Guest hidecote Posted May 27, 2008 Posted May 27, 2008 on 5/25/08, suddenly got lots of threat alerts, checked anti virus etc think it may have been disabled, don't know why. But system logs etc, now warnings, e.g. rule "default block Bla Trojan horse" blocked (my address). "your address has disappeared no longer protected" "port block allow Netbios changed" Tried Netstat showing 7-8 no waiting. Looking at logs first strange entries around 5/15/08 I am novice, never seen this before,need advice, scared. thanks, hidecote, Quote
Guest hidecote Posted May 27, 2008 Posted May 27, 2008 sorry forgot to say I have used my anti virus to scan my computer for threats. It shows ok. Can I assume my computer has kept the virus out? "hidecote" wrote: <span style="color:blue"> > on 5/25/08, suddenly got lots of threat alerts, checked anti virus etc think > it may have been disabled, don't know why. But system logs etc, now > warnings, e.g. rule "default block Bla Trojan horse" blocked (my address). > "your address has disappeared no longer protected" "port block allow > Netbios changed" Tried Netstat showing 7-8 no waiting. Looking at logs first > strange entries around 5/15/08 > I am novice, never seen this before,need advice, scared. > thanks, hidecote, </span> Quote
Guest Malke Posted May 27, 2008 Posted May 27, 2008 hidecote wrote: <span style="color:blue"> > sorry forgot to say I have used my anti virus to scan my computer for > threats. It shows ok. Can I assume my computer has kept the virus out? > > "hidecote" wrote: > <span style="color:green"> >> on 5/25/08, suddenly got lots of threat alerts, checked anti virus etc >> think >> it may have been disabled, don't know why. But system logs etc, now >> warnings, e.g. rule "default block Bla Trojan horse" blocked (my >> address). >> "your address has disappeared no longer protected" "port block allow >> Netbios changed" Tried Netstat showing 7-8 no waiting. Looking at logs >> first strange entries around 5/15/08 >> I am novice, never seen this before,need advice, scared. >> thanks, hidecote,</span></span> Your post is very confusing since you didn't say from where you're getting the threat alerts, which antivirus you're using, and what makes you think it has been disabled. You should definitely make sure the machine is clean by going through some scanning. I'll give you the steps below but since you say you're a computer novice a better choice might be to take the machine to a professional computer repair shop. Don't use your local equivalent of BigComputerStore/GeekSquad. Get recommendations from family, friends, and colleagues instead. Go through these general malware removal steps systematically - http://www.elephantboycomputers.com/page2....emoving_Malware Include scanning with David Lipman's Multi_AV and follow instructions to do all scans in Safe Mode. Please see the special Notes regarding using Multi_AV in Vista. http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions http://tinyurl.com/yoeru3 - download link and more instructions When all else fails, get guided help. Choose one of the specialty forums listed at the first link. Register and read its posting FAQ. You will generally be asked to: 1. Download and execute HiJack This! (HJT) - http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe 2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; "Word wrap" 3. Download/run Deckard's System Scanner - http://www.techsupportforum.com/sectools/Deckard/dss.exe 4. Save the scan results (Main.txt and Extra.txt) 5. And then post the contents of Main.txt and Extra.txt in your post at the forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS. Standard disclaimer: I can't see and test your computer myself, so these are just suggestions based on many years of being a professional computer tech; suggestions based on what you've written. You should not take my suggestions as a definitive diagnosis. If you can't do the work yourself (and there is no shame in admitting this isn't your cup of tea), take the machine to a professional computer repair shop (not your local equivalent of BigComputerStore/GeekSquad). Please be aware that not all local shops are skilled at removing malware and even if they are, your computer may be so infested that Windows will need to be clean-installed. If possible, have all your data backed up before you take the machine into a shop. Malke -- MS-MVP Elephant Boy Computers www.elephantboycomputers.com Don't Panic! Quote
Guest hidecote Posted May 27, 2008 Posted May 27, 2008 thanks, well I tried to keep the mesage short as advised. But I have Norton security, and I didn't know the auto protect was off, on now of course. I've completed 2 full scans since Sunday with Norton and it shows no virus present, nothing to repair, etc. I have since found on the Norton threat explorer that a low risk Trojan was discovered on 5/25/08, this is the new bit for me, I think I can follow removal instructions but if the scan didn't flag up any problem could trojan still be present? This was the only forum I wanted to ask , sorry I maybe don't have the correct language but I am grateful for help, Hidecote "Malke" wrote: <span style="color:blue"> > hidecote wrote: > <span style="color:green"> > > sorry forgot to say I have used my anti virus to scan my computer for > > threats. It shows ok. Can I assume my computer has kept the virus out? > > > > "hidecote" wrote: > > <span style="color:darkred"> > >> on 5/25/08, suddenly got lots of threat alerts, checked anti virus etc > >> think > >> it may have been disabled, don't know why. But system logs etc, now > >> warnings, e.g. rule "default block Bla Trojan horse" blocked (my > >> address). > >> "your address has disappeared no longer protected" "port block allow > >> Netbios changed" Tried Netstat showing 7-8 no waiting. Looking at logs > >> first strange entries around 5/15/08 > >> I am novice, never seen this before,need advice, scared. > >> thanks, hidecote,</span></span> > > Your post is very confusing since you didn't say from where you're getting > the threat alerts, which antivirus you're using, and what makes you think > it has been disabled. You should