Virus, Ive been having lots of virus and trojan att. lately

Ive been having lots of virus and trojan att. lately

Author	Message
Stin #1 / 4	Ive been having lots of virus and trojan att. lately Started beginning of Nov. I was away for a weekend and when i got home there had been hundreds of attempt. I deleted the log and dont remember if it was a virus or trojan. It has continued since and ive kept most of the logs. Wondered if anyone has any info on these: "Default Block Backdoor/Subseven Trojan" (inbound) "Default Block TransSout" (inbound) Havnt found any info on this 1 and have no clue what it is! "Default Block Hack 'A' Tack Trojan" (inbound) I have had more attempts with different ones but havnt kept the logs! Is it possible to find out wich country it comes from just with the ipadress? Is there a reason i should be worried? The attempts come maybe every second day and usually from 20.00pm and later
Thu, 13 May 2004 09:57:59 GMT

Orhan O. Ba #2 / 4	Ive been having lots of virus and trojan att. lately you may have a good antivirus sw and a personal / corporate firewall or IDS sw such as network ice; then you may need to use all as up-to-date all the time... these attacks are normal / normal to face with such these attacks on the net ! if you know that you have protected you may not worry any more... Quote: > Started beginning of Nov. I was away for a weekend and when i got home there > had been hundreds of attempt. > I deleted the log and dont remember if it was a virus or trojan. > It has continued since and ive kept most of the logs. > Wondered if anyone has any info on these: > "Default Block Backdoor/Subseven Trojan" (inbound) > "Default Block TransSout" (inbound) Havnt found any info on this 1 and > have no clue what it is! > "Default Block Hack 'A' Tack Trojan" (inbound) > I have had more attempts with different ones but havnt kept the logs! > Is it possible to find out wich country it comes from just with the > ipadress? > Is there a reason i should be worried? > The attempts come maybe every second day and usually from 20.00pm and later
Sun, 16 May 2004 00:39:54 GMT

D_W_ #3 / 4	Ive been having lots of virus and trojan att. lately Hi, I'll add my two cents here. I use ZoneAlarm firewall and I have it configured to suppress all alerts. You can work yourself into a frenzy worrying about of the attempts to get into your computer ... or you can simply supress them and not worry about them. I would see 20 or so attempts within an hour and get upset. Now I simply ignore them and let my program do its job. All the best, Dave
Sun, 11 Jul 2004 17:53:44 GMT

Jon Ra #4 / 4	Ive been having lots of virus and trojan att. lately Quote: > Hi, I'll add my two cents here. I use ZoneAlarm firewall and I have it > configured to suppress all alerts. You can work yourself into a frenzy > worrying about of the attempts to get into your computer ... or you can > simply supress them and not worry about them. > I would see 20 or so attempts within an hour and get upset. Now I simply > ignore them and let my program do its job. > All the best, Dave Dave is EXACTLY on the mark. (apart from calling zonealarm a firewall. its a personal firewall. big difference) This is the reason I dislike the idea of 'personal firewalls' in mainstream use (pstn at least. broadband needs it). People see these scarey sounding alerts, panic, then waste both their time, and other peoples, establishing that its nothing but a port scan, which is completely harmless! Inbound connection attempts are nothing to worry about. Ignore them completely, dont even bother logging them. It doesnt mean you have a virus, or are running a trojan service. It means some one is 'probing' your computer, to see if you've got a trojan acting as a server, waiting for them to log in and take control of various aspects of your machine. But as a)you dont have the trojan installed (AV will pick up all comon trojans like sub7 etc), and b)the packets have been filtered (ie: the log-in attempt blocked at the earliest stage), there is no problem, nothing to worry about. I hope that explained it slightly. The things you need to worry about are terminology that sounds like 'connection established', as opposed to 'connection attempt'. It you get the first, or some wording variation, it means a handshake has occured, authentication is either in process or has been established. As I use a static IP at home, I run tiny personal firewall. It doesnt log much, and I never ever check alerts. The only interaction I have with it is if a local application tries communicating out, or an external address tries communicating in, to a known service. Everything else is blocked by my first default rule (block all in, all out). This way, I dont need to do a dam thing, it just runs quietly in the background. And thats as good as its gonna get (without a router/firewall inbetween my box and the connection). Jon
Mon, 12 Jul 2004 19:48:45 GMT

Page 1 of 1

[ 4 post ]