HOME

SHOP ORGONE CRYSTALS

528Hz

Vote For Warrior Matrix at Conspiracy Top Sites

daily quote warrior matrix

Follow Us On Facebook
Worm?
Goto page 1, 2  Next
 
Post new topicReply to topic
   Warrior Matrix Forum Index -> Computer Security
View previous topic :: View next topic  
Author Message
karen
Member


Joined: 03 Mar 2005
Posts: 533
Location: Rochester, NY

PostPosted: Thu Mar 16, 2006 2:33 pm    Post subject: Worm? Reply with quote

Need some advice here.. Norton AV keeps telling me every few minutes that it detected and blocked a worm.

Intrusion: MS ASN1 Integer Overflow TCP
Intruder: (gives the IP address)
port -- netbios-SSN (gives the #)
Attacked IP -- gives the # and port

I did a complete scan with Trend Micro Housecall, came up clean. But the weird thing is that I keep getting this message that a worm is being blocked, even when I have no programs running and am connected to the Internet but am just staring at my desktop with only the usual stuff in my system tray. (Zone Alarm, Spy Sweeper, Skype)

Any advice? The NAV support info regarding this problem is not readable to me.

Thanks,
Karen


Last edited by karen on Thu Mar 16, 2006 11:01 pm; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
karen
Member


Joined: 03 Mar 2005
Posts: 533
Location: Rochester, NY

PostPosted: Thu Mar 16, 2006 11:01 pm    Post subject: Reply with quote

ok.. looked up the IP addresses of these "intruders".. they're all coming from my own ISP Smile. Called them, and they didn't know anything about this MS ASN1 thing, but said that these are not real intrusions.

Still I wonder why this MS ASN1 is being detected, since Symantec says that is a high risk threat.

Would be real nice to own a Mac right about now, I think.

-Karen
Back to top
View user's profile Send private message Visit poster's website
Monkeyman
Member


Joined: 21 Jan 2006
Posts: 74
Location: London UK

PostPosted: Fri Mar 17, 2006 6:13 pm    Post subject: Reply with quote

Don't know anything about this worm, but a hardware firewall / router can be picked up for not much money (guess $25 -50). It goes inbetween your broadband modem and your computer.

D Link
Linksys
Netgear

are all well known brands.

eg http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename= US%2FLayout&cid=1122062340941&pagename=Linksys%2FCommon%2FVisitorWrapp er
_________________
Mark
TBs work and every little helps - Get Gifting Wink

Your belief is a powerful tool - use it wisely
Back to top
View user's profile Send private message
karen
Member


Joined: 03 Mar 2005
Posts: 533
Location: Rochester, NY

PostPosted: Fri Mar 17, 2006 6:36 pm    Post subject: Reply with quote

Thanks.. I use the free ZoneAlarm software, but would a hardware firewall be much better? Somewhere I read something that gave me the impression that it wasn't as straightforward as that.

Karen
Back to top
View user's profile Send private message Visit poster's website
spade
Member


Joined: 24 Jan 2005
Posts: 424

PostPosted: Sat Mar 18, 2006 12:51 am    Post subject: Reply with quote

There are pros and cons to each side.

ZA is easier to configure, but it can't do everything a hardware router does. ZA can detect outbound software (e.g. spyware). ZA uses CPU, but probably not anything noticable. ZA is attached to one computer.

Routers are more involved to setup, but the basic stuff is easy - its when you get into the more advanced port forwarding and tunneling that you have to know what you are doing. Routers can't auto detect outbound traffic - you have to set everything up. For most people, this is port 80 for web traffic and perhaps instant messenging and email. Routers don't use CPU. Routers can have multiple people plugin to it and get the same protection. If you want, you can customize routers for who gets access to what, when and how much at what times.

Like all things in life, it all depends on what you want to do.

-Terry
Back to top
View user's profile Send private message Send e-mail
Cece
Member


Joined: 25 Jan 2005
Posts: 351
Location: Houston, TX

PostPosted: Sat Mar 18, 2006 4:29 am    Post subject: Reply with quote

There is no "ONE" tool that can keep you safe.

If the attacks come from your computer then it is something installed on your machine. By definition, you have a trojan.

In today's world you need a multitude of tools to stay safe...and that isn't 100% either, especially if you find youself ouside of the social "norm".
Back to top
View user's profile Send private message MSN Messenger
cumulus
Member


Joined: 25 Mar 2006
Posts: 20
Location: England

PostPosted: Sun Mar 26, 2006 6:39 pm    Post subject: Reply with quote

Karen: The cryptic messages about "MS ASN1 Integer Overflow TCP" mean that someone or something is trying to break into your computer by exploiting a particular bug in part of Windows. This is probably a result of a worm on someone else's computer (not yours - which is why the scans come up clean), which is trying to use this particular bug to spread itself, and the firewall is successfully blocking it from infecting your computer. It's probably not specifically targetting you, but every person who uses the same ISP; these worms typically cycle through a range of IP addresses or pick addresses at random and try to infect all of them. And some of those people might not have a firewalll... so your ISP really should know about it, and should warn the people with the IP address(es) indicated to check their computer(s) for viruses.

