hacking activities in my server xp need help of experts

finally again here comes a pain ..
i m working on 8 pc on lan one is server
server is runing on xp ...
usually people usuallly mirc for downloading their programmes,games,warez,movies etc
xp server is protected with nortron antivurs and pluse nortron system checker firewall 2003
it was going well but after few day my pc suddenly reset and it comes in my mind pc is hacked and then i try to check out
i did online virus scan housecall got virus malv.. like that and then cleaned after that i unisall bother nav and firewall softwar from pc and installed mcafee ver 7.0.600 and plus firewall
after that i confiugred my network on firewall mcafee
then when system is runing i m getting some problem of hacking activities how to prevent and get block them permenantly to try acess from my server.
mcafee firewall detect hacking activite the message is down there

" "mcafeehas intercepted a syn port scan attack
click here to trace together " "
then i click it tells the detail of attacker like there server hosting
ip address and other information
so can u help me what's this activity how to block it permenetaly
if i not traceout my server become down and no internet working
when i traceout then internet work
now my problems is how to make secure my server from hacking activities like i mention about which deteced of macafee how to cofigura macfee on net work adsl connection to prevent these activities....
how can i stop these activites permenanty i mean no need to sit on the server to checkout how attacked and i have to traced out if i don't do my server will be down..plzzzzzzzzzz
help i m in suffer to
winxp professional
128 mb ram
p4 intel
40gb maxtor

 

hacking activities virus detectd svchost.exe

hi i m back and worry in situation of these actities showing in visual trace of mcafee that some port scan stack to computered
just now i scanned online mcafee i got virus svchost.exe
but can't be deleted because it's in use now need help here dual operation system win2k and winxp both in one system i forgot to mention in previous post so now tell me how can i go to safe mod in dual operating system win2k2 and winxp for delete that file or how to delete that file svchost.exe is it because of this files virus hacking activities is going plz tell me in details
how to getrid from this problem thanx

 

Gotta watch the name closely though.

Svchost.exe is a legit file.

Scvhost.exe is a virus.

 

want to make network secure

o i mentioned that i have 2 operation system the virus found in c where win2k runing and i deleted and another file is in d where winxp is running i also found file svchost.exe but it can't be delete after that i try get rid of these activites but i lost my both to operation system configurtion of net so i can't use net
after that now i m going to install fresh again win2k2 and winxp
so plzz help how to install winxp and win2k2 and how to make secure server that no body can acess and i want to make setting that no body can use without my permition like put some privillages so plzz help me to make my server secure and safe
thanx waiting for you response to make new instalation plzzz

 

fresh instalation

hi guys i have need help again plz yesterday night whole night i worked to make server again so fell so sleepy now u can see my eyes ..
now i installed windows win200o professional on c drive
and windowsxp professional on d drvie and then installed mcafee antivirus and plus firewall after complete setting i scanned mcafee security free scan from website of mcafee
i got virues so how come now i m doubt what wrong's with my computer after format and instalation again how come virus showing in my pc are these are windows files are virus files
dllhost.exe i already deleted but when i search it comes again
svchost.exe this file can delete message acess is denied
i deleted then again online scanned from mcafee no virus detected and another when my client side pc using internet some message appear in mcafee firewall pc no XX want to acess internet in new way
allow
block
allow temproray
check tick if don't notify me again
thanx tell me about this
help

 

After reading through all this, you are doing all your AV scanning and cleaning on the server computer. Meanwhile, the clients are infected and nothing is apparently being done about it, and these machine(s) seem to have full access to the server. You'll need to shut down the network and do each machine individually.

 

how we know it's secure

i goes online security scaing from mcafee and nortron i didn't got any risk or virus attack so can u tell me that how can checkout it's totally safe... can u explain these nortron internet security configuration is it normal going

" "firewall tcp connection" "

inbound permitted 46
outbound permited 51
outbound blocked 28
total permited 97
toalt blocked 28

and these
" " firewall rules" "
is it normal
default inbound icmp 30
======outbound== 00
======inbound dns 4222
======outbanddns 2301
default outband netbios 152
=======inboundloopbackb 160
upnp port 5000 block rule blocked 150
200312415783_mcinfo.exe blocked 29
or i have to install mcafee firewall as well is it okey i install both
firewall .....
explain ....plz

 

Hello z4u,

*or i have to install mcafee firewall as well is it okey i install both
firewall*

If you really want some excitement in your life, install these two together The answer is a resounding No!

