Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
May 16th, 2008, 3:23am
   Mischel Internet Security Forum
   Internet Security
   General (Moderators: Helena, Gavin_Coe, Magnus)
   Do I have a very clever virus or trojan?		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Do I have a very clever virus or trojan?  (Read 175 times)
Soul_Reaver
Newbie
*





   


Posts: 4
Do I have a very clever virus or trojan?
« on: Jan 30th, 2008, 2:54pm »		 Quote Quote  Modify Modify
Hi Guys
 
Recently someone somwhere has hacked some of my online membership websites. I only found this out becasue one them emailed me with a complaint against me that I had messaged another user Sad Anyway I do not understand how this could happen at all.  
 
I run
 
Windows XP SP 2 with all updates
Firefox latest version
Robo Form pro for my online passwords
Zone Alarm firewall and anti virus (always on)
I have just installed Torjan Scanner and did a full scan which found nothing on my system and I also did a scan with Webroot and spyware blaster.
Oh yes I connect via a home WiFi
 
Can somone please explain how I could be hacked with all the above protection I am running? My laptop is a dell XPS. Could a virus hide in the partition used for dells media direct? What further checks can I do please?
 
Mark.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: Do I have a very clever virus or trojan?
« Reply #1 on: Jan 30th, 2008, 5:01pm »		 Quote Quote  Modify Modify
Welcome to the forum Soul_Reaver,  Cheesy
 
First of all keep in mind that no firewall and anti-virus program is 100% bullet proof.  Browsing with FireFox also does not protect you 100% from infections while browsing.  Vulnerabilities and security holes are constantly being uncovered in Windows, various security programs, and all the browsers.  Also your settings on ZoneAlarm and FireFox may not be optimized for maximum protection.  
 
The security gurus are working constantly and diligently to seal up security holes and to issue program updates and new technology to guard against the constantly increasing expertise and war tactics of the cybercriminals.  
 
This is why you hear a lot about running multi-layered security protection.  With multiple security programs running, it is hoped that what one program misses, the other will catch.  In fact, the primary focus of TrojanHunter is to catch malicious infections that other security scanners are not currently detecting or are slow to incorporate detection rules against.  
 
There is a tendency by some to "over" multi-layer with security programs which does more harm than good.  It is never advised to run more than 1 firewall and 1 anti-virus program on a system.  However, in today's world the majority of infections are NOT viruses.  They are trojans, adware, keyloggers, dialers, rootkits, and other malware designed to take control of your system and/or steal information from your system.  Security programs such as TrojanHunter do not detect viruses (they do not have virus detection engine) and can/do run harmoniously with an anti-virus program like your ZoneAlarm AV.  
 
I recommend that you do a Remote Scan with Kaspersky AV.  It is one of the top anti-virus/malware scanners.  
 
-  You will need to use Internet Explorer to access the Kaspersky remote scanner webpage because Kaspersky may need to download an ActiveX element to run the scan.  Let it download/install this ActiveX component.
 
-  Before starting the scan, disable your Zone Alarm anti-virus, but NOT your Zone Alarm firewall.  This will prevent any conflicts while doing the Kaspersky scan.
 
-  BE SURE to scan all your drives with Kaspersky.  This may take a significant amount of time because Kaspersky is a very thorough scanner.  
 
-  The link below is for the Kaspersky remote scanner.  Instructions are on the webpage.
 
http://www.kaspersky.com/virusscanner
 
Odds are that if Kaspersky does not find anything malicious on your system, you are okay.  
 
Please post back here whether Kaspersky detected/cleaned anything malicious and we'll go from there if further investigation is needed.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Soul_Reaver
Newbie
*





   


Posts: 4
Re: Do I have a very clever virus or trojan?
« Reply #2 on: Feb 21st, 2008, 3:20am »		 Quote Quote  Modify Modify
Hiya
 
I did all that and it appears that I must still have had something on my machine because even after doing all that and the kapersky scan my gmail account got hacked next and then facebook again Sad So I have now formatted my drive totally and reinstalled only this time before connecting to the net I installed zone alarm and set up the following rules.. No one else can use this machine in my house and it does have a bios passowrd also on it. I always thought robo form pro would stop a keylogger or trojan knowing what my password was for online accounts because I dont actually type it is I just hit submit and fill?  
 
I used a deny all in rule from here in my new settings
 
http://portforward.com/english/softwarefw/ZoneAlarmPro/ZoneAlarmProindex .htm
 
and these settings also for my zones
 
http://www.scribd.com/doc/445738/Configuring-ZoneAlarm-Pro-Security-Sett ings-A-ZoneAlarm-Pro-Tutorial
 
I have also installed super anti spyware again and also trojan hunter that I bought.  
 
The thing is I look at my firewall log and I see loads and loads of things being blocked although before I was having thousands of blocked attempts each day and now there are only about 60 since I reinstalled the whole thing. The thing is in the source ip is the same ip address but the port number increases like this
 
5400
5401
5402
5403
 
etc etc All these are blocked by zone alarm but what is that? It seems to scan through ports and each time it gets blocked or is it just the BThomehub wifi doing that? Zone alarm rates them as medium by the way.
 
Mark.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: Do I have a very clever virus or trojan?
« Reply #3 on: Feb 21st, 2008, 5:06am »		 Quote Quote  Modify Modify
What is the source IP that keeps getting blocked?
 
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Soul_Reaver
Newbie
*





   


Posts: 4
Re: Do I have a very clever virus or trojan?
« Reply #4 on: Feb 21st, 2008, 8:47am »		 Quote Quote  Modify Modify
Hiya
 
Here is the information from the log viewer.
 
Rating = medium
Date Time = Today
Type = Firewall
Protocol = UDP
Source ip = 192.168.1.254:6798
Destination ip = 239.255.255.250:1900
Direction = Incoming
Action = Blocked
Count = 1
 
There are loads of these all from the same source ip but with and increasing port number. 6799, 6800, 6801 etc etc
 
Mark.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: Do I have a very clever virus or trojan?
« Reply #5 on: Feb 21st, 2008, 9:07am »		 Quote Quote  Modify Modify
You have a wireless router, correct? What make and model?
 
192.168.1.254 is the default for certain types of home broadband routers and broadband modems. 192.168.1.254 is a private IPv4 network address.
« Last Edit: Feb 21st, 2008, 9:08am by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Soul_Reaver
Newbie
*





   


Posts: 4
Re: Do I have a very clever virus or trojan?
« Reply #6 on: Feb 21st, 2008, 9:51am »		 Quote Quote  Modify Modify
Hiya
 
Yes its a wireless router made by BT called BT Home Hub
 
 
Mark..
 
got a new one in there now
 
192.168.1.64  
 
with a source dns of home.home
 
Is my zone alarm setup ok with those rules I set now?
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: Do I have a very clever virus or trojan?
« Reply #7 on: Feb 21st, 2008, 10:14am »		 Quote Quote  Modify Modify
I'm sorry, but I don't know if the settings are okay with ZoneAlarm PRO and your BT Home Hub router.  I refer you to the forum below for information concerning BT Home Hub routers.
 
http://www.dslreports.com/forum/ukbb
 
and the forum below for ZoneAlarm settings.  On reviewing your settings as per the link you supplied, I have a strong feeling that you are blocking needed UDP input from your router and that is why it is rippling through the ports.  BUT...not being a user of BT Home Hub or ZoneAlarm Pro, I cannot say this for sure.
 
http://forums.zonealarm.com/zonelabs
 
I apologize for not being able to directly resolve your issue or answer your recent questions on this.   Sad
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register