definitely make sure the machine is clean > by going through some scanning. I'll give you the steps below but since you > say you're a computer novice a better choice might be to take the machine > to a professional computer repair shop. Don't use your local equivalent of > BigComputerStore/GeekSquad. Get recommendations from family, friends, and > colleagues instead. > > Go through these general malware removal steps systematically - > http://www.elephantboycomputers.com/page2....emoving_Malware > > Include scanning with David Lipman's Multi_AV and follow instructions to do > all scans in Safe Mode. Please see the special Notes regarding using > Multi_AV in Vista. > > http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions > http://tinyurl.com/yoeru3 - download link and more instructions > > When all else fails, get guided help. Choose one of the specialty forums > listed at the first link. Register and read its posting FAQ. You will > generally be asked to: > > 1. Download and execute HiJack This! (HJT) - > http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe > > 2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; "Word > wrap" > > 3. Download/run Deckard's System Scanner - > http://www.techsupportforum.com/sectools/Deckard/dss.exe > > 4. Save the scan results (Main.txt and Extra.txt) > > 5. And then post the contents of Main.txt and Extra.txt in your post at the > forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS. > > Standard disclaimer: I can't see and test your computer myself, so these are > just suggestions based on many years of being a professional computer tech; > suggestions based on what you've written. You should not take my > suggestions as a definitive diagnosis. If you can't do the work yourself > (and there is no shame in admitting this isn't your cup of tea), take the > machine to a professional computer repair shop (not your local equivalent > of BigComputerStore/GeekSquad). Please be aware that not all local shops > are skilled at removing malware and even if they are, your computer may be > so infested that Windows will need to be clean-installed. If possible, have > all your data backed up before you take the machine into a shop. > > Malke > -- > MS-MVP > Elephant Boy Computers > www.elephantboycomputers.com > Don't Panic! > </span> Quote
Guest Malke Posted May 27, 2008 Posted May 27, 2008 hidecote wrote: <span style="color:blue"> > thanks, well I tried to keep the mesage short as advised. But I have > Norton > security, and I didn't know the auto protect was off, on now of course. > I've completed 2 full scans since Sunday with Norton and it shows no virus > present, nothing to repair, etc. I have since found on the Norton threat > explorer that a low risk Trojan was discovered on 5/25/08, this is the new > bit for me, I think I can follow removal instructions but if the scan > didn't flag up any problem could trojan still be present? This was the > only forum I wanted to ask , sorry I maybe don't have the correct language > but I am grateful for help,</span> I would still scan with antispyware programs since Norton doesn't do that. Start with Malwarebytes' Antimalware program since it is good, non-invasive, and free. Malke -- MS-MVP Elephant Boy Computers www.elephantboycomputers.com Don't Panic! Quote
Guest Jason Posted May 28, 2008 Posted May 28, 2008 You most likely got a rootkit which is why your A/V was disabled it is common for these rootkits to do things like that to be undetected. Post Originated from http://www.VistaForums.com Vista Support Forums Quote
Guest hidecote Posted May 28, 2008 Posted May 28, 2008 thanks Jason and Malke. I had a good look at logs, event info, I now see I have an annonymous login when I log in, next thing lots of policy changes re- firewall, allowing exceptions. When i check windows firewall it has been turned off. the login is event 540, type 3. Tonight I downloaded and ran the malware prog. from the help and support centre. It didn't flag up any malicious progs. Sorry but I'm still not sure if something has gotten through into my computer or is trying hard to do so. I am new to this, it does feel like I'm being stalked almost. I tried to run the IPSec monitor snap-in but only could see it in the console of MMC could not get it to run. Don't think I know enough yet. Sorry to go on, thanks for your interest. Regards hidecote "Jason" wrote: <span style="color:blue"> > You most likely got a rootkit which is why your A/V was disabled it is common for these rootkits to do things like that to be undetected. > > > Post Originated from http://www.VistaForums.com Vista Support Forums > </span> Quote
Guest Mick Murphy Posted May 29, 2008 Posted May 29, 2008 To check everything properly, reboot your computer and tap F8 right at power on/ startup! Once a list appears, use the UP and Down arrows to go to Safe Mode> hit ENTER Once you are in Safe mode, run your anti-virus and anti-spyware/Malware Programs again. -- Mick Murphy - Qld - Australia "hidecote" wrote: <span style="color:blue"> > thanks Jason and Malke. I had a good look at logs, event info, I now see I > have an annonymous login when I log in, next thing lots of policy changes re- > firewall, allowing exceptions. When i check windows firewall it has been > turned off. the login is event 540, type 3. Tonight I downloaded and ran the > malware prog. from the help and support centre. It didn't flag up any > malicious progs. Sorry but I'm still not sure if something has gotten > through into my computer or is trying hard to do so. I am new to this, it > does feel like I'm being stalked almost. I tried to run the IPSec monitor > snap-in but only could see it in the console of MMC could not get it to run. > Don't think I know enough yet. Sorry to go on, thanks for your interest. > Regards hidecote > > "Jason" wrote: > <span style="color:green"> > > You most likely got a rootkit which is why your A/V was disabled it is common for these rootkits to do things like that to be undetected. > > > > > > Post Originated from http://www.VistaForums.com Vista Support Forums > > </span></span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.