kingsbard
join:2000-11-28
Orlando, FL
clubs:
|  Desperately Need an answer and help. I'm Scared!
I know this is off topic but I'm not sure where to go and I desperately need help and I have a feeling I need it FAST!.
I paid 10 bucks for a full week of complete security scans here on DSLReports and I got a negative 63. My largest concern is the following result:
Netbios
These give away your username and computer/workgroup names and you are vulnerable to any future exploits of netbios
result Couldnt list any shares
Found netbios names: CLAY WORKGROUP CLAY
score Points Deducted:30
My concern here is that I didn't set up a workgroup and I don't know ANYONE named Clay. I do have a firewall up but I'm beginning to think Norton Firewall sucks as a firewall. If SOMEONE, ANYONE could explain the above result to me and what it means I would appreciate it. I am assuming it means someone has hacked their way into my computer and now have access to it. Please, if anyone knowing about this could respond as soon as possible I would greatly appreciate it. Thanks.
Sorry for posting off topic but I didn't know where else to turn besides my FA@home family.
Kingsbard
--
In just refusing to retreat from something, one gains the strength of two men. |
|
Stiofan
join:2000-08-21
Post Falls, ID
| You need to go to the Security forum and post this exactly as you have done. I'm not familar with Norton Firewall, I use Zone Alarm, so I can't tell you anything about your software. The security forum will jump on this and you'll have your answers quickly. I'll IM a Moderator and see if they'll move this thread over to Security.
--
Steve
"I just want to say one word to you - just one word. Are you listening? Plastics." Mr. McGuire, from THE GRADUATE |
|
kingsbard
join:2000-11-28
Orlando, FL
clubs:
| reply to kingsbard
Now I'm sure of it I clicked on system info (properties) and on the General tab uder the heading: Manufactured and supported by:
Winblows
Model T Ford
Fake Genitel
Pentium ZERO
255.0LB Goat
All of my Title Bars say Winblows wuz here (and maybe I still am)!
My Norton Firewall is set to it's highest possible setting and a THOROUGH Virus Scan came up Clean having used nortons Liveupdate right before the scan so I know the defs are current. And before anyone asks the obvious, yes, The Firewall is Enabled. Now I have gone beyond scared to terrified!
--
In just refusing to retreat from something, one gains the strength of two men. |
|
Jestocost
The Poodle Bites.
join:2000-10-19
Saint Louis, MO
| reply to kingsbard
This would appear to be the result of an infection by VBS.Illen, a pretty nasty Trojan/Worm. Symantec has info on the virus and removal here:
»service1.symantec.com/sarc/sarc.···len.html
Norton PF is an OK firewall, based on everything I have heard, but a firewall is only as good as your other security protections. It's also important to have an up-to-date anti-virus package and to adopt good practices relative to e-mail attachments, file downloads, etc.
I'm sure that others with additional information will chime in soon.
Good luck!
--
"Strange things are afoot at the Circle K, Ted." -- Bill S. Preston, Esq. |
|
Rocktagon
Slightly Bent
Premium
join:2000-11-04
Chattaroy, WA
clubs: 
| reply to kingsbard
Hey bud,
I am sorry to hear about your infection.
Go here and download Anti-Trojan 5. It is free for 5 uses and is one of the best trojan/port scanners available.
Run it and it should clean your system and report which ports are open.
Save the report and paste it in this thread.
I will look for more info on the bugger for ya.
--
Quest for Knowledge
|
|
Rebrider
Been There Done That
Premium
join:2000-11-23 |  reply to kingsbard
Go to »vil.mcafee.com/dispVirus.asp?virus_k=10516&. There is description and a fix.
--
RKBA!
The more I learn the less I know. |
|
Wildcatboy
Premium,Mod
join:2000-10-30
Toronto, ON
Host:
Security Product V..
Security
|  reply to kingsbard
Well, as others have explained you are infected. This Virus/Trojan is a year old which means you should have caught it had you been running an up to date Anti Virus. If you don't have one, get one. Try Inoculate IT or AVG They are both good and free to download. I would also try Anti Trojan suggested by SCooTER2.
As for your firewall, if you set your firewall properly you should not get -63 even if you are infected. You must make sure that you have configured it right and make sure you are running in stealth mode. That way the scan server can't get in to show anything. Good luck with your clean up and be sure to let us know how it goes.
--
You can catch the Devil, but you can't hold him long. |
|
Jammy
be'suvwl
Premium
join:2000-11-03
Chula Vista, CA
clubs:
|  reply to Rocktagon
said by SCooTER2:
Hey bud,
I am sorry to hear about your infection.
