Norton CE detects virus in C:\Recycler...

Discussion in 'Virus Information' started by Jordon, Oct 24, 2008.

  1. Jordon

    Jordon Guest

    But there's nothing in C:\Recycler\...

    I'm using the Corporate Edition of NAV on our Win2k Server based
    network. It's an older version but it gets updates regularly. I'm not
    really interested in discussing the merits (or lack thereof) of Norton
    unless it directly involves my situation. I don't know, maybe NAV is
    broken.

    Norton is reporting that there is a virus found in my C:\Recycler\
    (Win2k Pro). It says it's Trojan.Gernid and it's an .exe within a zip
    file. I've researched what this virus is suppose to do but as far as I
    can tell my computer isn't infected, other than the fact that Norton
    says it's there.

    The recycle bin is empty and I empty it on a semi-regular basis. A
    manual scan shows nothing but every 10 minutes the virus history list
    in NAV shows another instance of the virus.

    Is NAV broken or is there something I haven't considered?
     
    Jordon, Oct 24, 2008
    #1
    1. Advertisements

  2. From: "Jordon" <>

    | But there's nothing in C:\Recycler\...

    | I'm using the Corporate Edition of NAV on our Win2k Server based
    | network. It's an older version but it gets updates regularly. I'm not
    | really interested in discussing the merits (or lack thereof) of Norton
    | unless it directly involves my situation. I don't know, maybe NAV is
    | broken.

    | Norton is reporting that there is a virus found in my C:\Recycler\
    | (Win2k Pro). It says it's Trojan.Gernid and it's an .exe within a zip
    | file. I've researched what this virus is suppose to do but as far as I
    | can tell my computer isn't infected, other than the fact that Norton
    | says it's there.

    | The recycle bin is empty and I empty it on a semi-regular basis. A
    | manual scan shows nothing but every 10 minutes the virus history list
    | in NAV shows another instance of the virus.

    | Is NAV broken or is there something I haven't considered?

    | --
    | Jordon


    If it is there it is hidden.


    Download MULTI_AV.EXE from the URL --
    http://www.pctip.ch/ds/28400/28470/Multi_AV.exe
    or
    http://212.98.39.7/ds/28400/28470/Multi_AV.exe

    http://www.pctip.ch/downloads/dl/35905.asp
    or
    http://212.98.39.7/downloads/dl/35905.asp

    English:
    http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/


    To use this utility, perform the following...
    Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    Choose; Unzip
    Choose; Close

    Execute; C:\AV-CLS\StartMenu.BAT
    { or Double-click on 'Start Menu' in C:\AV-CLS }

    NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    FireWall to allow it to download the needed AV vendor related files.

    C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    This will bring up the initial menu of choices and should be executed in Normal Mode.
    This way all the components can be downloaded from each AV vendor's web site.
    The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

    You can choose to go to each menu item and just download the needed files or you can
    download the files and perform a scan in Normal Mode. Once you have downloaded the files
    needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
    during boot] and re-run the menu again and choose which scanner you want to run in Safe
    Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

    When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
    file.

    Additional Instructions:
    http://pcdid.com/Multi_AV.htm


    * * * Please report back your results * * *
     
    David H. Lipman, Oct 24, 2008
    #2
    1. Advertisements

  3. Jordon

    Jordon Guest

    NAV must be broken. I used your tool and scanned with multiple
    scanners and
    nothing was found. FWIW, you mentioned that "if it is there it must be
    hidden".
    You're referring to the hidden attribute? First thing I do after
    installing an OS is
    to turn on viewing of system and hidden files.
     
    Jordon, Oct 24, 2008
    #3
  4. From: "Jordon" <>



    | NAV must be broken. I used your tool and scanned with multiple
    | scanners and
    | nothing was found. FWIW, you mentioned that "if it is there it must be
    | hidden".
    | You're referring to the hidden attribute? First thing I do after
    | installing an OS is
    | to turn on viewing of system and hidden files.

    | --
    | Jordon

    First off you have to view outside of Explorer.

