| View previous topic :: View next topic |
| Author |
Message |
karen
Joined: 03 Mar 2005
Posts: 523
Location: Rochester, NY
|
 Posted: Thu Mar 16, 2006 2:33 pm Post subject: Worm? |
|  |
|
Need some advice here.. Norton AV keeps telling me every few minutes that it detected and blocked a worm.
Intrusion: MS ASN1 Integer Overflow TCP
Intruder: (gives the IP address)
port -- netbios-SSN (gives the #)
Attacked IP -- gives the # and port
I did a complete scan with Trend Micro Housecall, came up clean. But the weird thing is that I keep getting this message that a worm is being blocked, even when I have no programs running and am connected to the Internet but am just staring at my desktop with only the usual stuff in my system tray. (Zone Alarm, Spy Sweeper, Skype)
Any advice? The NAV support info regarding this problem is not readable to me.
Thanks,
Karen
Last edited by karen on Thu Mar 16, 2006 11:01 pm; edited 1 time in total |
|
| Back to top |
|
 |
karen
Joined: 03 Mar 2005
Posts: 523
Location: Rochester, NY
|
| Posted: Thu Mar 16, 2006 11:01 pm Post subject: |
| |
|
ok.. looked up the IP addresses of these "intruders".. they're all coming from my own ISP  . Called them, and they didn't know anything about this MS ASN1 thing, but said that these are not real intrusions.
Still I wonder why this MS ASN1 is being detected, since Symantec says that is a high risk threat.
Would be real nice to own a Mac right about now, I think.
-Karen |
|
| Back to top |
|
|
Monkeyman
Joined: 21 Jan 2006
Posts: 74
Location: London UK
|
|
| Back to top |
|
|
karen
Joined: 03 Mar 2005
Posts: 523
Location: Rochester, NY
|
| Posted: Fri Mar 17, 2006 6:36 pm Post subject: |
| |
|
Thanks.. I use the free ZoneAlarm software, but would a hardware firewall be much better? Somewhere I read something that gave me the impression that it wasn't as straightforward as that.
Karen |
|
| Back to top |
|
|
spade
Joined: 24 Jan 2005
Posts: 425
|
| Posted: Sat Mar 18, 2006 12:51 am Post subject: |
| |
|
There are pros and cons to each side.
ZA is easier to configure, but it can't do everything a hardware router does. ZA can detect outbound software (e.g. spyware). ZA uses CPU, but probably not anything noticable. ZA is attached to one computer.
Routers are more involved to setup, but the basic stuff is easy - its when you get into the more advanced port forwarding and tunneling that you have to know what you are doing. Routers can't auto detect outbound traffic - you have to set everything up. For most people, this is port 80 for web traffic and perhaps instant messenging and email. Routers don't use CPU. Routers can have multiple people plugin to it and get the same protection. If you want, you can customize routers for who gets access to what, when and how much at what times.
Like all things in life, it all depends on what you want to do.
-Terry |
|
| Back to top |
|
|
Cece
Joined: 25 Jan 2005
Posts: 351
Location: Houston, TX
|
| Posted: Sat Mar 18, 2006 4:29 am Post subject: |
| |
|
There is no "ONE" tool that can keep you safe.
If the attacks come from your computer then it is something installed on your machine. By definition, you have a trojan.
In today's world you need a multitude of tools to stay safe...and that isn't 100% either, especially if you find youself ouside of the social "norm". |
|
| Back to top |
|
|
cumulus
Joined: 25 Mar 2006
Posts: 20
Location: England
|
| Posted: Sun Mar 26, 2006 6:39 pm Post subject: |
| |
|
Karen: The cryptic messages about "MS ASN1 Integer Overflow TCP" mean that someone or something is trying to break into your computer by exploiting a particular bug in part of Windows. This is probably a result of a worm on someone else's computer (not yours - which is why the scans come up clean), which is trying to use this particular bug to spread itself, and the firewall is successfully blocking it from infecting your computer. It's probably not specifically targetting you, but every person who uses the same ISP; these worms typically cycle through a range of IP addresses or pick addresses at random and try to infect all of them. And some of those people might not have a firewalll... so your ISP really should know about it, and should warn the people with the IP address(es) indicated to check their computer(s) for viruses.
Patches to fix the bug (not strictly needed if your firewall can block the attacks, but a good idea to install anyway) can be downloaded from:
http://www.microsoft.com/technet/security/bulletin/MS04-007.mspx
It looks like Windows XP with Service Pack 2 doesn't have this bug, but every older version does - and it's a very serious bug which could potentially allow damaging code to be run on any affected computer, just by connecting to it over the network (no need to open e-mails or anything)... so I reccomend everyone check if there's a patch for their system! (though if you use 'Windows Update', the patch is probably already installed)
It wouldn't be the first worm of its kind... I removed two of them from our home network, and one of the same from a friend's computer, about 2 years ago - fortunately all they did was spread very quickly, and clog network bandwidth in doing so. |
|
| Back to top |
|
|
karen
Joined: 03 Mar 2005
Posts: 523
Location: Rochester, NY
|
| Posted: Sun Mar 26, 2006 7:29 pm Post subject: |
| |
|
Thanks for the info! I do have Win XP SP2, which isn't supposed to have that bug.. hmmm.
