Re: "KB832894" Spyware??????????

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Bill Drake (bdrake_at_telus.net)
Date: 02/08/04 

Date: Sun, 8 Feb 2004 14:19:38 -0800

What this means is a Security Certificate for one of your Software
packages has expired. That software package is automatically
checking the validity of the expired Security Certificate whenever
that software package is accessed.

Norton AntiVirus checks each program you access -- whenever you
start to access that file. If you have an expired Security Certificate,
then NAV must go to Verisign and check the validity of that certificate
as part of ensuring your NAV is working properly.

To fix this, it is necessary to update your Security Certificates. This
is normally done by updating your Symantec Live-Update engine, which
includes updating the necessary Security Certificates as part of the
update to Symantec's Live-Update.

Wrinkles and "gotchas":

In some cases, it is necessary to *manually* run the Live-Update
procedure from the Norton SystemWorks master control panel in
order to update various Symantec engines, including Live-Update
itself. Try this as your first step in solving this problem.

In some cases, it is necessary to download and install the Symantec
Live-Update engine manually. You can do this by going to the
Symantec Security website and getting the latest Live-Update
Engine installer.

See the following URL for access to the latest Live-Update:

http://www.symantec.com/techsupp/files/lu/lu.html

Best I can do for now. <tm>

Bill

JimBob wrote:
> hello,
>
> WinXP Pro SP1 IE6 SP1 here and have seen the same thing. I would have
> assumed it would have been IE6 calling out, but what seems odd is it's
> Explorer.exe that is calling out. I just assume their checking for
> updated certificates. What is really odd is I noticed the same thing
> happening whenever I'm online (56K) and I right click any file to
> check properties. I tracked this down to the security update 828026
> for WMP 9. I uninstalled 828026 and the calling out, when right
> clicking any file, stops. I have WMP 9 auto updating disabled, but
> when reinstalling the update Explorer.exe still calls out to
> crl.verisign.com whenever I right click any file while online. Now
> this I think is odd behavior.
>
> "MowGreen [MVP]" <mowgreen@nownadzen.com> wrote in message
> news:%23LSjRHS7DHA.2056@TK2MSFTNGP10.phx.gbl...
>>> I just found out it is somehow linked to Norton
>>> antivirus
>>
>> Then that explains it, doesn't it ? It's Norton related, probably
>> LiveUpdate trying to check the legitimacy of your AV via that web
>> site either prior to, or during, updating the virus definitions.
>> Check Symantec for details.
>>
>>
>> MowGreen [MVP]
>> *-343-* Never Forgotten
>>
>>
>> Andre wrote:
>>
>>> Sorry if anyone was looking for the answer to my
>>> problem...I just found out it is somehow linked to Norton
>>> antivirus....still, it has been hapening only since I
>>> downloaded this latest Microsoft update that this url
>>> somehow appears in my temporary internet folder whenever
>>> live update goes online either automaticaly or manualy.
>>> Am I paranoid about spyware???????????
>>>
>>>
>>>
>>>
>>>> -----Original Message-----
>>>> After installing this latest critical update:both my
>>>
>>> pc,s
>>>
>>>> one with windows 98 and the other with XP on boot-up
>>>> when "cnnected to broadband" will go surfing by
>>>> themselves to
>>>> http://crl.verisign.com/Class3softwarePublishers.crl
>>>
>>> with
>>>
>>>> no alert from ZoneAlarm. This is annoying and smells of
>>>> spyware but is not identified by Adaware or SpyBot...any
>>>> answers out there???
>>>> .