ost3vo
join:2004-10-20
Riverside, CA | NetBus Trojan Horse I tend to use my computer almost everyday for web surfing. I'm stuck with this crap 28.8 dial up and was wondering if it was of any concern that my Norton Personal 2003 Firewall blocks, ~~~about 10 attempts a week, this so called NetBus Trojan Horse intrustion into my pc. I don't really worry about this becuase I don't have any valuable stuff on my pc and I have a really poor connection. But maybe I should for the future.
What I'd want to know though is:
Because this Trojan often attempts to intrude my pc, does it mean I have something installed on my end which tries to connect with the other end. (oh yea, supposedly, my firewall tracks it down from Korea or something)
If possible, is there a way to stop this from continueing?
What steps should I take to prevent any actual damage to my pc. |
|
 Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:6
1 edit | Turn that alert mesages thing off..see this link
»forums.tomcoyote.org/index.php?s···ic=22353
First of all I doubt if it was "netbus"..those firewall just come up with a common name list of trojans that could be on a port and tell you with a popup alert that it was so and so..but there is no way the firewall actually does a sample on the transmission to really analyze it. And you are perfectly safe in anycase.
This will tell you what that blocking really means.
Symantec desktop Internet security or firewall product reports that it blocked a Trojan from accessing your computer.
NIS, NPF, or SDF reports that it blocked a Trojan from accessing your computer
Situation:
While running Norton Internet Security (NIS), Norton Personal Firewall (NPF), or Symantec Desktop Firewall (SDF), a security alert screen informs you that a Trojan was blocked from accessing your computer. You are worried that you have a Trojan running on your computer.
Solution:
NIS, NPF, and SDF does not detect active Trojan's on your computer. An antivirus program, such as Norton AntiVirus (NAV), is needed to detect a Trojan on your computer. Norton Internet Security includes a copy of NAV on the CD. NPF and SDF do not include NAV.
NIS, NPF, and SDF displays a security alert whenever it detects an inbound or outbound access to a known Trojan port. The attempted access may be a valid attempt to find and connect to a Trojan, but it may also be a random access of no particular threat. Both possibilities are equally valid. If the connection is inbound, the firewall is designed to block the incoming Trojan attempt. You can then be assured that NIS, NPF, and SDF worked correctly to protect your computer from the threat. If the connection is outbound, you need to ensure that your computer is virus and Trojan free. Click the Scan for Viruses section in the Symantec Security Check Web site to ensure your computer is free of a virus or Trojan.
The security alert and the event log entry will show you the IP (Internet Protocol) address of the sender. To determine the registered owner of the IP address, use the 'Trace a Potential Attack' option in the Symantec Security Check Web site. Keep in mind that IP addresses are frequently "spoofed" and that the owner of the address may be totally innocent and unaware that their address has been "borrowed" by another. For details on how to use the 'Trace a Potential Attack' option, see the document How to determine who is attacking your computer.
What is a Trojan horse?
Trojan horses are impostors--files that claim to be something desirable but are in fact malicious. A very important distinction from true viruses is that they do not replicate themselves, as viruses do. Trojans contain malicious code that, when triggered, causes loss or theft of data. In order for a Trojan horse to spread, you must invite the program into your computer and open it. An example would be opening an infected email attachment.
Related documents:
What is the difference between viruses, worms, and Trojans?
Where to get information on viruses
»service1.symantec.com/SUPPORT/ni···08470736
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/ |
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:6 | reply to ost3vo
also see this link at dslr and you can find many more the same..
»Altert: NetBus Trojan horse blocked
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kidshttp://www.missingkids.com/ |
|
| reply to ost3vo
I saw "netbus" in the subject and knew even before reading the thread that it was a blocked packet and not an actual infection.
My advice is use a firewall that does not use scare tactics to get you to spend money.
Norton could have told you the packet is harmless also, but then you wouldn't be so worried. You are asking your question here because it is a design goal of the software to keep you in the dark. Does that sound like a company you should be giving your money to? |
|
 jaykaykay4 Ever YoungPremium,MVM
join:2000-04-13
Scottsdale, AZ
kudos:19
 ·Speakeasy
| Wait a minute. The firewall is working.  Maybe it's just a matter of education, as Name Game has done. There's nothing wrong in using that firewall as long as one learns what it is they are seeing or doesn't pay too much attention to the incoming as long as they are blocked. |
|
 EGeezerSummertimePremium
join:2002-08-04
Midwest
kudos:7
 ·Callcentric
1 edit | reply to ost3vo
Been a while since I've seen netbus... Used Bergström's netbuster to diddle with them a bit, but it's been years since I did that. Not worth messing with ...
