posted
I think this isn’t off topic – we all use our Computers and guess what really dumb thing I did! I let in the clowns (viruses), and they all but destroyed my whole setup.
For the one or two of you who do not know about the dangers this is worthwhile reading. I hope I’ll make sense. I have direct internet connection and use a router between two computers. The router has a firewall, a setup that does not allow an unchecked open connection to the internet. I now learned to think of it as an open door that says: Come on in, the destroying is good.
My router broke down a month or two ago and I did not know about the firewall set up. My son had done all that for me, he’s good at it, Im not. I simply plugged the internet connection directly into my main design PC and set the router aside until I could figure out what to do, it did not seem critical, the web worked and my mail worked. That’s all that mattered.
The invasion began. My virus program started catching one, then two a day. In the end I was cleaning, quarantining, deleting 4-5 at a time, not knowing where they came from. Each time the McAfee program showed a hand with a squirming bug in it. I was getting really grossed out, the computer was sluggish and gave weird messages.
Long story. I got help from a young guy who is the head of RJR’s PC trouble shooting team. He printed out the virus codes, down to the last sentence which read: I hate Virus wars, but it has to be done.
He found the viruses had set up a branch of their own on my Hard Drive, Drive X, with subdivisions, folders, names, and had loaded it with files from other computers. They were renaming mine and schlepping them away into the internet . They uninstalled all 3 of my printers and the next day reinstalled them, they crashed my whole system with a bang while I was typing a letter on the Bull Board and when I rebooted the letter was still there... I could go on but you get the idea, a private Twilight Zone.
Don’t let it happen to you!
------------------ Myra A. Grozinger Signs Limited Winston-Salem, NC V 336-722-1033/F 336-723-6112 signslimited@triad.rr.com
Posts: 1244 | From: Winston-Salem, NC USA | Registered: Nov 1998
| IP: Logged |
I know what you mean. I'm on Road Runner too. I've been running Black Ice Defender 2.x. I like it better than the Norton Personal Firewall. Black Ice will give me the address of the attacker. I've been e-mailing the addresses to RR and it has helped.
My Guru removed BI and installed Norton PF when he upgraded my computer for me. He said that BI was easy to bypass for an experienced hacker. He claimed Norton PF was nearly bullet proof.
I don't know if he's just blowing smoke. Norton doesn't display the addresses of the attackers from what I've been able to tell.
posted
Hi Glenn, figures you know all about it. My savior, the guy from RJR, downloaded Zone Alarm and installed it. Its free. It catches some(one)(thing) attempting to access my computer about every 5 minutes and displays an IP address for the culprit on the screen.
These squirmy guys have not caught on yet that the door is closed now and they have to dump their load somewhere else. They have a life of their own complete with intercontinental travel. I hate them.
------------------ Myra A. Grozinger Signs Limited Winston-Salem, NC V 336-722-1033/F 336-723-6112 signslimited@triad.rr.com
Posts: 1244 | From: Winston-Salem, NC USA | Registered: Nov 1998
| IP: Logged |
posted
If you're looking for a good personal firewall (non-hardware), you can download a free one from www.zonelabs.com .
Glenn, you should really think about using the firewall from zonelabs instead; I will direct you to my reason for saying this here: http://grc.com/dos/grcdos.htm It's a lengthy article, but the information contained here leads me to believe that blackice offers nearly no protection against certain trojans.
The article talks alot about a trojan called subseven. My attention was drawn to this about a month ago when one of my friends told me about it. It can be downloaded just about anywhere, and it is extremely easy to use. Anybody on this board could implement it without much trouble. Just goes to show you how easy it's becoming to 'hack'.
Yes there are trojans out there that give anybody COMPLETE CONTROL over your computer. They can monitor your every key-stroke, capture passwords, flip your screen up-side-down, and use your machine for denial of service attacks as well.
Just be careful, and don't open attachments unless you were expecting them, and even then...scan them.
posted
An excellent article, Shane! That explains my Guru's actions. According to the Norton PF log, I'm hit with a Sub7 5 or 6 times a day.
Date: 6/13/2001 Time: 23:23:24 Rule "Default Block Backdoor/SubSeven Trojan" blocked (oemcomputer,27374). Details: Inbound TCP connection Local address,service is (oemcomputer,27374)
Its always the same address,service.
Date: 6/13/2001 Time: 21:19:29 Unused port blocking has blocked communications. Details: Inbound TCP connection Remote address,local service is (211.251.189.131,domain)
RoadRunner is a targeted ISP for those trojans and zombies, but you can test it by running the "netstat" utility (included with windows) to see if there's an open connection.
You might just be receiving hits from your own ISP, seeing if you are still there.
------------------ Mike Pipes Digital Illusion Custom Graphics Lake Havasu City, AZ http://www.stickerpimp.com
Posts: 8746 | From: Lake Havasu, AZ USA | Registered: Jun 2000
| IP: Logged |
i have a firewall set up, too. i get two or three attemts everyday from the same person trying to get in.
i talked with my i.s.p. and the mentioned that my "address" is static and some of those alarms might be them. somehow i doubt that that they are using a sub-seven backdoor trojan.
glenn and myra... you are not alone. pity some people have no lives and want to cause people pain for their enjoyment. sheesh....
have a great one!
------------------ Bruce Bowers DrCAS Signtech
"how great are His signs..." Daniel 4:3
i am a proud supporter of this website!
Posts: 6451 | From: Saint Cloud, Minnesota | Registered: Jun 1999
| IP: Logged |
Norton shows the address as well. I'm not in front of my computer but I believe when the little alarm goes off in the bottom right, you have to bring up norton then click on 'Alert details'. There's a scrollable window at the bottom where you can scroll down a little bit and you'll see their address. I believe the window is grey in color from what I remember.
