Hack 70 Antivirus FAQ

figs/beginner.gif figs/hack70.gif

Rod Trent of myITforum.com, shares his answers to some frequently asked questions on the subject of virus protection.

As CEO of myITforum.com (http://www.myitforum.com) and author of several white papers on security topics, I frequently get questions on protecting Microsoft platforms from viruses, worms, and other threats. Here's a short selection of some questions and my answers. By the way, you can find lots of additional information about protecting your networks at myITforum.com.

Is It Real or a Hoax?

Q: How can you tell whether a virus threat is real or just a hoax?

A: Keep the following links handy the next time a user sends you an email saying that one of their AOL buddies alerted them to a new and threatening virus. These links should be your first line of defense when a new virus is reported in the wild:

CERT Institute (http://www.cert.org)
McAfee's Virus Hoaxes (http://vil.mcafee.com/hoax.asp)
Symantec's Hoax Page (http://www.symantec.com/avcenter/hoax.html)
TrendMicro Hoax Page (http://www.antivirus.com/vinfo/hoaxes/hoax.asp)
Sophos' Hoax Page (http://www.sophos.com/virusinfo/hoaxes/)
Virus Busters (http://www.itd.umich.edu/virusbusters/)
Virus Myths (http://www.stiller.com/myths.htm)
Hoax Warnings (http://www.europe.datafellows.com/news/hoax.htm)

Disabling Antivirus Programs Is Not Enough

Q: How can I disable my antivirus software temporarily when I need to troubleshoot some problem on my system?

A: Occasionally, you might be forced to disable antivirus software temporarily to troubleshoot problems with applications, printing, or the OS itself. On Windows 2000 computers, just shutting down the virus engine service is not enough to disable it temporarily. You also have to disable the device drivers associated with the antivirus software.

Here's how to temporarily disable popular antivirus products on Windows 2000. Right-click on My Computer and select Properties. Click the Hardware tab and click the Device Manager button. Click the View menu and click Show Hidden Devices. Now, expand Non-Plug and Play Drivers to find the Antivirus drivers on your system. Right-click on the correct driver and click Disable.

Table 8-1 identifies the names of the device drivers that correspond with products from popular antivirus software vendors. Note, however, that the device drivers for each application can change, so be sure to verify these device drivers at the appropriate vendors' web sites.

Table 8-1. Device drivers for antivirus software products


Device drivers




NaiFiltr and NaiFsRec





Kernel32.exe Has Encountered a Problem

Q: I get an error message saying that Kernel32.exe is encountering a problem. Is that a system glitch or a virus?

A: If you receive error messages about Kernel32.exe encountering a problem, you need to update your antivirus program, because Kernel32.exe is not a Microsoft file (though Kernel32.DLL is). So, if you see this error message, quickly update your antivirus program and attempt to fix the virus outbreak on the computer.

This issue can occur if your computer is infected by one of the following viruses: Worm_Badtrans.b, Backdoor.G_Door, Glacier Backdoor, Win32.Badtrans.29020, W32.Badtrans.B@mm, and Win32/PWS.Badtrans.B.Worm.

Stinger Tool

Q: Is there a virus-removal tool that can remove multiple viruses, instead of the single tools offered by vendors?

A: On the McAfee help forums, you'll find information on a removal utility called Stinger. This tool is constantly updated to include new removal information for new viruses. You can find more information about Stinger at http://forums.mcafeehelp.com/viewtopic.php?t=764, and you can download the tool from http://vil.nai.com/vil/stinger/.

?Rod Trent