[sgeva2001]

I get this alert from NOD32:
"
Time Module Object Name Threat Action User Information
04/07/08 06:23:36 Kernel file C:\Program Files\Replay AV 8\ReplayAV.exe probably a variant of Win32/Genetik trojan
"
1. I have REPLAY AV program fo more then a year and now it became a threat? is it a real threat?
2. What the damage it can cause?

thank you

[1SillyBilly]

It may be a false positive. Download, update and run Spybot S&D. Do not enable TeaTimer. But do Immunize.

http://www.safer-networking.org/en/download/index.html

[sgeva2001]

I have run SPYBOT before this post and no result.
But it was with enable Tea Timer and I do not know about Immunize..
Why it is important to disable TeaTimer and enable Immunize?

[Byteman]

Hi,

Tea Timer protects the system from changes...and it cannot tell the difference between changes you need to make and those that malware might be making....Tea Timer must be turned off during the time you are scanning for or fixing malware, and often during other changes such as uninstalling and installing software.

The directions for turning off Tea Timer are at this page, along with a list of other programs that do similar things and sometimes must be temporarily turned off:

http://wiki.castlecops.com/Malware_R...oring_Programs


Immunizing in SpyBot means to install the latest detection updates....when you download the latest ones, they don't get added until you run the Immunize feature...here's the how to:

http://www.it.northwestern.edu/secur...-immunize.html

I see you have posted here:

http://www.computing.net/answers/sec...jan/23001.html


They've answered you and you scanned the files with Jotti online scanner> that should satisy you that this is a false positive.

[sgeva2001]

thank you on the wide explanation.

I want to be sure I undersatnd:
1. every time I am making a scan I have to turn off all this programs? I use part of them.
IT is hard work...
and then turning back to on...
What about working in this way:
for scanning only they can remain active
and then if they discover a malware and does not succeed in fixing the malware
Only then to do this long procedure?

[Byteman]

Keep your antivirus program running-

1. The question about NOD32 was dealt with, the file it found is a false positive and you do not need to delete or quarantine the file.

2. SpyBot's Tea Timer feature:

It's your choice to use Tea Timer or not, but having it enabled means each time some program, good or bad, changes the Windows Registry or does certain other things, you will have to take an action like clicking Yes or No, to block or Allow the action. Many people find Tea Timer to be a problem to use. TT can be simply turned off.

3. For Immunization: Has nothing to do with scanning....

You immunize only just after SpyBot has the latest detection updates downloaded (by you, it does not update automatically). You simply click "Immunize" on the left side of SpyBot's window....the program shows you the number of items that the updates will add to protection for you. Then, you simply click the Immunize cross at the top of SpyBot to add the latest protections. That is not any long procedure....it's how the program works.

[sgeva2001]

Immunization and SpywareBlasterr does not do the same thing?

[Byteman]

Hi, No, but similar. I use both SpyBot and Spywareblaster on every system I work on.

SpyBot is not going to give you much protection without Immunizing after the Updates are downloaded.



Spywareblaster= you have to also get Updates for protection and add them

[sgeva2001]

thank you very much.