hi,i’m brand new at this,i downloaded and recently installed the free anti-virus on my system…done a scsan and got a virus warning …win32 sql slammer??? help please ???
Well, what did you do? What did you click on virus alarm?
Repair, delete, send to Chest?
Was it successful?
Oh, it’s better if you say what is your operational system.
Welcome 8)
hi thanks for reply…i sent it to the chest! just not sure what to do??
my operating system windows xp sp2,pen 4,CPU 3.00GHz,2.00GB of Ram
You’ve done the best!
It will be safe there in Chest. Wait more 15 or 30 days and you can delete it from there.
To be sure, just run another avast! scan (with archive file scanning option checked)
That’s great thanks alot…dont know if you can help with this settings on advast On-Access protection? whats important whats not??..just not sure as haven’t used avast before now!!
Yes I can help you but the better will be let everything in the default settings until you get used to avast.
Remember, avast is one of the most - if not the most - configurable antivirus round. You should know what you’re doing 8)
Untill there, enjoy the forum
Hi, welcome to the forums.
Take some time to browse the avast help file for what things do and decide what your settings should be based on your system, use and the compromise of security over performance. However, with your system you shouldn’t have any performance issues.
There are also a number of sticky threads at the top of the forums that contain a lot of very useful information to help you get the best out of avast!
yeah thanks …good to be here looks pretty cool 8)…only i keep getting this win32 sql slammer??? mmmmm why??
What the filename, where was it found
example (C:\windows\system32\infected-filename.xxx)?
Which scanner detected it, Web Shield whilst browsing, or during a routine scan, etc?
See, http://www.avast.com/eng/win32sqlslammer.html
Extract:
This worm uses a well known vulnerability that has had a patch available for many months. Microsoft has also released a recent service pack for SQL (Service Pack 3) that includes a fix for this vulnerability. All users of MS SQL Server or Microsoft Desktop Engine (MSDE) 2000 should use the patches available. For more information see the following pages: [url]http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-039.asp[/url] SQL 2000 Service Pack 3: http://www.microsoft.com/sql/downloads/2000/sp3.asp.
If you are continually getting infected by, you have evaluate your system security, web sites you visit, downloads, p2p, etc.
hi,
W32sqlslammer was found when i done my first scan,on web shield…thankyou for the advice on w32sqlslammer,this only happened when i installed a program called blackice firewall…i read about slammer at microsoft site on the link you gave me and it said check to see what version of sql Server 2000 i have installed if any???, by going to start,search in local files typing in “sqlservr.exe”
so i done this only to find No results??? any suggestions wolud be of help!
If you found it with the Web Shield you should have been given the option to abort connection, this stops the download of sqlslammer so it shouldn’t get on your HDD.
If you had SQL Server installed you would know about it as you would understand about SQL Server (you would have had to install it). So it looks like the attempt to infect your system with sqlslammer was speculative and not targeted as you don’t have SQL Server installed. So you shouldn’t need to do anything further.
You should spend a little time reading the avast help file to understand what each provider does. You don’t do a first scan with Web Shield it acts as a transparent shield between the Internet and your PC checking the pages/items that would usually be downloaded using the http protocol (port 80) to your browser cache, Standard Shield scans your HDD.
Please give us the complete exact alert of avast: path/folder/filename or URL/Adress, which resident scanner etc… etc pp.
My hint is that BlackIce dumps the suspicious slammer data packets somewhere on the HD, and avast Shield then detects them…
or it’s WebShield…
Disable the packet Dump in BlackIce and you won’t worry anymore,
and read your firewalls help & adjust the settings accordingly…
This is whats in my avast chest below:
Name Original location Last changes Transfer time Virus Comment
evd000.enc C:\Program Files\ISS\BlackICE 14/05/2005 21:… 14/05/2005 23:… Win32:SQLSla…
evd001.enc C:\Program Files\ISS\BlackICE 14/05/2005 22:... 14/05/2005 23:... Win32:SQLSla...
evd003.enc C:\Program Files\ISS\BlackICE 14/05/2005 23:... 15/05/2005 10:... Win32:SQLSla...
evd004.enc C:\Program Files\ISS\BlackICE 15/05/2005 00:... 15/05/2005 10:... Win32:SQLSla...
Scan archive files Floppies
CD/DVD
Also how do i disable the Disable the packet Dump in BlackIce ??
Sori about this just new at this avast …i will read the help files
i posted a what i thought was a virus on my pc last week ,iam new and only installed avast last week…w32sql slammer??? :-\
I’ll ask for official help
thanks :o
Well, Google reveals quite a few hits on evd000.enc
BlackICE is simply logging the network traffic (or rather the blocked intrusions) into these log files (evdXXX.enc). Since the log files contain the intrusion code (such as SQLSlammer in this case), avast! detects the corresponding virus in the log as well.
In addition to (the usual) note that it’s rather stupid to log this kind of stuff in plaintext (= unencrypted) to disk, I can only suggest either to turn off this BlackICE feature (sorry, I’m not familiar with BlackICE), or put the correspoding mask into the list of avast! exclusions (both On-demand in program Settings, and On-access in Standard Shield settings).
When do i get the official help! last week had these and this week the same again?? :o
What do you mean?
I was trying to explain that it’s actually a BlackICE problem (because it stores intrusion code on disk) - and I also gave you some suggesions on how to avoid the conflicts. You can consider it an official help, I don’t think there’s anything else to say.
I think you have done very with the help you have received (considering you are using the free version of avast), official or otherwise. Please try the suggestions offered to avoid the problem.
You might report this to the BlackIce forum if they have one because this is something they too should address because it won’t be just avast that would report the virus signature in the data written to disk by BlackIce.