Go here and download Anti-Trojan 5.
Hey . . .that website seems to be down! Try here instead: Anti-Trojan 5. I think the site is in Denmark
[text was edited by author 2001-02-12 20:36:18] |
|
tnm456
join:2001-01-28
Connellsville, PA | A little Ironic twist
Anti-Trojan 5 installs spyware
called onflow
Just did a test on it,
It installed the spyware
both time I tested it
Onflow is an internet advertising agency |
|
Rocktagon
Slightly Bent
Premium
join:2000-11-04
Chattaroy, WA
clubs: | Well now I know where I got it 
I have deleted the onflow and the program still works if that is of any consolation.
We should let them know. |
|
JANDOENT
join:2000-10-05
Tampa, FL | reply to tnm456
Hmmmm, they must have just started putting it in there then.
Refering to Onflow in Anti-Trojan...
--
Inquiring minds want to know... |
|
Wildcatboy
Premium,Mod
join:2000-10-30
Toronto, ON
Host:
Security Product V..
Security
| reply to Rocktagon
I like Anti Trojan and I didn't notice the Onflow there before. Now that they've added it I think I should be more careful when recommending it. I think It's about time I dropped them an email. 
--
You can catch the Devil, but you can't hold him long. |
|
tnm456
join:2001-01-28
Connellsville, PA | Not sure if this is going to matter.
The Anti-trojan that had spyware
was downloaded from the swedish site;
»softer.de/Detail/1623.shtml |
|
BuggSpy
Pet Me
Premium
join:2001-01-24
Canada
|  reply to tnm456
Hi tmn456
Don't worry about the spyware. Go to »grc.com and download the OptOut software. It's really small, about 25K
Optout is written in assembly (machine) language so it won't disrupt your registry BUT it will kill ALL spyware on your system.
I run it regularly and LOVE IT!
Read the OptOut section on the site for full details. It's super easy to use and quite efficient.
Good luck!
--
BuggSpy |
|
Rocktagon
Slightly Bent
Premium
join:2000-11-04
Chattaroy, WA
clubs:
| reply to Jammy
Thanks Jamilla,
The link I posted is the English one and it is ok because I just went to it and added the above comment and a link to this forum to their support page.
I hope they will respond as I asked them to as to why any spyware would be included with this package.
For anyone interested in alternative trojan scanners:
The Cleaner
TDS-3 Trojan Defense Suite
Touscan
Quest for Knowledge
[text was edited by author 2001-02-12 22:23:00]
[text was edited by author 2001-02-12 22:27:58] |
|
Rocktagon
Slightly Bent
Premium
join:2000-11-04
Chattaroy, WA
clubs:
| reply to BuggSpy
Steve Gibson himself has given up on optout and recommended Lavasofts AdAware,the new version was just posted here in the last couple of day's.
AdAware
[text was edited by author 2001-02-12 22:08:27] |
|
BuggSpy
Pet Me
Premium
join:2001-01-24
Canada | Thanks SCooTER2! Been out of town for a while. I'll check it out.
--
BuggSpy |
|
tnm456
join:2001-01-28
Connellsville, PA
| reply to Rocktagon
Upon Further Review....
The play stands as called
Started registry scan.
======================
OnFlow key:HKEY_LOCAL_MACHINE\software\onflow\
Suspicious keys found : 1
Started file examination.
=========================
OnFlow file:C:\Program Files\Internet Explorer\PLUGINS\nponflow.dll
Suspicious files found : 1
The english version (American server)
had spyware in the installation also
By the way, I am running Ad-Aware 4.51 |
|
Wildcatboy
Premium,Mod
join:2000-10-30
Toronto, ON
Host:
Security Product V..
Security
| reply to BuggSpy
As scooter2 mentioned Opt Out is an out dated software and is no longer recommended/ ( Not even by it's author Steve Gibson ) and it does not get rid of all spyware. Ad Aware would be the software you should look for and it's even recommended by Steve himself.
--
You can catch the Devil, but you can't hold him long. |
|
BuggSpy
Pet Me
Premium
join:2001-01-24
Canada
| Hi Wildcatboy (great name btw)
Thanks for setting this straight. Although I'm a BIG Steve Gibson fan, I haven't had a lot of time to get caught up in the past month or so. I better hustle my keister. This stuff changes so quickly, you don't have time to blink anymore LOL!
Nice to see someone from the neighborhood!
Take care.
--
BuggSpy |
|