Patches to fix the bug (not strictly needed if your firewall can block the attacks, but a good idea to install anyway) can be downloaded from:
http://www.microsoft.com/technet/security/bulletin/MS04-007.mspx

It looks like Windows XP with Service Pack 2 doesn't have this bug, but every older version does - and it's a very serious bug which could potentially allow damaging code to be run on any affected computer, just by connecting to it over the network (no need to open e-mails or anything)... so I reccomend everyone check if there's a patch for their system! (though if you use 'Windows Update', the patch is probably already installed)

It wouldn't be the first worm of its kind... I removed two of them from our home network, and one of the same from a friend's computer, about 2 years ago - fortunately all they did was spread very quickly, and clog network bandwidth in doing so.
Back to top
View user's profile Send private message
karen
Member


Joined: 03 Mar 2005
Posts: 533
Location: Rochester, NY

PostPosted: Sun Mar 26, 2006 7:29 pm    Post subject: Reply with quote

Thanks for the info! I do have Win XP SP2, which isn't supposed to have that bug.. hmmm.

The "intrusion" events that NAV worm protection keeps blocking, are still happening every few minutes.

Also, Zone Alarm every once in a while asks me if I want to allow "LSA Shell (Export Version)", and i keep denying it access, then did a search on it and found that it's associated with the sasser worm..?

In any case, I plan to do a few of the things suggested, like ditch NAV, get a hardware router.. figure out how to increase my tolerance for such techy activities Smile

-Karen
_________________
Dynamic Regimen and Nutrition Counseling
Individualized counseling for nutrition and natural healing:
www.dynamicregimen.com
Free e-book, newsletter, articles and resources:
www.guideforselfhealing.com
Back to top
View user's profile Send private message Visit poster's website
cumulus
Member


Joined: 25 Mar 2006
Posts: 20
Location: England

PostPosted: Mon Mar 27, 2006 3:05 pm    Post subject: Reply with quote

I think NAV will still detect and block the attempted attacks, whether or not your computer would actually be vulnerable if they got through.

http://vil.nai.com/vil/stinger/ - utility to detect and remove several viruses/worms including Sasser.

http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.rem oval.tool.html - another Sasser removal tool.
Back to top
View user's profile Send private message
Inge
Member


Joined: 27 Jan 2006
Posts: 112
Location: Norway

PostPosted: Mon Mar 27, 2006 3:16 pm    Post subject: re Reply with quote

a bit off the topic with this one --> but after i got rid of the antivirus software i have not have had 1% of the problems i had before. Strange...could be I am just lucky tho Very Happy
Back to top
View user's profile Send private message
Dano
Member


Joined: 02 Jul 2005
Posts: 126
Location: The most corrupt state in the union, NJ

PostPosted: Wed Mar 29, 2006 4:29 pm    Post subject: Reply with quote

Do a search for a program called SLAP, it works well with zone alarm and you can send a message back to the originating IP address telling you to leave me alone.
Dano
_________________
"They keep talking about drafting a Constitution for Iraq. Why don't we just give them ours? It was written by a lot of really smart guys. It has worked well for over two hundred years and we're not using it anymore." George Carlin.
Back to top
View user's profile Send private message
EDGE
Guest





PostPosted: Sat Apr 01, 2006 11:12 pm    Post subject: AV Reply with quote

I personally think Norton Antivirus is a virus.

Get Kaspersky, NOD32, or Panda Titanium. And a router with a built-in firewall, preferably a linksys or netgear. That will sufficiently halt all those problems. I personally do not even use an antivirus program. They are a waste of system resources if you block cookies and don't use a P2P (kazaa, morpheus, bearshare, et al.) Use bittorrent, it is slower but infinitely more reliable.

Windows live has an online virus scan for free, as well as windows defender. Which is Giant Antispyware that they bought and re-logo'ed. I offer these suggestions only because they are free.
www.live.com
Back to top
Cece
Member


Joined: 25 Jan 2005
Posts: 351
Location: Houston, TX

PostPosted: Sun Apr 02, 2006 3:00 am    Post subject: Reply with quote

FYI

The last trojan I got entered my system through the Microsoft Anti SpyWare program when it was still in Beta testing.
Back to top
View user's profile Send private message MSN Messenger
karen
Member


Joined: 03 Mar 2005
Posts: 533
Location: Rochester, NY

PostPosted: Sun Apr 02, 2006 3:32 am    Post subject: Reply with quote

Thanks for all the suggestions.. I finally had someone do some work on my computer, added some much-needed memory, but it was after ditching NAV that it really started running beautifully Smile

He installed Avast anti-virus, activated the Windows firewall and took out ZoneAlarm. I used a program called "Leak Test" to test the firewall, failed the test. Put back ZoneAlarm, passed the test.

So I think I'm set for now, will consider a hardware firewall at some point. thanks again all.

Karen
_________________
Dynamic Regimen and Nutrition Counseling
Individualized counseling for nutrition and natural healing:
www.dynamicregimen.com
Free e-book, newsletter, articles and resources:
www.guideforselfhealing.com
Back to top
View user's profile Send private message Visit poster's website
Dreamwarrior
Member


Joined: 13 Jun 2006
Posts: 35
Location: Omaha

PostPosted: Mon Jun 19, 2006 5:22 am    Post subject: I was just about to reccomend avast... Reply with quote

We use avast on our windows xp box. There is even a function to allow you to see everything your computer is doing in real time. We've discovered alot of hack attempts this way and it always alerts us to some new malware we may have gotten infected with.

We take alot of risks with our computers sometimes, because we know how to remove just about everything.

I have some other software I reccommend for house cleaning, I will have the one who uses windows xp in my home compile a list and sources for the software we use. Highly recommended stuff from us.

I use ubuntu linux and I recommend it to everyone. Really easy to use and great support.

Nick
_________________
I am the Rabble Rouser, please be prepared to be Rabbled.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topicReply to topic
   Warrior Matrix Forum Index -> Computer Security All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum