. Why ?
2° I've observed that it was detected by the standard shield (or the Web shield). So I ask me what's the fonction of the network shield ? The only way to stop repeted infections was for me to install a firewall, even if I am behind a gateway
3° After the attack, I've found very suspect files in the winnt\system32 directory : suspicious name like qrz3bn.exe or like win32.exe (I think that the malicious file is so named that it don't alert the user who thinks that win32.exe is a system file, and that's false in w2k), I've found .bat files that have different function like copy, rename then delete the original file, I've found a .html file with a code that makes you download a .reg file and flash the register, I've found a new program called "Sherif something" installed during the infection that was playing this song : "your computer is infected, you must scan !" (I bet that this program has installed the trojan) ; my desktop was having a new wallpaper and active desktop properties was desactivated like the taskmanager, etc ....
Some of those file are not viruses or trojan and I can do nothing against them, but don't let download a .reg file could be a way to make an attack harder .... a new function for Avast ?
4° I've heard that there are different type of anti-virus : some works with a database of viruses, and some are known like compotemental anti-viruses. What's the difference ? Is one better than the other ? and for which example ?
5° Is there legal actions that I can have with the police if I find where the attack was coming from (if I have an IP for example) ? What says the law about infections (in general, not for my country in particular) ?
Thanks for spending time for answer.
NB : my english is not so good. Please don't be too hard with me
(what does the "spell check" button of the forum do ?)
