Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Symantec - Live Update Error message

from [Turk] Network Security [Permanent Link]
Subject: Re: Symantec - Live Update Error message
Date: Fri, 21 Apr 2006 14:16:08 -0400 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jason,
   To my knowledge NTFS write support is not stable in Linux.  I have
been told that it is pretty good but the authors of the driver won't
endorse it as being out of testing(last I heard).  It is possible and
pretty steady but when the driver does mess up it destroys the file
system(note this is NTFS write in Linux, read is fine).  There are some
nice virus scanners in Linux, but if it is a large virus/root kit
problem I prefer one of those cds because write support is fine and they
have name brand anti-virus and rootkit tools integrated.
- --Turk
Jason T. Hallahan wrote:

Hey,

Could you also diagnose/repair a system that has been compromised by a
rootkit using a Linux Live CD?

-jth

On 4/19/06, Turk <turkewitz.m@neu.edu> wrote:

Nic,
  A root kit definately could hide the virus from the removal, in fact
thats one of their primary designs.  The unfortunate thing is that you
can't really guarentee the removal of a rootkit. With that said, I
highly recommend the Ultimate Boot CD for Windows or BartPE.  They are
windows preinstall environments that you build and burn to a cd.  They
contain multiple virus scanners.  Due to the fact that these disks are
not writable and not part of the infected system(don't build them on
the infected system) they aren't affected by the root kit.
--Turk

On 4/19/06, Nic James <nic.james@btconnect.com> wrote:

List,

Hoping this subject is Ok to post here:

I have a non IT-savvy acquaintance who has asked me to try and sort
this issue. He is running a fairly new version of the Symantec AV
product for XP Home and the Live Update feature gives him the following
error message when it runs:

Error: "LU1875 This update failed during its preprocessing welcome text
phase"

The Symantec web site does mention this error and points to possible
infection by the Trojan.Abwiz.F Trojan horse, they also supply a
removal tool. I have followed their instructions for running the tool,
including running it in Safe mode, and the tool said that the Trojan
was not present.
The Symantec description of this Trojan mentions rootkit abilities - so
what I would like to ask the list is :

1. Would it be possible, if the rootkit (presumably a system level
one?) has deployed, for it to fool the removal tool ?
2. Has anyone come across other reasons for why Live Update would give
this error message for the update LU1875 ?

There are other posts on places like ZDNet and some of the 'consumer'
sites that mention this error, but so far I have been unable to find a
satisfactory answer (I could of course be looking in the wrong place).
I have not approached Symantec directly as yet, I guess because
(naively?) I figured if there were other problems with this update it
would be on their site and so far i haven't seen any.

Many thanks for your time List.

Nic.


-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------






-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFESSFoDRGHGQkc9WkRAsHQAJ4+eZ3KAXCKmDQC94g1d1qOuOikigCgsBMb
rWlhGhsJ0ADf2tAf270ynUQ=
=xge1
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected. 
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no 
obligation. See why so many companies trust Spy Sweeper Enterprise to 
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Symantec - Live Update Error message, Jason T. Hallahan
Next by Date:  Re: Password Management, nightwatchman
Previous by Thread:  Re: Symantec - Live Update Error message, Jason T. Hallahan
Next by Thread:  Re: Symantec - Live Update Error message, John Bond
Indexes:  [Date] [Thread] [Top] [All Lists]