Avast WEBforum
Other => Viruses and worms => Topic started by: Sartigan on April 04, 2010, 01:29:44 PM
-
Hi all, yesterday it's started, after startup and logging in a message happens:
(http://i68.servimg.com/u/f68/14/18/55/35/alwil-10.png)
And what is this??? OK, I think ZoneAlarm blocks it but I don't know what is this thing
Some plus: - It happened after installing the newest database
- I scanned my computer with avast! fast scan = nothing
- I scanned my computer with MS malicious software removal tool full scan = nothing
Nothing more...
Thank you... :)
... And please be quick!
-
See: http://forum.avast.com/index.php?topic=13868.msg117585#msg117585
From what I understand it is an external thing, not an indication of an infection.
-
It was an attempt to infect your system from outer world (89.165.245.226 - from some Romanian net) using port 445 for sending exploit. This attempt was prevented by Avast!
In principle this attempt should be rejected by your Firewall. But Firewall passed this attempt, so its rules have security holes.
-
Hi psw,
It was blocklisted here: cbl.abuseat.org (127.0.0.2)
cbl.abuseat.org
bl.nszones.com (127.0.0.3)
bl.nszones.com
dyn.nszones.com (127.0.0.3)
dyn.nszones.com
list.quorum.to (127.0.0.2)
list.quorum.to
all.spamrats.com (127.0.0.36)
all.spamrats.com
dnsbl.mags.net (127.0.0.2)
dnsbl.mags.net
problems.dnsbl.sorbs.net (127.0.0.6)
problems.dnsbl.sorbs.net
Project Honeypot link (127.15.14.1)
15 days, threat score 14, suspicious
Project Honeypot
b.barracudacentral.org link (127.0.0.2)
b.barracudacentral.org
spamcop link (127.0.0.2)
spamcop
spam.dnsbl.sorbs.net link (127.0.0.6)
spam.dnsbl.sorbs.net - List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS. This zone also contains netblocks of spam supporting service providers, this could be for providing websites, DNS or drop boxes for a spammer. Spam supporters are added on a 'third strike and you are out' basis, where the third spam will cause the supporter to be blocked.
dnsbl-2.uceprotect.net link (127.0.0.2)
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net link (127.0.0.2)
dnsbl-3.uceprotect.net
psbl.surriel.com (127.0.0.2)
psbl.surriel.com
urlopen.error given. What one could do is close RPC Locator port (445) with WWDC:
http://www.portablefreeware.com/download.php?dd=861
polonus
-
HI, thank you for the quick answer =)
I was very frightened and I have scanned my computer with MS Malicious Software Removal Tool - full scan, and with avast! Quick Scan + I installed all the security updates.
Thank you very much...
But... what do you mean on "not an indication of an infection."
And I turned back ZoneAlarm because it blocks some DNS ports, with some malicious DNS sites too :D
Ok, so after I installed the security updates, I won't get any more warnings like this?
EDIT:
:o Windows Firewall was turned off :o
I think it was a week ago... something needed, but I can't remember...
EDIT #2:
So these attacks weren't blocked, and a note: ashampoo can only block programs....
I turned off the ZoneAlarm autostart because it slowed down my system... now I turned it on
And... the Windows Firewall is enough to block some attacks, not all, but some :)
-
OOOPS..... I need some help... again
Sorry, I know it's easter
So, Now, my system started, and I wanted to check the Windows Firewall, it was turned off, AND yesterday I turned it back!!
Is it a rootkit, or something like this? If it is a rootkit I run a boot scan, but now, ZoneAlarm and Ashampoo! is enough to defend my system until I turn on Windows Firewall
Any idea?
-
***
If you are running ZoneAlarm firewall, then Windows firewall will be turned off automatically.
***
-
Hi Sartigan,
Did you close that Worm Door with the small tool I gave you in my previous link and close the RPC Locator port, you can easily disable it with WWDC tool, download onto your desktop from here: http://www.portablefreeware.com/download.php?dd=861
polonus
-
Hi Sartigan,
Did you close that Worm Door with the small tool I gave you in my previous link and close the RPC Locator port, you can easily disable it with WWDC tool, download onto your desktop from here: http://www.portablefreeware.com/download.php?dd=861
polonus
Cannot be downloaded, redirects to a firewallleaktester.com and says:
Welcome,
http://www.firewallleaktester.com will not be available for a few months from now primarily due to the money it costs me each month (more than 40Euro).
Also, one of the first purposes of firewallleaktester was to make people aware that software firewalls could be bypassed by many ways, point well taken nowadays by both the end users and the vendors themselves. Current security suites are more secure than before, and are able to detect and block the stealthiest malware out there.
I am keeping the domain name though, as firewallleaktester may come back later, probably about security globally and not just about software firewalls.
Time will tell.
Best Regards,
Guillaume Kaddouch.:D
But I search for it on the portablefreeware ;)
Edit: cannot be downloaded :S
Please send me this thing in e-mail as an attachement to hanziness (at) windowslive (dot) com
thank you
-
Anyone?
-
Thank you very much, Polonus for sending WWDC, found THREE worm doors (:D)
I have closed all
I hope that this will work, thank you :)
-
On my systems I use:
UnPlug n' Pray
http://www.grc.com/unpnp/unpnp.htm
DCOMbobulator
http://www.grc.com/freeware/dcom.htm
I used to have WWDC tool but somehow I lost it on my XP Pro system and it is on my old XP Home system I sold.
-
Thank you very much, Polonus for sending WWDC, found THREE worm doors (:D)
I have closed all
I hope that this will work, thank you :)
Something is wrong: now if I want to start WWDC, it freezes my system and I need to press reset.
Ok, but I think I won't get any more attacks like these
Anyway, thank you everyone :)
-
:( ???
See the attachement
-
PLEASE HELP!!
When I start my computer, it loads normally but when on the "Welcome" screen it bleeps 3 times and comes in, OK
But after it loads everything, and I want to start a program, it freezes and doesn't starts it, just shows the wait cursor and I can't do enything else than press reset, I need to do it 2 times and it should works, why is this?
plus:
Windows Firewall automatically turns off at startup :(
ZoneAlarm and Ashampoo! was uninstalled from my system, Online Armor does do it?
-
Hi
What the error ?
-
Hi,
On Startup my Windows Firewall turns off.. what does do it? The Online Armor?
-
Hi
What the error ?
Screenshot the error thanks please.
-
Hi
What the error ?
Screenshot the error thanks please.
Error? Who is speaking about error(s)?
That thing is just coming port TCP #445