Karl
Tue Aug 26 09:10:20 CDT 2003
I agree... but the fix in my experience is to exclude the folder containing
the Black Ice logs from being scanned by antivirus, within the antivirus
settings. You may have to set this for both the real-time on-access scanner
and the on-demand scanner.
"Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
news:u7cUOz4aDHA.2256@TK2MSFTNGP10.phx.gbl...
> What antivirus?
>
> My understanding of this issue, which is a bit vague at the moment, is
that
> the antivirus is recognizing the signature of the Slammer worm in your
> firewall log files - meaning that it sees instances of Slammer caught by
> your firewall, not direct evidence that you are infected.
>
> Deleting the log files should eliminate the appearance, but I suspect
> Slammer is still around, and thus it will come back.
>
> If you believe you may be running SQL server in some version on your
system,
> tools for detecting this, and ensuring that you are patched are found
here:
>
>
http://www.microsoft.com/sql/downloads/securitytools.asp
>
> However, I believe that end users would be better off starting here:
>
>
http://support.microsoft.com/default.aspx?scid=kb;en-us;813944
>
> and downloading only the SQL Server 2000 Critical Update Wizard.
>
> This worm lives only in memory--it isn't present on systems as a file,
thus
> Norton, for example, claims they don't detect it.
>
> They do, however, provide a cleaner tool, which you can use to provide
some
> assurance to yourself:
>
>
http://securityresponse.symantec.com/avcenter/venc/data/w32.sqlexp.worm.remo
val.tool.html
>
>
>
> "PJS" <Pjrs1Browns@wideopenwest.com> wrote in message
> news:065001c36b85$0871bd40$a601280a@phx.gbl...
> > When I did a virus scan, it showed that I'm infected with
> > Win32/SQLSlammer.worm in my Black Ice file (of all places!)
> > & it was unable to clean it. What can I do & how do I
> > prevent this in the future? Thank you.
>
>