I don't use either one, so can't pass judgement on the rule sets.

Your best bet is follow Mark's advice, clean out the individual systems.

Regards - Charles

 

You have 28 connections blocked trying to get out. And by now you have eliminated the server as the infected, but the clients are doing something to get out, if you have the server setup to provide internet access. What, I do not know, and you will not until you do a scan on them or check the firewall logs, if any. Your server's AV program may be compromised, even if it is a new install, as long as the clients are infected with something.

This while allowed outbound can be okay as inbound does not seem to be allowed. But, do you have something connecting out through this and allowing access to your drives on each computer throughout your entire network? And to what IP address? You shouldn't.
Those seem to be default rules setup by the install of the firewall.

 

what's the best way

okey i mark i think some client side computer infected with virus i have to clean with antivirus software..... another thing i don't use my server it's just connected to internet that's all i m using and other server which connected with client and from that server i monitoring them so 1st one xp is only for give internet to client side pc so there is no way to virus or trojan attack that sever because once i m not using it and it's protected with antivirues softare nav2003 and pluse security firewall
so about firewall i m confusing about firewall which is best to protect my server it's adsl internet connection
because i when i install mcafee it always trace syn port scan by suing visual trace so what it means is it normal ????
the message appear trash side a windows appear and showing syn port scan when i click it opne visual trace to check attacker ip address........ what is this ???? why it's detecting in mcafee but in nav firewall it's not like so what you comments about this.....
and i want to put some privilage to make computer security
i m not good in windows xp networking just for knowledge so here i also have need of expert last time the computer was so secure i can't check any drive of my computer and even properties of internet connection so i want to make changes like that in windowsxp i now windows xp is powerful security so here i need help to put privillage on my operating system that no body can check my server even from internet users as well thanx a lot
again i explain
one server dual operating system runing wincows xp on d drive mostly by using internet adsl connection
and on (win98 os ) pc i use as server for printing and monitoring other computers.

 

If you want an explanation of what a SYN packet is, read this page. While it is referring to a DrDOS attack, it will explain quite a bit to you.

It is not a good idea to have MacAffee and Norton's firewall installed at the same time on the same machine.

I do not use either Mac or Norton on my system. I use Kerio, which has a rules based operation. I allow what I want to connect out, and set it to ignore everything else and block them.

While you are not actually at the keyboard of the server, you are using it, no matter how you look at it. You are using it get the internet, or access to printers. As to which OS is doing what, your post is very confusing on this as you jump around too much.

 

still virus SVCHOST.EXE AND dllhost.exe

finally i make fresh instalation it seems when i use firewall on my server my client side speed become slowdown some time firewall don't allow to acess....so sad do u have any idea for firewall or some thing best security for windowsxp i m looking for to prevent my server or make invision for eyes of client side pc plzz help me if u good in winxp privacy....
k mark i need ur help as well
now i installed fresh xp-professional everything okey i didn't insatalled any firewall because it's slowdon the speed of client side pcs and some time block them to acess internet so complaint and complaint now i need advice here to is it good firewall and what about problems above i mentioned or how to protect pc and or anysoftware which make winxp invisibale from others plzz help
and any setting for windows configuration my xp is on ntfs c drive.
k after that after few days i tried to check online virus scaning i got virus SVCHOST.EXE and dllhost.exe can u tell me what kind of these viruses and i tried to clean but they didn't deleted so start pc in safemode and deleted if from there. but i m still so any for mcafee virus scan software which is intalled in my it's didn't detected but when i went into online mcafee virus scan then it detect ......uhhhhhhh
any way i have deleted viruses but still i m in danger plzzzz help
me and i will really thank ful and will appreciate