Re: NAT Router

Victek wrote:
I continued to scan my system with different antivirus, antispyware and anti-Trojan software and couldn't find additional problems. I also

Which only tells you that those programs don't know about any other malware running on your computer. Any new malware is not detected by any detection software until the software includes the signature for that malware. If it is not a wide spread malware chances are it will never be detected. Someone has to locate the malware, extract the details and send it to a antivirus, antispyware, ... company for analysis. And even if someone did it is not sure it is added as signatures for malware which is hardly seen in the wild would only slow the whole thing further down.

noted that there were no more attempts by unknown software to establish outbound connections. I guess it's possible that there was still

The problem is no outbound connections detected by the PFW does not say anything about whether some malware sends something out or not. Just like before it just tells you that the PFW could not detect it.

malware on the system, but I didn't think so for the above reasons, plus the computer continued to be stable and normal in every perceivable way and that was good enough for me.

That's what a good malware is supposed to do. A keylogger can silently run in the background without distrupting the system and only send something out when there is other network traffic on the system. You will hardly ever notice.

As far as how the Trojan got on my computer, remember that firewall software would not block it being downloaded. The only initial

Yes, but why did you download it in the first place?

protection was antivirus which apparently missed it, but that's not so unusual. It was a few years ago when this happened and then it was the

Did you submit it then to your AV company?

norm for antivirus software to update only once or twice a week. That

Does it detect the malware now?

left a window of a few days when new viruses (or Trojans) were invisible could easily infect systems. There's also the fact that even the best

It is not "a few days". This is only true for the malware which spreads quickly. For anything, that spreads slowly or strategically and is not quickly noticed it can take weeks or months until someone found it and submitted it for analysis.

antivirus software does not detect 100% of all viruses. That's why a multilayered defense is necessary(and I think personal firewall software is one of those layers).

But no "layer" of this "multilayer defense" is able to protect the computer against _you_! That's the problem. It is completely worthless because you did install the malware in the first place, probably as administrator on the computer. At the very moment it is running, in particular as administrator user, all those "layers" collapse. A program running on the computer can mess with the system in any way it likes. It does not matter what kind of security software there is on the computer, as the computer which is running the security software is compromised thus you cannot tell whether or not the security software is still running as intended even if it seems to be so.

In the course of doing my job I have often had to clean computers that have been infected with viruses/Trojans/spyware. It's been my experience that the computers can be restored to normal functioning in most cases. A combination of multiple antivirus and antispyware scans

You said the malware must distrupt the system or the normal functioning of a computer? A good malware, in particular a trojan, is only useful if it is well hidden. But if someone is collecting some trojan computers for a DDoS attack the trojan will just sit there and wait until the signal comes. And something like a keylogger would not ever want to be noticed if possible.

does a very good job of removing malware. I only remember one case where the computer was so badly infected it was unrecoverable. It got

This should make you think! Why would it be unrecoverable? Why do you think all the other computers were really recovered? The thing is: you don't. All you know is that you did not use any tool which could find something...

Gerald
.

Relevant Pages