    Download and run Gmer
    http://www.gmer.net/index.php

    Let's see if you have a RootKit causing this issue.
     
    David H. Lipman, Oct 24, 2008
    #4
  5. Jordon

    Peter Foldes Guest

    Just a shot.

    Is it in the Norton Recycle Bin by any chance
     
    Peter Foldes, Oct 25, 2008
    #5
  6. Jordon

    ~BD~ Guest

    "Peter Foldes" <> has recently said..

    "You should see my W2K3 Enterprise Sever boot. From cold boot to fully
    loaded Desktop 46 seconds including LAN connection"

    (his mis-spelling of 'Server')

    Wikipedia tells me ( http://en.wikipedia.org/wiki/Enterprise_Server )

    "An enterprise server is a computer system which performs an essential
    service for a large organization. Examples include corporate web servers,
    print servers, and databases. A key feature distinguishing an enterprise
    server is that even a short-term failure can cost more than purchasing and
    installing the system. For example, it may take only a few minutes' down
    time at a national stock exchange to justify the expense of entirely
    replacing the system with something more reliable."

    Perhaps that isn't true.


    Mr Foldes has also previously advised that he has a T3 Connection.

    Detailed/Technical DS3-T3 Definition
    http://www.realtimet1search.com/news/article_282.php which mentions:
    "Who uses DS-3s? Companies who host high traffic web sites, support web
    hosting, and need high capacity bandwidth on an as-needed basis. Also
    universities/colleges, government offices, and high volume call centers. A
    full DS3 can accommodate many simultaneous users depending on the
    requirements of the business. Generally a DS3 line is installed as a major
    networking channel for large corporations or universities with high volume
    network traffic. This is an always-on, high-speed connection that provides a
    dedicated, stable and reliable link to the Internet, and can support up to
    500 or more computer users."

    I still can't help wondering who he *really* is ............ and what he
    *actually* does.

    Does anyone reading here know - or care?

    Surely *someone* 'out there' must be curious too!

    --
     
    ~BD~, Oct 25, 2008
    #6
  7. Jordon

    Peter Foldes Guest

    LOL David. Does my posting properties suggests otherwise ? Or is it faked according to you.

    I will ask you very nicely and politely David. Can you stop with your childish and unintelligent postings. Be a man and not a 8 yr old running to mommy and daddy.
     
    Peter Foldes, Oct 25, 2008
    #7
  8. Jordon

    ~BD~ Guest

    LOL David. Does my posting properties suggests otherwise ? Or is it faked
    according to you.
    [/QUOTE]

    Thank you for responding, Peter Foldes (aka Derek Feldman? - hence
    registration at Annexcafe as 'Derek'?)

    I have not suggested the faking of anything. I do not have the skill to know
    (as you have told me many times!). However, there may be others here who
    *may* be able to determine if all is not exactly as it should be. You have
    made mistakes before!

    So - here are the full Headers of your two recent messages for others to
    look at - and maybe comment upon thereafter: There *will* be some here who
    remember 9/11 ......... and that maybe folk should have asked more questions
    beforehand. I seek only the truth. A private email to explain who you are
    and what you do, had you sent same nearly three years ago, would have made
    posts such as this one, in the public domain, totally unnecessary. It has
    been your choice (and right) to remain silent, but this is no game.


