Congrats To Me

I'm the proud father of a bouncing, baby computer virus. Do I deserve congrats for letting it get on my computer on the first place, or finding it?

Looks like no harm done.

I came home from the Bay Area yesterday and went to check my e-mail. The Zonelabs virus scan starts up, as it does when it's scheduled to. I get rather annoyed with that and nearly always cancel the scan. After all, everything that goes into the computer gets scanned. How could I have a virus?

I decided to let it run this time, since it is a good idea to scan for viruses on occasion. Did a full scan on the laptop last week for the same reason, with negative results. After all, you could download a virus that hasn't yet been added to your anti- virus program's virus definitions.

So I let the scan continue since I couldn't remember the last time I did a full scan.

Went out to clean out my truck, coming in occasionally to check on the scan progress and after about twenty minutes saw something I'd never seen before: The Zonelabs virus scan window showed an infection found. That got my attention.

The scan finishes and I check out the virus. Zonelabs says it's: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b

It was in my Documents and Settings file. I went in to the file but couldn't find the virus. I was a little nervous about deleting something in Documents and Settings so tried to find out what this supposed virus does. I click on Zonelab's More Information tab and I'm sent to this page.

Gee. That sure helps.

So I go to the Symantic (Norton Anti- Virus) web site and see if they have any info on it. A search there comes up with nothing. I then try doing a Yahoo search for not-a-virus and get this page with no real specific information I could find in any of the links. One page said something about the "virus"(assuming I'm reading it right) being some kind of remote control application.

Rather strange there isn't more info on this supposed virus.

I was nervous about deleting it so went ahead and Quarantined it. Supposedly it can't do anything if it's quarantined and, if I find not having the file screwed something up, I can always restore the virus and then repair it.

But everything's working fine and seems to have been working fine for some time.

I'm wondering how it got on this computer? I suspect it was one of those web sites I mentioned here a while back where I clicked on some link and the download window popped up. After I supposedly downloaded something in two seconds, I couldn't find anything that had been downloaded.

Pretty clever of whoever did it. I'll have to run virus scans more often.
Anybody out there know anything about this virus or have a good source for finding out something about it?


At 9:19 AM, Anonymous Anonymous said...

You're searching with Yahoo instead of Google, that's problem number one.

I found few references to the not-a-virus file, with a few vague references to it possibly being related to your DSL software. Look at the full path where the file is located. Is it located in an SBC/AT&T folder? If so, call AT&T and ask about it.

At 9:59 AM, Blogger Fred said...

Thanks. I actually tried to find it following the path and couldn't find it. I can't find and SBC/ATT file in my Documents and Settings file, either, at least not yet.

I don't have time to look further now. I'll check it out later.

In the meantime the file is safely quarantined.

At 12:10 PM, Blogger Hayduke said...

DSL/Yahoo puts it there when you installed DSL and is not needed any longer. Quarantining was the right thing to do. You don't need to worry about it any longer. Also running a full virus scan weekly is a good idea.

At 12:15 PM, Blogger Fred said...

The thing was set to run weekly by default. Finally, a couple weeks ago I got around to just having it done monthly. For some reason it still started up yesterday despite having it set for monthly. Oh well.

Hmmm...I wondered why Zonelabs would declare it a virus and why it didn't pick it up on the laptop?

At 12:34 PM, Anonymous Anonymous said...

At 7:13 PM, Anonymous Martha Mangles said...

At 7:18 PM, Blogger Fred said...

At 10:19 PM, Anonymous Anonymous said...

At 12:36 AM, Anonymous Anonymous said...

At 8:54 AM, Anonymous Anonymous said...

