Author Topic: Net Transport ver 1.50  (Read 8734 times)

0 Members and 1 Guest are viewing this topic.

Offline zappafan

  • Jr. Member
  • **
  • Posts: 35
  • I'm a Zappafan!!
Net Transport ver 1.50
« on: October 09, 2003, 10:14:31 PM »
Hi!
Just make some updating about avast ver. 4.1.280, and the latest viruses database from today 9/10-03.
It seems that after that I cant use Net Transport ver. 1.50.
Avast shout about some worm and I cant access Net Transport, I have to disable avast, then it works!
Is Net Transport really that danger?

Offline zappafan

  • Jr. Member
  • **
  • Posts: 35
  • I'm a Zappafan!!
Re:Net Transport ver 1.50
« Reply #1 on: October 10, 2003, 08:36:17 AM »
Hmmm....just thinking a little.
If I really have a program I now I can run, but Avast say its infected, how can I avoid this problem, and run the program without lettting Avast remove it.
Please tell me how I can solve this kind of problems.
I know I can point at some folder, files, that I dont wanna have scanned, but this is something else.
Any idea anyone?

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Net Transport ver 1.50
« Reply #2 on: October 10, 2003, 08:47:42 AM »
Not really something else...

The way to do this is to include the file to the exceptions from scanning. Double click the a-ball, select "Details...>>", double click the Standard Shield, go to the Advanced tab and edit the list of exceptions. Just add full path to the program, that should do it.

Hope this helps,
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline zappafan

  • Jr. Member
  • **
  • Posts: 35
  • I'm a Zappafan!!
Re:Net Transport ver 1.50
« Reply #3 on: October 10, 2003, 09:09:48 AM »
Well, I did all that and it dosnt work.
Thats why I think its something else :-)

But if I have on-access, It read the file and disable it. In my mind of thinking and just little knowledge in english, I thought it was the same.
Mean: even if I use on-access, I dont wanna have avast to scan this file....do I have to disable on-access? I dont wont that, but probably it would solve the things out.

I might check it all over again, but I did thought that someone else around here have had same kind of problems.

Anyway: thanx alot!

Offline zappafan

  • Jr. Member
  • **
  • Posts: 35
  • I'm a Zappafan!!
Re:Net Transport ver 1.50
« Reply #4 on: October 10, 2003, 05:52:53 PM »
Okki Vlk. You was right, thanx man.

But I must go around things: first of all i simply remove avast, downloaded the newest. Beacuse when I was trying to double-click at standard shield, nothing happends.
Obviously some shit had happend when I have done all this updates.
After a new fresh install everything goes smothly.

So, as always: Un-install, install new fresh, in the most cases it solves out the problems you have.

But still I think it strange that Avast found: Win32:SpyBot-52 [Wrm] in Net Transport.
I have used Spybot, and that program dosnt say anything.
Does anyone know anything about this?
« Last Edit: October 10, 2003, 05:53:52 PM by zappafan »

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Net Transport ver 1.50
« Reply #5 on: October 10, 2003, 05:55:03 PM »
It's maybe a false alarm. Wait for the next virus database update, please.

Thanks Vlk
If at first you don't succeed, then skydiving's not for you.

Offline zappafan

  • Jr. Member
  • **
  • Posts: 35
  • I'm a Zappafan!!
Re:Net Transport ver 1.50
« Reply #6 on: October 10, 2003, 06:00:50 PM »
True.
I never heard about this before and cant even seen a damn thing about it.
So of course Il wait and then see what happend.
But it really was strange...

Offline Hornus Continuum

  • Full Member
  • ***
  • Posts: 119
  • If you only remember one thing, it's this ...
Re:Net Transport ver 1.50
« Reply #7 on: October 14, 2003, 05:16:51 PM »
zappafan,

I just checked Spybot Search and Destroy's detection list, after checking for updates, and Spybot-52 isn't listed.  Have you used an online scanner to check the program?  This might not be a false positive.

Regards,
Hornus

"Quote me as saying I was misquoted." -- Groucho Marx  ;D

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Net Transport ver 1.50
« Reply #8 on: October 14, 2003, 06:02:28 PM »
I have used Spybot, and that program dosnt say anything.
Does anyone know anything about this?

SpybotSD has nothing to do with the worm and it is not primary developed for finding Worms. like VLK said, possibly false alarm.
MfG Ralf

Offline zappafan

  • Jr. Member
  • **
  • Posts: 35
  • I'm a Zappafan!!
Re:Net Transport ver 1.50
« Reply #9 on: October 14, 2003, 08:24:59 PM »
Well, I just think all this confusing me, and others.
If the program Net transport, really had an worm, this must be some big problems for everyone using it.
I havent read anything about that, so...
In this case I think the boys around here are right that just telling me its a false alarm.
But, since its computers, you really never can be sure.
Thats what I learn....