    Subject: Re: XP versus Vista?
    From: "Peter Foldes" <>
    Date: Thu, 23 Oct 2008 09:37:53 -0400
    Message-ID: <>
    References: <>
    <>
    Bytes: 4105
    Lines: 105
    NNTP-Posting-Host: 69.70.248.208
    Path: pegasus.annex.net!not-for-mail
    Newsgroups: annexcafe.uk.general.user2user
    X-Authenticated-User: Derek
    X-Trace: pegasus.annex.net 1224769069 69.70.248.208 (23 Oct 2008
    08:37:49 -0500)
    MIME-Version: 1.0
    Content-Type: text/plain;
    charset="Windows-1252"
    Content-Transfer-Encoding: quoted-printable
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Newsreader: Microsoft Outlook Express 6.00.3790.3959
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325
    Xref: pegasus.annex.net annexcafe.uk.general.user2user:6949

    Andrew and Peter

    You should see my W2K3 Enterprise Sever boot. From cold boot to fully =
    loaded Desktop 46 seconds including LAN connection

    *********************************************************

    Reply-To: "Peter Foldes" <bounce@bounce>
    From: "Peter Foldes" <>
    References:
    <>
    <OgZ#>

    <>
    Subject: Re: Should we be suspicious?
    Date: Sat, 25 Oct 2008 07:13:36 -0400
    Lines: 77
    MIME-Version: 1.0
    Content-Type: text/plain;
    charset="Windows-1252"
    Content-Transfer-Encoding: quoted-printable
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Newsreader: Microsoft Outlook Express 6.00.3790.3959
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325
    Message-ID: <>
    Newsgroups: microsoft.public.security.virus,microsoft.public.security
    NNTP-Posting-Host: modemcable208.248-70-69.mc.videotron.ca 69.70.248.208
    Path: TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
    Xref: TK2MSFTNGP01.phx.gbl microsoft.public.security:104406
    microsoft.public.security.virus:83360

    LOL David. Does my posting properties suggests otherwise ? Or is it
    faked according to you.
     
    ~BD~, Oct 25, 2008
    #8
  9. Jordon

    Peter Foldes Guest

    David

    First of all do not use these forums are not for your personal vendetta arising from dementia. My email is listed as per the Properties and you can send these concerns there not posting it here

    I as I said it is unfortunate that your son passed away and unfortunately life goes on.

    Secondly when you reported me to the Police in England that I am a International Terrorist it was not appreciated by me and especially by my family for what we were put through.
    They (from England) advised me that I can take you to court for causing my family and myself grief and besides that they also found that you were a very sick individual and the best compromise that they came up with is to ignore you and they also did the same if you have not already noticed.
    You have been doing this since you started to post on the newsgroup going back a few years and I have been ignoring you and even being nice when answering you since the inception of this regrettable sickness of yourself
    There is more people than me using this computer (Server) . So I ask you again very nicely to stop your witch hunt and get a life.
    You are a sick individual and periodically you go off the deep end with this good guy\bad guy personality which I see is starting again.
    Yes I am using a Server and Yes I have a T3 connection along with a LAN when not using it also for which my business pays an incredible amount per month for rental of that service.
    I hope that answers your curiosity
    Dave
    Put an end to your witch-hunt about everybody and go and enjoy your life on your Longboat with your Family



    --
    Peter

    Please Reply to Newsgroup for the benefit of others
    Requests for assistance by email can not and will not be acknowledged.

    Thank you for responding, Peter Foldes (aka Derek Feldman? - hence
    registration at Annexcafe as 'Derek'?)

    I have not suggested the faking of anything. I do not have the skill to know
    (as you have told me many times!). However, there may be others here who
    *may* be able to determine if all is not exactly as it should be. You have
    made mistakes before!

    So - here are the full Headers of your two recent messages for others to
    look at - and maybe comment upon thereafter: There *will* be some here who
    remember 9/11 ......... and that maybe folk should have asked more questions
    beforehand. I seek only the truth. A private email to explain who you are
    and what you do, had you sent same nearly three years ago, would have made
    posts such as this one, in the public domain, totally unnecessary. It has
    been your choice (and right) to remain silent, but this is no game.


