Re: virus?

From: Sven Pran (no.direct@mail.please)
Date: 10/12/02 

From: "Sven Pran" <no.direct@mail.please>
Date: Sat, 12 Oct 2002 13:49:41 GMT

"Ray Simonson" <simon95252@worldnet.att.net> wrote in message
news:08f201c271e5$94bd5240$39ef2ecf@TKMSFTNGXA08...
> I have a program that is sending millions of packets out
> to my network and clogging it up. I have norton antivirus,
> and firewall. When I installed the fire wall it stopped
> the problem for about 12 hours. Now when I open my browser
> (IE) it piggybacks onto it and slows everything down again.
> I have updated NAV twice and had norton do a remote scan
> to find out what I have but came up clean. Do I have a bug
> or do I have a program running wild?
>
> Thanks
>
> Ray Simonson

Possibly yes to both questions, it is impossible to tell for sure.

What you need is to find out exactly which program(s) sends
this traffic, Kerio, Zone-Alarm and similar products should be
able to reveal that. Another program which might help is
AD-aware or similar products (scanning for known programs
that are usually unwanted on your computer).

With little experience on Norton I cannot tell whether you
should expect that one to find an apparently legally installed
program on your machine going wild or sending unauthorized
traffic to the network, I know that Norman captures some such
programs, but I would not rely entirly upon it.

Firewalls generally protect your system against attacks from
incoming malicious traffic, but can little do with outgoing
traffic that appears to be legal (generated in your machine).

Anti Virus programs may recognize known malicious programs.

But neither firewalls nor anti virus tasks can see the difference
between outgoing FTP traffic (wanted) and outgoing similar
traffic (unwanted).

>From my experience I suggest you install Kerio for a short
period until you have revealed all there is to find.

(I abandoned ZA pretty early because it caused too much havoc
on my systems, and I have also disposed of Kerio for problems
it occationally caused on my Windows XP, but I consider Kerio
the prime tool when you suspect a problem like yours).

Sven

Relevant Pages

  • Anti-MAC & Anti-IP Spoofing in Zone Alarm v4.0?
    ... this is obvious in all programs of that sort. ... In firewalls of Kerio and Sygate one can create one's own rules in which the ... sorce/destination option could be bound to a specific network interface, ...
    (comp.security.firewalls)
  • Re: Internet Access trapped by Norton etal
    ... I know what your saying about the Norton dialog. ... At least some security software can be configured to allow specific ... If they do not configure their firewalls correctly, ... software firewalls must be configured to allow a specific connection to a specific site, ...
    (microsoft.public.vc.mfc)
  • Re: zonealarm or norton
    ... | I'm running XP Home edition, which came with an OEM version of Norton ... It sounds to me as if your OEM version was actually the 30-day ... copy of NIS 2002, but not for any sort of annual 'renewal' fee. ... If you don't like that idea, and you understand rules-based firewalls, ...
    (comp.security.firewalls)
  • Re: zonealarm or norton
    ... | I'm running XP Home edition, which came with an OEM version of Norton ... It sounds to me as if your OEM version was actually the 30-day ... copy of NIS 2002, but not for any sort of annual 'renewal' fee. ... If you don't like that idea, and you understand rules-based firewalls, ...
    (comp.security.firewalls)
  • Re: Trying to find a good firewall
    ... > specific applications, only problem is, it has no MD5 or other scheme to ... Tiny is good, as is Kerio 2.1.5. ... what do you mean by "per-app and per-site configs"? ... And, like virtually all software firewalls, it ...
    (comp.security.firewalls)