I don't know what nefarious sceme the Symantec's up to but after reading the
eWeek story
on this issue I ran live update to update the virus signatures and other
components such as
symevnt and nprotect.
The I ran WinDoctor in SystemWorks 2006 and it was able to fix all the missing
file, shortcut and orphaned
registry entries all except for these listed below inside of a beta eval that I
have of Visual Studio.NET 2005 that
WinDoctor found:
Missing File: "C:\Program Files\CE Remote
Tools\5.01\target\wce500\armV4\ccfwcli.exe"
"C:\Program Files\CE Remote Tools\5.01\target\wce500\armV4\ccfwcli.exe" cannot
access a necessary file, "coredll.dll"
Missing File: "C:\Windows\Microsoft.NET|Framework\v2.0.50727\AppLaunch.exe"
"C:\Windows\Microsoft.NET|Framework\v2.0.50727\AppLaunch.exe" cannot access a
necessary file, "msvcr80.dll"
Missing File: "C:\Windows\Microsoft.NET|Framework\v2.0.50727\Aspnet_state.exe"
"C:\Windows\Microsoft.NET|Framework\v2.0.50727\Aspnet_state.exe" cannot access
a necessary file, "msvcr80.dll"
Missing File: "C:\Windows\Microsoft.NET|Framework\v2.0.50727\Aspnet_regiis.exe"
"C:\Windows\Microsoft.NET|Framework\v2.0.50727\Aspnet_regiis.exe" cannot access
a necessary file, "msvcr80.dll"
Missing File: "C:\Windows\Microsoft.NET|Framework\v2.0.50727\Aspnet_wp.exe"
"C:\Windows\Microsoft.NET|Framework\v2.0.50727\Aaspnet_wp.exe" cannot access a
necessary file, "msvcr80.dll"
Missing File: "C:\Windows\Microsoft.NET|Framework\v2.0.50727\csc.exe"
"C:\Windows\Microsoft.NET|Framework\v2.0.50727\csc.exe" cannot access a
necessary file, "msvcr80.dll"
Missing File: "C:\Windows\Microsoft.NET|Framework\v2.0.50727\cvtres.exe"
"C:\Windows\Microsoft.NET|Framework\v2.0.50727\ctvres.exe" cannot access a
necessary file, "msvcr80.dll"
Missing File: "C:\Windows\Microsoft.NET|Framework\v2.0.50727\ilasm.exe"
"C:\Windows\Microsoft.NET|Framework\v2.0.50727\ilasm.exe" cannot access a
necessary file, "msvcr80.dll"
"These missing files have a lot to do with some missing components in Visual
Studio.NET Beta 2 with the .NET Framework 2.0 and the CE Remote development
tools which all point to a missing or corrupted MSVCR80.DLL
and COREDLL.DLL components. A setup and remove from the Visual Studio.NET 2005
setup module should solve this problem then run WinDoctor again after the
removal. What hey, what can you expect from beta software, I always say."
===============
And yes, just as with virus scanning, the rootkit scanners can plug
along, always behind the curve, finding "old" rootkits, and maybe being
able to remove them. But if the really sophisticated attackers turn
their attention from Unix servers to Windows, all this packaged-scanning
stuff will be shown to be for naught.
If you can't be careful, be scared...:o)
/Bernie\
Marc Sims
Data Technician I
Prince George's Community College
--
----------------------------------------
The WIN-HOME mailing list is powered by L-Soft's renowned
LISTSERV(R) list management software. For more information, go to:
http://www.lsoft.com/LISTSERV-powered.html