    Subject: Re: XP versus Vista?
    From: "Peter Foldes" <>
    Date: Thu, 23 Oct 2008 09:37:53 -0400
    Message-ID: <>
    References: <>
    <>
    Bytes: 4105
    Lines: 105
    NNTP-Posting-Host: 69.70.248.208
    Path: pegasus.annex.net!not-for-mail
    Newsgroups: annexcafe.uk.general.user2user
    X-Authenticated-User: Derek
    X-Trace: pegasus.annex.net 1224769069 69.70.248.208 (23 Oct 2008
    08:37:49 -0500)
    MIME-Version: 1.0
    Content-Type: text/plain;
    charset="Windows-1252"
    Content-Transfer-Encoding: quoted-printable
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Newsreader: Microsoft Outlook Express 6.00.3790.3959
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325
    Xref: pegasus.annex.net annexcafe.uk.general.user2user:6949

    Andrew and Peter

    You should see my W2K3 Enterprise Sever boot. From cold boot to fully =
    loaded Desktop 46 seconds including LAN connection

    *********************************************************

    Reply-To: "Peter Foldes" <bounce@bounce>
    From: "Peter Foldes" <>
    References:
    <>
    <OgZ#>

    <>
    Subject: Re: Should we be suspicious?
    Date: Sat, 25 Oct 2008 07:13:36 -0400
    Lines: 77
    MIME-Version: 1.0
    Content-Type: text/plain;
    charset="Windows-1252"
    Content-Transfer-Encoding: quoted-printable
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Newsreader: Microsoft Outlook Express 6.00.3790.3959
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325
    Message-ID: <>
    Newsgroups: microsoft.public.security.virus,microsoft.public.security
    NNTP-Posting-Host: modemcable208.248-70-69.mc.videotron.ca 69.70.248.208
    Path: TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
    Xref: TK2MSFTNGP01.phx.gbl microsoft.public.security:104406
    microsoft.public.security.virus:83360

    LOL David. Does my posting properties suggests otherwise ? Or is it
    faked according to you.
    [/QUOTE]
     
    Peter Foldes, Oct 25, 2008
    #9
  10. Jordon

    Jonas Guest

    I don't care one whit. Lots of us run servers for fun or business.


    "Peter Foldes" <> has recently said..

    "You should see my W2K3 Enterprise Sever boot. From cold boot to fully
    loaded Desktop 46 seconds including LAN connection"

    (his mis-spelling of 'Server')

    Wikipedia tells me ( http://en.wikipedia.org/wiki/Enterprise_Server )

    "An enterprise server is a computer system which performs an essential
    service for a large organization. Examples include corporate web servers,
    print servers, and databases. A key feature distinguishing an enterprise
    server is that even a short-term failure can cost more than purchasing and
    installing the system. For example, it may take only a few minutes' down
    time at a national stock exchange to justify the expense of entirely
    replacing the system with something more reliable."

    Perhaps that isn't true.


    Mr Foldes has also previously advised that he has a T3 Connection.

    Detailed/Technical DS3-T3 Definition
    http://www.realtimet1search.com/news/article_282.php which mentions:
    "Who uses DS-3s? Companies who host high traffic web sites, support web
    hosting, and need high capacity bandwidth on an as-needed basis. Also
    universities/colleges, government offices, and high volume call centers. A
    full DS3 can accommodate many simultaneous users depending on the
    requirements of the business. Generally a DS3 line is installed as a major
    networking channel for large corporations or universities with high volume
    network traffic. This is an always-on, high-speed connection that provides a
    dedicated, stable and reliable link to the Internet, and can support up to
    500 or more computer users."

    I still can't help wondering who he *really* is ............ and what he
    *actually* does.

    Does anyone reading here know - or care?

    Surely *someone* 'out there' must be curious too!

    --
     
    Jonas, Oct 25, 2008
    #10
  11. Jordon

    ~BD~ Guest

    I don't care one whit. Lots of us run servers for fun or business.

    Hello Jonas :)

    I apologise if I have mis-understood matters. Here at Wikipedia
    http://en.wikipedia.org/wiki/Server_(computing) you will note this:-

    This article needs additional citations for verification.
    Please help improve this article by adding reliable references. Unsourced
    material may be challenged and removed. (July 2008)

    *************************************************

    With your expertise in these matters, perhaps *you* can help improve the
    article - try, at the very least. <s>

    AFAIK an *Enterprise* Server is rather different, as described in my
    original post, thus: http://en.wikipedia.org/wiki/Enterprise_server

    Thanks for responding!