As NG, Dachi and JKK say, just adjust your notification settings if you can and don't be concerned with settings set too chatty, you get lots of needless "alerts" port scans are a way of life. They vary in port, time, ISP, geographical location. For a bit of education on those, see SANS ISC page at »isc.sans.org//large_map.php and
»isc.sans.org/port_details.php?port=12345 for the usual netbus port.
--
N-X-211 ====== N-328KF |
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:6 | reply to ost3vo
But I would like to talk to you more about this post..
»[Help] SpyBot Troubleshoot
Something is not right here..did you get spybot working again ?
What OS do you have..is it windowsME ?
If you have time would like to see a hijackthis log from you after you have read this information
»Security »I think my computer is infected or hijacked. What should I do?
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kidshttp://www.missingkids.com/ |
|
| reply to EGeezer
said by EGeezer:Used Bergström's netbuster to diddle with them a bit... Hehe, me too. I had a jpeg of a hydrogen bomb explosion for them if they took a screen cap, and a sound cap from the "microphone" send them a *.wav dialogue from "Pulp Fiction"-- "I'm gonna get Medieval on 'em!" Quite a few scriptkiddie netbusser would then pop up a dialog like, "how did you do that?!" The crap going around these days makes netbus and BO seem quaint.
--
Addicted to Linux since 1998. |
|
ost3vo
join:2004-10-20
Riverside, CA | reply to ost3vo
Hehe Well, everything is working just fine now because I decided to reformat me computer. But, I use XP sp1. I thought it'd take less time to just simply reformat then having to go through all this stuff.
|
|
|
|
BPremium,MVM
join:2000-10-28 | That was a real waste of your time!
They were only port probes, and essentially meaningless since (a) you have a firewall and (b) you're not running a NetBus server.
"All this stuff" that was recommended was "Turn that alert mesages thing off". That's it!
You're going to see more of those probes in the future; we guarantee it. So you might want to follow the links above as well as the »Security so you get a better feel for these things.
-- B
--
In a realm outside causality and function |
|
ost3vo
join:2004-10-20
Riverside, CA | reply to ost3vo
=) I actually decided to reformat because lately my pc was running a bit strange. FOr instance, from time to time, when I would try to simply open a folder, my computer would just freeze, then all the icons would dissappear and all I'd be able to see was the picture of my desktop. After 10 seconds or so, my computer would go back to the desktop. It was strange, didn't know what was wrong with it. It had never done that. |
|
ost3vo
join:2004-10-20
Riverside, CA | reply to ost3vo
Re: NetBus Trojan Horse Yea, I understand. I'll follow the procedures mentioned above. |
|
BPremium,MVM
join:2000-10-28 | This might be it -- »service1.symantec.com/SUPPORT/ni···16401436
(I don't have NPF.)
-- B
--
In a realm outside causality and function |
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:6 | reply to ost3vo
Re: =) said by ost3vo:I actually decided to reformat because lately my pc was running a bit strange. FOr instance, from time to time, when I would try to simply open a folder, my computer would just freeze, then all the icons would dissappear and all I'd be able to see was the picture of my desktop. After 10 seconds or so, my computer would go back to the desktop. It was strange, didn't know what was wrong with it. It had never done that. Yup I understand why you did that reading some of your other posts in DSLR and something sure was getting strange on the PC..so my suggestion is still to remember to secure that new install asap and remember that since your Norton stuff is not going to help you on many of the sites that will hijack your browser and more these days even on your dial up...
It is recommended that you do a couple of things after a serious infection.
Just to be sure.
Clear out your Temporary internet files and other temp files. Go to Start > Settings > Control Panel >
Internet Options. Under the General tab click the Delete temporary internet files,
choose to delete all Offline content. Clear out Cookies.
Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all ->
File > delete.
Empty the contents of the C:\Windows\temp folder and C:\temp folder, if you have one.
This one too if Win2K or XP.
C:\Documents and Settings\username\Local Settings\Temp\
Empty the Recycle Bin.
This will result in your having to re-enter passwords at forums, banks, and the like.
A small price to pay if it gets rid of any bad guys.
Flush your restore points in ME and XP, by turning System Restore off and then back on.
This will create a fresh restore point.
Explained here:
»service1.symantec.com/SUPPORT/ts···12274039
Also if you have sunjava installed it's cache should be cleared too.
> control panel java-plugin > cache tab > hit clear!
And make sure you have the latest version if you have sunjava.
