Announcement

Collapse
No announcement yet.

[OT]Virus or Worm? Help!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    [OT]Virus or Worm? Help!

    Hey,
    I recently noticed my firewall (ZA Free Edition) was doing some serious overtime, and blocking numerous attackers from various different locations and ISP's worldwide (Bellsouth, touchtelindia, demon.nl and more) all trying to access UDP and TCP. I also found two backdoor trojans on my comp using AVG 7, the files removed were wupdt32x.exe and tftp340, however once my system was delclared *clean* the attacks were still happening. so i ran adaware, spybot, housecall trend, macafee stinger, several worm fixes etc all to no avail!

    i decided to format and reinstall winxp. (note i didnt delete the current partition and create a new one!) these attacks are still persisting,my firewall is recording like 15 attacks in 20 seconds. (note im on ADSL, dynamic IP)

    any ideas please?
    ive search every AV database i can find, spoke to technitions at my uni and still im getting this.
    is it a boot sector/master boot record virus? i tried bootfix and fixmbr commands in repair console also!

    :cry: :cry: :cry:
    i cant play UT2004 or do any work

    #2
    Er, ziadoz, if they're attacking you but your firewall is blocking them all...

    Comment


      #3
      Probably no worries, it goes in spells. HOWEVER: from a command prompt do a

      netstat -a

      that will show what connections exist and what ports your machine is listening on..

      Make sure anything you see 'makes sense' to you.

      Also if you can, check you 'usage' thru your isp to see if you were/are doing a lot of outbound traffic.

      Note, if the netstat results are too much gibberish, you could post them here. But edit out your IP address to be something like m.i.n.e or whatever, no point making yourself a further target.

      Comment


        #4
        yeah my firewall is blocking them, but dont you think its unusal with a dynamic IP to be getting attacked by practically every ISP in the world repeatedly ALL the time, the attacks range from Medium to High

        Comment


          #5
          Originally posted by neoflame
          Er, ziadoz, if they're attacking you but your firewall is blocking them all...
          Yup, I occasinally get spikes where I get a few hundred blocked events in seconds.

          Doesnt really bother me cus they are getting blocked so they arent doing anything to my PC.

          Comment


            #6
            Lots of good free stuff!!!

            I use Shoot the messenger, Un-Plug and pray, and Decombobulator. You have to reboot after Decombobulator.

            Indy

            Comment


              #7
              I am no computer security expert and I don't know if this is of any use, but could it be your computer is not stealthed properly?

              I used to have ZoneAlarm, but when I run some firewall tests, it looked like ZA wasn't really functioning properly. I then decided to get Sygate Firewall and I have had no worries since then. And the test results look good too :noob:

              Here are some links to firewall testers:
              https://grc.com/x/ne.dll?bh0bkyd2
              http://scan.sygatetech.com/
              http://www.hackerwatch.org/probe/

              Comment


                #8
                Im using a nifty proggy called trojan guarder golden http://www.download.com/Trojan-Guard...ml?tag=lst-0-1
                also a router and nav 2005
                in the week ive had the new nav it has blocked 3 internet worm viruses from outside ips and tgg has killed 2 trojans upon exe and blocked about 4
                I got tired of getting trojans and not knowing till nav 2002 freaked out and locked my pc

                Comment


                  #9
                  i used to use sygate, until they upgrade to a newer version and it totally lagged my pc to a halt!

                  Comment

                  Working...
                  X