Offline doggeral

  • Jr. Member
  • **
  • Posts: 66
Re:Net Transport ver 1.50
« Reply #10 on: October 14, 2003, 11:45:31 PM »
Quote
If the program Net transport, really had an worm, this must be some big problems for everyone using it.

See this is a misconception.  Just because something is infected with a virus or worm doesn't mean its out to make your computer stop running.   A lot of worms, and you'll have to correct me if i'm wrong here,  and i believe the spybot worm simply sends information and allows remote execution and while this is definitely unwanted if it is well written you would never know it was there unless someone's signature detected it.

So just because there isnt widespread histeria about it doesn't mean it isn't true, however I would probably consider it a false alarm as well.  However i have net transport and haven't seen that worm come up on my system from avast.   So it might just be you infected and not the executable in general.

Not all things are as poorly written as the blaster worm was :)  

This is like the on going debate of adware vs spyware and how most users refuse to accept the obvious differences (even though the waters can become muddled).  
« Last Edit: October 14, 2003, 11:47:44 PM by doggeral »

Offline Hornus Continuum

  • Full Member
  • ***
  • Posts: 119
  • If you only remember one thing, it's this ...
Re:Net Transport ver 1.50
« Reply #11 on: October 15, 2003, 01:42:51 AM »
I agree with doggeral, but only to a degree.  True, people shouldn't hit the panic button when they discover a virus, even if there is a lot of hysteria about it.  The first steps to take are to verify the infection with another scanner and to research the virus.  Win32:Spybot-A52 [wrm] is a recent addition to the virus database, so I assume that it is relatively new.  I did a search for it at Google, both web and forum, and came up empty; however, I did check with a half dozen on-line databases and found entries for the family.  Win32:Spybot-A52 [wrm] didn't show up as an alias, so which variant it is and what its capabilities are isn't clear.  Panda Software and Network Associates give the family a low risk assessment, but Computer Associates and Symatec give a medium damage assessment.  Once source indicated that there are around 7 dozen of variants with about 5 dozen in the wild.  Granted, if it were highly destructive, you couldn't help but trip over information about it, but theft of personal information and DOS attacks could easily go unnoticed, especially by the masses totally uninformed about Internet safety.  These are things that should be taken seriously.

From Panda Software:
   Common name: RPCSdbot
   Technical name: W32/RPCSdbot
   Alias: W32/Randex.A, IRC-BBot, WORM_RPCSDBOT.A,
      Win32.RPCSdbot.A, W32/Spybot.worm.Iz, Backdoor.SdBot.au,
      TrojanDropper.Win32.Small.bd
   Effects: It runs programs, deletes and downloads files and launches denial of service attacks.

From F-Secure:
   NAME: Sdbot.RPC.A
   ALIAS: W32/Spybot.worm.lz, W32.Randex.E, WORM_RPCSDBOT.A
   The backdoor code is based on Sdbot. It connects to a predefined IRC server
   and joins a channel and waits for commands. Commands it supports provide
   full access to the compromised computer.


From Computer Associates:
   Win32.Spybot
   Win32.Spybot is an open soure irc bot. Due to the open and modular manner
      in which the source for this bot is distributed, there are many slightly different
      variants of this bot in the wild.

   Win32.Spybot may also be able to (depending on the variant):
      Download files via the Internet
      Keylog (i.e. log keystrokes on the affected machine)
      Kill firewall or antivirus software processes to avoid detection
      Act as an HTTP server

Regards,
Hornus
« Last Edit: October 15, 2003, 01:45:38 AM by Hornus Continuum »

"Quote me as saying I was misquoted." -- Groucho Marx  ;D

Offline zappafan

  • Jr. Member
  • **
  • Posts: 35
  • I'm a Zappafan!!
Re:Thanx alot, everyone
« Reply #12 on: October 15, 2003, 03:53:49 PM »
Im know clean from the worm. (Hmmm, dosnt that sounds strange? I mean my pc, of course)
Ive scanned my pc with Norman and Kasperspy, none of them could see anything.
So, I un-install Net Transport 1.50. Scanned with Avast, and it was clean.
Downloaded the newest version of Net Transport 1.51, and everything is alright.
Avast dont shout at me at all. (Only my wife do.)
It means: A new sort of worm that the program cant find, no kidding....

I must say Im wery glad that so many of you give all this kind of advises and try helping out.
THANX ALOT!
And, as always, my english could be better, I know. Sometimes not so easy to write down what the problem really is.

Anyway: next time you go to the local pub, let me pay.
Cheers.