Adjust your security settings for ActiveX:
a. Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set/click the options as follows:
Download signed ActiveX controls > prompt
Download unsigned ActiveX controls > disable
Initialize and Script ActiveX controls not marked as safe > disable
b. In your Restricted Sites Zone set everything that can be to "disable". Set anything that cannot be disabled to "prompt".
c. Never add any site to your Trusted Sites Zone.
I would also recommend, In your own self defense and to reduce the potential for spyware infection in the future, installing both SpywareBlaster and SpywareGuard.
SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation and browser hijack attempts. Both have free ongoing updates.
More info and download is available at:
SpywareBlaster: »www.majorgeeks.com/download.php?det=2859
SpywareGuard: »www.majorgeeks.com/download.php?det=3045
Maybe consider this as well:
IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit
innocent-looking sites that aren't really innocent at all.
»netfiles.uiuc.edu/ehowes/www/resource.htm
Also some info on that page to tighten your IE security.
Be sure to also keep up with Windows and IE updates.
Windows security and critical updates.
»v4.windowsupdate.microsoft.com/e···ault.asp
Internet Explorer security and critical updates.
»www.microsoft.com/windows/ie/default.asp
Keep all of these programs updated, its free.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kidshttp://www.missingkids.com/ |
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:6 | reply to ost3vo
Re: NetBus Trojan Horse My other suggestion is to use Markus site to secure your OS and browser with his sugguestions ASAP..
»www.markusjansson.net/erecent.html
Securing yourself & your computer
»www.markusjansson.net/esecuring.html
Tweaks and tricks for security and privacy
»www.markusjansson.net/eienbid.html
Then ASAP..get this free small program that does not even have to install on your PC..but will help you turn off many of the XP processes that you surely do not need running as a home user..and by turning them off will make your PC run smoother and faster.
Safe XP allows users to quickly tweak various security and privacy related settings in XP. The options include Media Player settings, Services settings (error reporting, time synch, remote registry etc.), as well as and option to remove items from the Start menu, network security settings and more.
Safe XP improves your system performance and makes Windows to run faster, more secure and reliable!
It is suitable for beginners and experts!
Download FREE Version
Screenshot
More Info
»www.theorica.net/safexp.htm
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kidshttp://www.missingkids.com/ |
|
ost3vo
join:2004-10-20
Riverside, CA
1 edit | Update Well I downloaded and installed both spyware blaster, and spywareguard; I aslo downloaded and installed the critical updates from Microsoft, had like 25 of them installed and took me a good 5 hours to do so with this lovely connection.
Im also using the FireFox browser now. I've still got to download the SP2 but its too big of a file to download. Best thing to do it probably leave my pc on over night doing so.
Should I tweak my OS to stop running applications not necessary for typical home users? I mean, my pc is really really stable as it is now. I have no problem, runs smooth as it is. I got 1gb memory and the fx-51 processor. |
|
ost3vo
join:2004-10-20
Riverside, CA | reply to ost3vo
=) I just want to say, Thanks. you guys have been a big help thus far, I'll definietly take your guys' pointers into consideration for the future as well, in a flash |
|
| reply to ost3vo
Re: NetBus Trojan Horse If you're a tweaker and want to control what runs on your machine, consider ProcessGuard. The free version is enough for you to do that, and will stop DLL injection trojans too
www.diamondcs.com.au/processguard
Didn't have time to read the posts entirely too see if it was mentioned, but try not to use IE for browsing and you will prevent nearly all future problems. Good luck !
--
Gavin Coe
DiamondCS Analyst
»www.diamondcs.com.au
|
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:6
3 edits | reply to ost3vo
Re: Update Yes i would use that safexp and stop them from start up..one nice thing about it is that you can one check make it all happen in the application or take the check out to reverse it.
For the SP2 don't dowmload it..get free CD from Microsoft..even some of your computer stores give it away for free..ask them.
But read first on what to do before you install this.
Symantec Windows® XP Service Pack 2 Information Center
»forum.gladiator-antivirus.com/in···ic=17587
What to Know Before You Download and Install Windows XP Service Pack 2
»www.microsoft.com/windowsxp/sp2/···now.mspx
Order Windows XP Service Pack 2 on CD
»www.microsoft.com/windowsxp/down···ult.mspx
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/ |
|
BPremium,MVM
join:2000-10-28 |
Hey, Name Game, I've seen you mention SafeXP before and at your suggestion I tried it a few weeks ago.
The thing that stood out for me (other than that it did not include the lockdown features I hoped vis a vis installation of executables, etc.) was that I couldn't immediately find a way to protect its settings. In other words, it seemed that anyone with access to the SafeXP executable could trivially reverse or alter any settings made by the administrator. Did I miss something?
-- B
--
In a realm outside causality and function
|
|
