Trojan/virus attacks

I have been getting tons of virus attacks though since I put them in my 'junk mail' list they have not been so numerous. Now I am getting zillions of trojan attacks which my Norton Firewall seems to be keeping at bay.

I keep my Norton AV and Firewall updated weekly, at least, but is there anything more I can do? I have not really read up much on the Norton Firewall options and am not too knowledgeable about all the STP's, TP's, server whatevers that one can configure to be blocked. I just have it on the default settings and it is doing its job but the sheer number of attacks is scary. Do those people have nothing better to do? Should I be doing more?

Thanks in advance

 

Get MailWasher for even more Email protection and control. Use its bounce!

http://www.mailwasher.net/download.php

If you install it always use it never go to OE directly even to send without this behind it!

Now for your trojan worm probes if that is in fact what they are!

You may already have something on your computer inviting them in. They may be responding but stopped by the firewall. I don't use Numnuts products so I am not sure if it screens outgoings. But if it does make sure it is activated. Someone else that uses it can advise better than I.

But to be sure do an online Trojan/worm scan here:

Online Virus scanners
http://www.anti-trojan.net/at.asp?l=en&t=onlinecheck

http://www.pcpitstop.com/antivirus/default.asp

Mike

Better soak me up now, because after I reach 1001 posts and become a SuperGeek like my hero Newt. I am going into semi retirement from BBS maybe full. To much time. After lifting weights 3 nights a week running the other 3. New Girlfriend etc. Getting hard to spend the time required!

My spelling is beginning to get even worse also. I amd actually an execlent speller but can't seem to tye them correctly!! Smile!

 

Trojan List

This is a PARTIAL list of the trojan attacks within a 5 minute period today:

Date: 12/30/02 Time: 11:51:27
Rule "Default Block Back Orifice 2000 Trojan" blocked (xxxxxxxxi1,Back-Orifice-2000). Details:
Inbound TCP connection

Remote address,service is (213.153.37.65,2190)
Process name is "N/A "

Date: 12/30/02 Time: 11:51:27
Rule "Default Block Master Paradise Trojan" blocked (xxxxxxxxx-i1,40426). Details:
Inbound TCP connection

Remote address,service is (213.153.37.65,2178)
Process name is "N/A "

Date: 12/30/02 Time: 11:51:27
Rule "Default Block Backdoor/SubSeven Trojan" blocked (xxxxxxx-i1,54283). Details:
Inbound TCP connection

Remote address,service is (213.153.37.65,2189)
Process name is "N/A "

Date: 12/30/02 Time: 11:51:27
Rule "Default Block Hack 'A' Tack Trojan" blocked (xxxxxxx-i1,31792). Details:
Inbound TCP connection

Remote address,service is (213.153.37.65,2162)
Process name is "N/A "

Date: 12/30/02 Time: 11:51:18
Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.153.37.65,31338)

Date: 12/30/02 Time: 11:48:49
Rule "Default Block NetSphere Trojan" blocked (xxxxxx-i1,30102). Details:
Inbound TCP connection

Remote address,service is (213.153.37.65,1427)
Process name is "N/A "

Date: 12/30/02 Time: 11:48:49
Rule "Default Block GirlFriend Trojan" blocked (xxxxxxx-i1,21554). Details:
Inbound TCP connection
)
Remote address,service is (213.153.37.65,1406)
Process name is "N/A "

Date: 12/30/02 Time: 11:48:49
Rule "Default Block Proziack Trojan" blocked (xxxxxxxx-i1,22222). Details:
Inbound TCP connection

Remote address,service is (213.153.37.65,1407)
Process name is "N/A "

Date: 12/30/02 Time: 11:48:49
Rule "Default Block Donald **** Trojan" blocked (xxxxxxx-i1,23477). Details:
Inbound TCP connection
Remote address,service is (213.153.37.65,1413)
Process name is "N/A "

Date: 12/30/02 Time: 11:48:49
Rule "Default Block Delta Source Trojan" blocked (xxxxxxxx-i1,26274). Details:
Inbound TCP connection
Remote address,service is (213.153.37.65,1414)
Process name is "N/A "

