Re: a possible virus?

From: Chuck (none_at_example.net)
Date: 05/05/04

  • Next message: Drew Cooper [MSFT]: "Re: registry" 
    Date: 4 May 2004 17:14:19 -0500

    On Tue, 4 May 2004 14:25:35 -0500, "Jianping Hua" <*email_address_deleted*>
    wrote:

    >I just notice that the LAN connection indication on systray always has
    >the upper-right light on, which means it's continuing receiving packets.
    >My internet connection is obviously slowed down by it. When I donwload
    >win2000 service packet 4 yesterday, the speed is around 20Kbps.
    >However if I use another computer in my lab, it's around 1Mbps.
    >I think there might some virus, but my norton antivirus find nothing,
    >and my win2000 has all the critical updates.
    >I'm using a win2000 professional. Besides the slow connection,
    >my computer seems work fine. I just notice this yesterday, but it
    >might be so for quite a long time.
    >Does anyone encounter the similar problem?
    >
    >Jianping

    Jianping,

    Get Port Explorer (free) from
    <http://www.diamondcs.com.au/portexplorer/index.php?page=home> to show you what
    network connections your computer is actually opening, and what processes are
    opening them. And Process Explorer (free) from
    <http://www.sysinternals.com/ntw2k/freeware/procexp.shtml>. Provides way more
    information than Task Manager.

    Try these free online virus scans, which may complement your NAV (I assume you
    keep your NAV sigs up to date?):
    <http://www.bitdefender.com/scan/license.php>
    <http://www.pandasoftware.com/activescan/com/activescan_principal.htm>
    <http://housecall.trendmicro.com/housecall/start_corp.asp>

    Now check for, and learn to defend against, additional carriers of infection.

    First, download LSP-Fix and WinsockXPFIx from <http://www.cexx.org/lspfix.htm>,
    and CWShredder from <http://www.majorgeeks.com/download4086.html>. All are
    free.

    Next, close all Internet Explorer and Outlook windows, then run CWShredder.
    Have it fix all variants.

    Now check for, and remove, spyware. Get HijackThis
    <http://www.majorgeeks.com/download.php?det=3155> and Spybot S&D
    <http://www.safer-networking.org/index.php?page=download>. Both free.
    1) Install and run Spybot. First update it ("Search for updates"), then run a
    scan ("Check for problems"). Trust Spybot, and make all recommended deletions.
    2) Install and run HijackThis. Do NOT make any changes immediately. Save the
    HJT Log.
    3) Have your HJT log interpreted by experts at one or more of the following
    forums (and post it here):
    <http://forums.net-integration.net/>
    <http://www.spywareinfo.com/forums/>
    <http://forums.tomcoyote.org/>
    <http://www.wilderssecurity.com/>

    If removal of any spyware affects your ability to access the internet (some
    spyware builds itself into the network software, and its removal may damage your
    network), run LSP-Fix and / or WinsockXPFIx.

    Finally, improve your chances for the future.

    Harden your browser. There are various websites which will check for
    vulnerabilities, here are three which I use.
    http://www.jasons-toolbox.com/BrowserSecurity/
    http://bcheck.scanit.be/bcheck/
    https://testzone.secunia.com/browser_checker/

    Harden your operating system. Check at least monthly for security updates.
    http://windowsupdate.microsoft.com/

    Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
    use:
    http://www.accs-net.com/hosts/get_hosts.html
    http://www.mvps.org/winhelp2002/hosts.htm
    (The third is included, and updated, with Spybot (see above)).

    Maintain your Hosts file with:
    eDexter <http://www.accs-net.com/hosts/get_hosts.html>
    Hostess <http://accs-net.com/hostess/>

    And Jianping, please don't contribute to the spread of email address mining
    viruses. Learn to munge your email address properly, to keep yourself a bit
    safer when posting to open forums. Protect yourself and the rest of the
    internet - never post your address unmunged.
    http://www.mailmsg.com/SPAM_munging.htm

    Cheers,
    Chuck
    Paranoia comes from experience - and is not necessarily a bad thing.

  • Next message: Drew Cooper [MSFT]: "Re: registry"

    Relevant Pages

    • Re: FIX for ZoneAlarm & KB951748 issue released
      ... "no internet connection available, do you want to work offline or retry." ... My wireless connection doesn't ... I will also install the updates. ... Did you or did you not install WinXP SP3 on or after 08 July 2008? ...
      (microsoft.public.security)
    • Re: I tried Spybot.. didnt work
      ... I don't know if you have noticed, but it seems that the Spybot group must be ... but no updates since 3.4.2004 on either Spybot ... SpywareBlaster is a FANTASTIC free product, ... > - Open ONE copy of Internet Explorer. ...
      (microsoft.public.security)
    • Re: PCHealthuploadlb files - virus?
      ... It has loaded files to the ... >to the internet (actually when I run the dialer to connect even if the ... Install and run Spybot. ... Check at least monthly for security updates. ...
      (microsoft.public.security.virus)
    • Re: Sticky Computer Problem:
      ... and am connected to the Internet via DSL. ... connection but whenever I enable Norton I get an alert which says that ... Or try doing a manual Windows Update; ... Usually with XP it downloads the updates while running ...
      (alt.smokers.pipes)
    • Re: GetWindowInfo???
      ... > Spybot doesn't find any problems. ... Is your computer always connected to the Internet? ... Have you for each internet connection made sure to check the box that says ... HTML mail that could contain a virus/trojan? ...
      (alt.computer.security)
    • Quantcast