    Dave

    --
     
    ~BD~, Oct 25, 2008
    #11
  12. Jordon

    Alun Jones Guest

    Lots of us would rather spend our time helping in other areas than updating
    Wikipedia. Whatever floats your boat, of course, but don't view Wikipedia as
    either a definitive source of complete and accurate information, or a
    mandatory social welfare project that we should all be engaging in.
    While it pains me to point you to Wikipedia just after I've finished telling
    you that you shouldn't rely on it being accurate, might I point this out to
    you:

    http://en.wikipedia.org/wiki/Windows_Server_2003#Enterprise_Edition

    This is most likely what was being referred to as "Windows 2003 Enterprise
    Server". As has been pointed out, there are many of us who have computer and
    network setups that are non-traditional. I have a domain of ten computers
    used by three people, for instance. Some of those are Enterprise Servers in
    the sense that they run serious enterprise-level code, rather than
    small-business quality code. (The difference comes when you ask "how well
    does it perform with umpty thousand
    users/systems/locations/applications/etc?") Small software vendors selling
    into large institutions frequently have to mimic Enterprise-like scenarios
    in their small environments.

    Finally, I know a lot of the people in this group have said this to you far
    more rudely than I will, but here's my advice: you are clearly a beginner in
    this field. You are asking so many questions, and getting so many things
    wrong in your assumptions, that it's very clear that you are a beginner.

    As such, use a little humility, and make your postings more inquisitive than
    accusative. Ask questions - don't assert that others are wrong just because
    they disagree with you. Ask _why_ they disagree with you or with your
    understanding of the world. You don't know enough to be quoting Wikipedia
    back at people trying to prove that they're lying. All you do is make people
    irritated with you.

    And that's not helpful when you come to ask for help.

    Alun.
    ~~~~
     
    Alun Jones, Oct 25, 2008
    #12
  13. Jordon

    VanguardLH Guest

    Without knowing what hardware he uses (which could be a hell of lot
    faster than yours) and without knowing what he loads on Windows startup
    (which could be a hell of lot less than you), that is not an
    unreasonable boot time. Hell, maybe he isn't even loading the desktop
    GUI and prefers a command-line interface.
    None of which must be running or even installed. "Server" is part of
    the product name, not necessarily how it is used. Hell, even developers
    will run server versions of an OS to test their code but that doesn't
    mean they are using the server OS as a server to anyone else.
    Often users will wrongly equate their company's property as their own
    property.

    T3 (DS-3): 44.736 million bits per second

    Well, that depends entirely on what service level you pay for. Just
    because YOU choose to pay for lower bandwidth doesn't mean something
    richer than you must also be just as slow.
    So now you're targeting yet another regular netizen. What's the point?
    Why do you even care about what someone claims they do or don't have?

    So who's your next target of your ennui?
     
    VanguardLH, Oct 25, 2008
    #13
  14. Jordon

    ~BD~ Guest

    Alun - many thanks for taking the time and so much trouble to respond here.
    I really appreciate you input.

    Your web site says:-
    "Alun Jones, the author of WFTPD Server and WFTPD Pro Server, has been
    programming and developing software since his early teens. He now has over
    20 years experience in the IT industry, 13 years as a TCP/IP Winsock
    developer. Alun is a Microsoft Certified Professional (MCP) and has helped
    to review and author a number of RFCs. Alun was recognized by Microsoft in
    April of 2003 as a "Most Valuable Professional", for his repeated volunteer
    assistance in Usenet newsgroups devoted to Windows developers, mostly in
    TCP/IP development using Winsock. Alun's MVP award is in the dual areas of
    Windows SDK and Security, as a result of his SSL / TLS knowledge and his
    overall advocacy of good development security principles. Since then, Alun
    has twice been re-awarded as a Microsoft MVP in the Windows Security area,
    and is currently a Microsoft MVP."