The "intrusion" events that NAV worm protection keeps blocking, are still happening every few minutes.
Also, Zone Alarm every once in a while asks me if I want to allow "LSA Shell (Export Version)", and i keep denying it access, then did a search on it and found that it's associated with the sasser worm..?
In any case, I plan to do a few of the things suggested, like ditch NAV, get a hardware router.. figure out how to increase my tolerance for such techy activities
-Karen
_________________
Dynamic Regimen and Nutrition Counseling
Individualized counseling for nutrition and natural healing:
www.dynamicregimen.com
Free e-book, newsletter, articles and resources:
www.guideforselfhealing.com |
|
| Back to top |
|
|
cumulus
Joined: 25 Mar 2006
Posts: 20
Location: England
|
|
| Back to top |
|
|
Inge
Joined: 27 Jan 2006
Posts: 105
Location: Norway
|
| Posted: Mon Mar 27, 2006 3:16 pm Post subject: re |
| |
|
a bit off the topic with this one --> but after i got rid of the antivirus software i have not have had 1% of the problems i had before. Strange...could be I am just lucky tho  |
|
| Back to top |
|
|
Dano
Joined: 02 Jul 2005
Posts: 127
Location: The most corrupt state in the union, NJ
|
| Posted: Wed Mar 29, 2006 4:29 pm Post subject: |
| |
|
Do a search for a program called SLAP, it works well with zone alarm and you can send a message back to the originating IP address telling you to leave me alone.
Dano
_________________
"They keep talking about drafting a Constitution for Iraq. Why don't we just give them ours? It was written by a lot of really smart guys. It has worked well for over two hundred years and we're not using it anymore." George Carlin. |
|
| Back to top |
|
|
EDGE
Guest
|
| Posted: Sat Apr 01, 2006 11:12 pm Post subject: AV |
| |
|
I personally think Norton Antivirus is a virus.
Get Kaspersky, NOD32, or Panda Titanium. And a router with a built-in firewall, preferably a linksys or netgear. That will sufficiently halt all those problems. I personally do not even use an antivirus program. They are a waste of system resources if you block cookies and don't use a P2P (kazaa, morpheus, bearshare, et al.) Use bittorrent, it is slower but infinitely more reliable.
Windows live has an online virus scan for free, as well as windows defender. Which is Giant Antispyware that they bought and re-logo'ed. I offer these suggestions only because they are free.
www.live.com |
|
| Back to top |
|
|
Cece
Joined: 25 Jan 2005
Posts: 351
Location: Houston, TX
|
| Posted: Sun Apr 02, 2006 3:00 am Post subject: |
| |
|
FYI
The last trojan I got entered my system through the Microsoft Anti SpyWare program when it was still in Beta testing. |
|
| Back to top |
|
|
karen
Joined: 03 Mar 2005
Posts: 523
Location: Rochester, NY
|
| Posted: Sun Apr 02, 2006 3:32 am Post subject: |
| |
|
Thanks for all the suggestions.. I finally had someone do some work on my computer, added some much-needed memory, but it was after ditching NAV that it really started running beautifully
He installed Avast anti-virus, activated the Windows firewall and took out ZoneAlarm. I used a program called "Leak Test" to test the firewall, failed the test. Put back ZoneAlarm, passed the test.
So I think I'm set for now, will consider a hardware firewall at some point. thanks again all.
Karen
_________________
Dynamic Regimen and Nutrition Counseling
Individualized counseling for nutrition and natural healing:
www.dynamicregimen.com
Free e-book, newsletter, articles and resources:
www.guideforselfhealing.com |
|
| Back to top |
|
|
Dreamwarrior
Joined: 13 Jun 2006
Posts: 35
Location: Omaha
|
| Posted: Mon Jun 19, 2006 5:22 am Post subject: I was just about to reccomend avast... |
| |
|
We use avast on our windows xp box. There is even a function to allow you to see everything your computer is doing in real time. We've discovered alot of hack attempts this way and it always alerts us to some new malware we may have gotten infected with.
We take alot of risks with our computers sometimes, because we know how to remove just about everything.
I have some other software I reccommend for house cleaning, I will have the one who uses windows xp in my home compile a list and sources for the software we use. Highly recommended stuff from us.
I use ubuntu linux and I recommend it to everyone. Really easy to use and great support.
Nick
_________________
I am the Rabble Rouser, please be prepared to be Rabbled. |
|
| Back to top |
|
|
|
