Ive been having lots of virus and trojan att. lately 
Author Message
 Ive been having lots of virus and trojan att. lately

Started beginning of Nov. I was away for a weekend and when i got home there
had been hundreds of attempt.
I deleted the log and dont remember if it was a virus or trojan.
It has continued since and ive kept most of the logs.

Wondered if anyone has any info on these:

"Default Block Backdoor/Subseven Trojan" (inbound)

"Default Block TransSout" (inbound)   Havnt found any info on this 1 and
have no clue what it is!

"Default Block Hack 'A' Tack Trojan" (inbound)

I have had more attempts with different ones but havnt kept the logs!

Is it possible to find out wich country it comes from just with the
ipadress?
Is there a reason i should be worried?

The attempts come maybe every second day and usually from 20.00pm and later



Thu, 13 May 2004 09:57:59 GMT  
 Ive been having lots of virus and trojan att. lately
you may have a good antivirus sw and a personal / corporate firewall or IDS
sw such as network ice; then you may need to use all as up-to-date all the
time...

these attacks are normal / normal to face with such these attacks on the net
!

if you know that you have protected you may not worry any more...


Quote:
> Started beginning of Nov. I was away for a weekend and when i got home
there
> had been hundreds of attempt.
> I deleted the log and dont remember if it was a virus or trojan.
> It has continued since and ive kept most of the logs.

> Wondered if anyone has any info on these:

> "Default Block Backdoor/Subseven Trojan" (inbound)

> "Default Block TransSout" (inbound)   Havnt found any info on this 1 and
> have no clue what it is!

> "Default Block Hack 'A' Tack Trojan" (inbound)

> I have had more attempts with different ones but havnt kept the logs!

> Is it possible to find out wich country it comes from just with the
> ipadress?
> Is there a reason i should be worried?

> The attempts come maybe every second day and usually from 20.00pm and
later



Sun, 16 May 2004 00:39:54 GMT  
 Ive been having lots of virus and trojan att. lately
Hi, I'll add my two cents here.  I use ZoneAlarm firewall and I have it
configured to suppress all alerts.  You can work yourself into a frenzy
worrying about of the attempts to get into your computer ... or you can
simply supress them and not worry about them.

I would see 20 or so attempts within an hour and get upset.  Now I simply
ignore them and let my program do its job.

All the best, Dave



Sun, 11 Jul 2004 17:53:44 GMT  
 Ive been having lots of virus and trojan att. lately

Quote:

> Hi, I'll add my two cents here.  I use ZoneAlarm firewall and I have it
> configured to suppress all alerts.  You can work yourself into a frenzy
> worrying about of the attempts to get into your computer ... or you can
> simply supress them and not worry about them.

> I would see 20 or so attempts within an hour and get upset.  Now I simply
> ignore them and let my program do its job.

> All the best, Dave

Dave is EXACTLY on the mark. (apart from calling zonealarm a firewall.
its a personal firewall. big difference)

This is the reason I dislike the idea of 'personal firewalls' in
mainstream use (pstn at least. broadband needs it). People see these
scarey sounding alerts, panic, then waste both their time, and other
peoples, establishing that its nothing but a port scan, which is
completely harmless!

Inbound connection attempts are *nothing* to worry about. Ignore them
completely, dont even bother logging them. It doesnt mean you have a
virus, or are running a trojan service. It means some one is 'probing'
your computer, to see if you've got a trojan acting as a server,
waiting for them to log in and take control of various aspects of your
machine.
But as a)you dont have the trojan installed (AV will pick up all comon
trojans like sub7 etc), and b)the packets have been filtered (ie: the
log-in attempt blocked at the earliest stage), there is no problem,
nothing to worry about.

I hope that explained it slightly. The things you need to worry about
are terminology that sounds like 'connection established', as opposed
to 'connection attempt'. It you get the first, or some wording
variation, it means a handshake has occured, authentication is either
in process or has been established.
As I use a static IP at home, I run tiny personal firewall. It doesnt
log much, and I never ever check alerts. The only interaction I have
with it is if a local application tries communicating out, or an
external address tries communicating in, to a known service.
Everything else is blocked by my first default rule (block all in, all
out). This way, I dont need to do a dam thing, it just runs quietly in
the background. And thats as good as its gonna get (without a
router/firewall inbetween my box and the connection).

Jon



Mon, 12 Jul 2004 19:48:45 GMT  
 
 [ 4 post ] 

 Relevant Pages 

1. ATT: Virus New ??

2. Antigen found Win32/PSW.Hooker 2.4.Trojan (CA(InoculateIT)) virus

3. Trojan Dialer Virus

4. trojan virus

5. virus removal: Backdoor.Sdbot (Trojan)

6. Trojan Horse Virus, Help needed

7. trojan virus

8. Trojan Virus

9. XP Pro Virus, trojan?? Please Help, expert needed

10. virus/trojan?

11. IRC Trojan virus

 

 
Powered by phpBB® Forum Software