    I have absolutely no reason whatsoever to doubt that is true.

    Perhaps you can point me in the right direction to ascertain the true
    credentials of Mr Foldes?

    TIA

    Dave

    --
     
    ~BD~, Oct 25, 2008
    #14
  15. Jordon

    Larry Thomas Guest

    He has been vetted many times and is who he says he is. Move on.


    Alun - many thanks for taking the time and so much trouble to respond here.
    I really appreciate you input.

    Your web site says:-
    "Alun Jones, the author of WFTPD Server and WFTPD Pro Server, has been
    programming and developing software since his early teens. He now has over
    20 years experience in the IT industry, 13 years as a TCP/IP Winsock
    developer. Alun is a Microsoft Certified Professional (MCP) and has helped
    to review and author a number of RFCs. Alun was recognized by Microsoft in
    April of 2003 as a "Most Valuable Professional", for his repeated volunteer
    assistance in Usenet newsgroups devoted to Windows developers, mostly in
    TCP/IP development using Winsock. Alun's MVP award is in the dual areas of
    Windows SDK and Security, as a result of his SSL / TLS knowledge and his
    overall advocacy of good development security principles. Since then, Alun
    has twice been re-awarded as a Microsoft MVP in the Windows Security area,
    and is currently a Microsoft MVP."

    I have absolutely no reason whatsoever to doubt that is true.

    Perhaps you can point me in the right direction to ascertain the true
    credentials of Mr Foldes?

    TIA

    Dave

    --
     
    Larry Thomas, Oct 25, 2008
    #15
  16. Jordon

    Larry Thomas Guest

    Better yet give us your credentials.




    Perhaps you can point me in the right direction to ascertain the true
    credentials of Mr Foldes?

    TIA

    Dave

    --
     
    Larry Thomas, Oct 25, 2008
    #16
  17. Jordon

    ~BD~ Guest



    Not bored - concerned. I'm very disappointed with your response, VanguardLH.

    I haven't told you the full background, nor will I here. I *can* tell you
    that this 'regular netizen', as you call him, has consistently lied when
    posting on these Microsoft groups and, indeed, on the Annexcafe newsgroups
    too. I fully appreciate that only *I* can be sure of that - others will have
    to make up their own minds.

    Two things are of concern to me.

    1. Cybercrime

    2. Terrorism

    One, of course, can feed the other. Mr Foldes, by his own admission, is a
    foreign national now living in Canada. 'He' and/or his companions answer
    every computing query under-the-sun at just about any time of the day or
    night. He appears to use highly sophisticated equipment too, yet no-one
    knows anything about him or his business - there's not even a web site to
    enlighten us. Strange, I think, in 2008.

    Perhaps the explanation/statement he has made 'here' in these groups today
    (much of it untrue, BTW) will put your mind at ease. There is obviously no
    need to worry about the safety of your friends and family ........ is there?

    Dave

    --
     
    ~BD~, Oct 25, 2008
    #17
  18. Jordon

    ~BD~ Guest

    He has been vetted many times and is who he says he is. Move on.

    I didn't know that!

    WHY has Mr Foldes been vetted many times - and by whom?

    Just *how* do you know that, Larry?

    TIA

    Dave

    --
     
    ~BD~, Oct 25, 2008
    #18
  19. cf.
    http://www.google.com/search?source=ig&hl=en&rlz=&q=boaterdave+%2B+banned
     
    PA Bear [MS MVP], Oct 25, 2008
    #19
  20. From: "~BD~" <~BD~@no.mail.afraid.com>




    | Perhaps you can point me in the right direction to ascertain the true
    | credentials of Mr Foldes?

    It is none of you f'n business !

    Now stop chnaging the name of the thread and hijacking the threads you enter !
     
    David H. Lipman, Oct 25, 2008
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.