------------------ Bruce Evans Chromark Design-A-Sign Covina , CA bruce@chromark.net
Posts: 912 | From: Chino, CA | Registered: Nov 1998
| IP: Logged |
posted
I have cable internet and was having alot of problems, and always having to call tech support. My computer was running very slow, or not at all. I went thru several techs before one asked if I had a firewall. (I had zonealarm) He said I needed to remove it and everything would work fine. He was right.
posted
Actually, there are a few subseven removal programs specifically designed for that task. Many virus detection programs do not pick up subseven.
Bruce: as far as you having the subseven trojan, i wouldn't be too concerned. The alerts you're getting are probably just somebody port-scanning you...as long as your firewall is up and you don't have any ports sitting open, you should be fine. There are alot of people that scan ports...all day long. In fact, many people just set up their port scanner to scan a complete range of ip addresses, so yours could be just one in the many thousands that particular person is trying to scan. Nothing to worry about too much, as long as you don't have any obvious vulnerabilities (ports that are open).
grc used to have a utility that showed whether your ports were 'open' 'closed' or 'stealth', but they temporarily shut it down since the attacks.
posted
I use Norton Internet Security 2000. I used to use Black Ice Defender, but then I went to the main 'Sub-Seven' trojan site (cant find the address again though, i was going to post it so you guys can see), and there were assorted messages posted talking about how they couldnt get past Norton Internet Security. I get alerts all the time for the subseven trojan and many others, and once in a while an attempted outgoing connection from my own computer, which I have no idea what it is. I just set my security and privacy to high and I havent had any problems at all yet. I bought my copy of Norton Internet Security for something like $15 off of ebay.
------------------ Tyler Malinky
A Step Above Signs Cleveland, Ohio 440.479.8129 440.842.1894 fax
www.astepabovesigns.com tmalinky@astepabovesigns.com or exmayors@aol.com
Posts: 190 | From: Parma, Ohio USA | Registered: May 2001
| IP: Logged |
posted
Thank you, this post is great. I've been getting increasingly worried because the Backdoor/SubSeven Trojan tries to access my computer 3 or more times a day, usually in groups of 3-5 each time. BTW each group will have the same address for every try within that group, but the next group will always have a different address. Does that make sense?
I have Norton's firewall and it works great. I bought it on recommendation from the cable guy who installed our high speed cable modem. For this reason I want to say, Cheryl, be very careful. Because in the beginning when I had to call tech support with the cable company, half the techs that I spoke with said they wouldn't offer support if I had a firewell or a LAN (local area network) which I do have both. Turns out a level 2 tech basically told me that I would have to return to a phone modem. He had me schedule with a service technician, who also was a higher level tech. Over the phone, this service technician had me temporarily turn off the firewall, changed a couple of settings and told me to always keep the firewall up and running no matter what the other techs said. So far no more problems. And I didn't even have to have him come out for a service call.
I'm trying not to ramble and hope I am making some sense here. But when I read that the tech support had Cheryl remove her firewall I got concerned because of how many times someone or something is trying to access my own computers.
Don't know if this is true or not but someone told me that the cable techs don't like to have you running firewalls because sometimes they have trouble accessing the system themselves. Guess that's why when I finally got a knowledgable technician, he had me turn if off briefly. Thanks again for a great post, Jennifer Bond
------------------ Bob Bond's Artistry Lee's Summit, MO BobBondArtist@hotmail.com
Posts: 101 | From: Lee's Summit, MO USA | Registered: Jan 1999
| IP: Logged |
posted
Jennifer Bond here, wow, I didn't know Steve had Bob's pic already. And no, I don't have a beard... Since everytime I post we'll be seeing Bob's face, maybe I should be referred to as the bearded lady?
------------------ Bob Bond's Artistry Lee's Summit, MO BobBondArtist@hotmail.com
Posts: 101 | From: Lee's Summit, MO USA | Registered: Jan 1999
| IP: Logged |
If the cable companies and other highspeed ISP's would DO THEIR JOBS, you wouldn't need your own firewall. The ISP's should have their own firewalls and security to keep their customers safe but many don't.
I remember when a good friend of mine first got his cable internet setup.. He's a computer guru and learned that he could see EVERY MACHINE that was logged into the same server he was logged into... without any special software. They were all visible through Windows' Network Neighborhood.
Not only did he call his cable company, he snooped into all those people's machines to find out who they were and try to find their phone numbers to alert them of what's going on. No, he's not the malicious hacker type.
To this day (several years after the fact) things havent changed!
Any tech that tells you not to run a firewall has been persuaded by the corporate stiffs.
The reason they wont provide support if you run a firewall or your own LAN is because now they cannot peek into your setup and tell whether you are running just one machine on the connection, or 50 machines.
Your $50 monthly access fee (or whatever your fee is) is good for ONE IP address, ie: one machine. If you run multiple machines on the connection, the cable company wants you to have additional IP's for each machine.. so they can charge you more.
You can share the one IP address amongst several machines whether using software or a highspeed internet router, and in the ISP's eyes you are basically stealing service.. although that's a load of crap cause now yer splitting your connection speed between multiple machines.
Anyway... Run that firewall to your heart's content. I run a firewall and I'm on Dial-Up!! Even Firewall's cant stop everything but having one is better than not having one.
By the way.. Dial-up's arent any safer than highspeed connections. Last night I kept gettin hits from a Mindspring ISP DSL connection, 3-5 at a time (like mentioned here in an earlier post) all within a few minutes of each other.
------------------ Mike Pipes Digital Illusion Custom Graphics Lake Havasu City, AZ http://www.stickerpimp.com
Posts: 8746 | From: Lake Havasu, AZ USA | Registered: Jun 2000
| IP: Logged |
Printer-friendly view of this topic