Date: 12/30/02 Time: 11:48:49
Rule "Default Block Portal of Doom Trojan" blocked

Date: 12/30/02 Time: 11:48:49
Rule "Default Block GJammer Trojan" blocked

Date: 12/30/02 Time: 11:48:49
Rule "Default Block COMA Trojan" blocked

Date: 12/30/02 Time: 11:48:49
Rule "Default Block Progenic Trojan" blocked

Date: 12/30/02 Time: 11:48:49
Rule "Default Block Senna Spy Trojan" blocked

Date: 12/30/02 Time: 11:48:49
Rule "Default Block ICKiller Trojan" blocke

Date: 12/30/02 Time: 11:48:49
Rule "Default Block iNi Killer Trojan" blocked

Date: 12/30/02 Time: 11:48:43
Rule "Default Block NetSphere Trojan" blocked

ate: 12/30/02 Time: 11:48:40
Rule "Default Block EvilFTP, UglyFTP Trojan" blocked

Date: 12/30/02 Time: 11:48:40
Rule "Default Block WhackJob Trojan" blocked

Date: 12/30/02 Time: 11:48:40
Rule "Default Block Whack-a-Mole Trojan" blocked

Date: 12/30/02 Time: 11:48:40
Rule "Default Block Keylogger Trojan" blocked

Date: 12/30/02 Time: 11:48:40
Rule "Default Block Acid Shivers Trojan" blocked

Date: 12/30/02 Time: 11:46:45
Rule "Implicit block rule" blocked

Date: 12/30/02 Time: 11:46:45
Rule "Default Block QaZ Trojan" blocked

Date: 12/30/02 Time: 11:46:45
Rule "Default Block GateCrasher Trojan" blocked

Date: 12/30/02 Time: 11:46:45
Rule "Default Block DeepThroat Trojan "

Date: 12/30/02 Time: 11:46:45
Rule "Default Block 'The Thing' Trojan "

I didn't list the hundreds of 'unused port blocking has blocked communications' events within that same 5 minutes! The anti-trojan and pit-stop links you gave me said their tests are not valid if I have my Norton enabled and I sure don't dare disenable it to run the tests for even a minute!

 

I read through your log and noted one thing. These appear to be all inbound. There is nothing you can do about this, nor is it anything to be worried about. These are attempts by trojans out on the internet trying to find other trojans. Norton lists these ports as trojan ports as these are commonly used by trojans.
It is outbound you would need to be concerned about. An outbound would be something on your computer trying to get out.

 

Shturmovik

I agree with markp62.

There is not much you can do with those inbound attempts as long as Norton is blocking them.

I have a Router and the list of inbound attempts it blocks is almost endless. The activity light on the Router is blinking almost constantly. But they are not getting to the activity light on the NIC.

And even if it did NIS should block it.

Even with the Router I need NIS to control the outgoing.

But one thing I believe you should check into is to make sure that File and Printer Sharing is not bound to TCP/IP. If it is it may leave port 139 in the closed mode only and not Stealth.

BillyBob

 

And how does one do that Billybob ???

roy66

 

- right- the My Network Places folder and left-click properties.
- Click on Advanced and then Advanced Settings on the dropdown.

If you have more than one protocol, it will show in the window that comes up (see the picture below) and you can simply uncheck the TCP/IP binding while leaving at least one other. NetBEUI or IPX are the most usual ones.

I only run TCP/IP on this machine so you only see the one entry.

 

http://grc.com/su-bondage.htm
The above webpage is a good read up on network binding, although it would be nice if Steve updated a bit for XP. He does have instructions for NT based systems [XP is], but the screenshots and instructions are for WinNT and can be used for W2K.

 

If you were to say that in a Usenet group where mail admins abound -- say, news.admin.net-abuse.email -- you would be torn to shreds.

I'm much kinder.

All the informed advice is actually to the contrary:

Do NOT use MailWasher's bounce feature.

It is simplistic and damaging.