Go Back   nV News Forums > Software Forums > General Software

Newegg Daily Deals

Reply
 
Thread Tools
Old 03-31-06, 01:59 PM   #1
Capt. Picard
Registered User
 
Capt. Picard's Avatar
 
Join Date: Oct 2005
Location: South Africa
Posts: 6,386
Default Virus - please help.

Please bear with me. I know I've got a virus of sorts. But what I can't understand is how this happened. I formatted my pc yeaterday and haven't used mt dialup untill an hour ago (it is Friday night 21:45). Almost the instant when I connected and made Google my homepage I got this message from my AV PCCillin (see pic). I couldn't have contaminated my system because I haven't copied any of my backuped stuff on to my pc yet. All that is on the pc is some stuff I installed like - see pic. I've got another pc on a LAN that has Internet through ICS. So it must have gotten it from there but I can't understand why that AV on that pc haven't picked it up. It has basically the same stuff on it as my pc and the AV is updated.

Does anybody recognize these viruses and know what they do? I've followed up the links of the viruses but even though I know a little bit about computers I can't get to point where I understand exactly what the virus is.

I'm busy updating Windows but the yellow sign in my systray has been on 2% downloaded for the last hour and a half. My dialup is running at normal speed so it is the dialup. And I'm also updating my AV now. Do you think that this AV will be able to remove the virus.
Attached Thumbnails
Click image for larger version

Name:	untitled.JPG
Views:	154
Size:	23.3 KB
ID:	17096  Click image for larger version

Name:	untitled2.JPG
Views:	136
Size:	62.1 KB
ID:	17097  Click image for larger version

Name:	untitled3.JPG
Views:	143
Size:	111.3 KB
ID:	17098  
__________________
If beer is not the answer, you're asking the wrong question.
Capt. Picard is offline   Reply With Quote
Old 03-31-06, 02:43 PM   #2
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Virus - please help.

LSASS is a network based exploit, unless you've patched the system that you're connecting to the Internet with it's vulnerable. LSASS is an old exploit, I believe ~2005, which exploits TCP 445.

If you're connected to the Internet with an unpatched box without a firewall then:

1) Get a firewall.
2) Patch your box.

If your machine is already patched it's likely you're firewall isn't function and Trend/Petercillin is reporting a block on the incoming network-based exploit.

I wouldn't freak out, you're not infected.
evilghost is offline   Reply With Quote
Old 03-31-06, 10:43 PM   #3
Q
 
Join Date: Sep 2004
Posts: 7,808
Default Re: Virus - please help.

Quote:
Originally Posted by evilghost
LSASS is a network based exploit, unless you've patched the system that you're connecting to the Internet with it's vulnerable. LSASS is an old exploit, I believe ~2005, which exploits TCP 445.

If you're connected to the Internet with an unpatched box without a firewall then:

1) Get a firewall.
2) Patch your box.

If your machine is already patched it's likely you're firewall isn't function and Trend/Petercillin is reporting a block on the incoming network-based exploit.

I wouldn't freak out, you're not infected.
I'm honestlly surprised that you didn't bash MS ONCE in this reply.

I'm proud of you, evilghost!!!
Q is offline   Reply With Quote
Old 03-31-06, 11:22 PM   #4
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Virus - please help.

Quote:
Originally Posted by Qlitchford
I'm honestlly surprised that you didn't bash MS ONCE in this reply.

I'm proud of you, evilghost!!!
It was tough....I had a slurry of inflamatory statements to make but I opted fo helping out instead.

I did flame PCillin calling it "Petercillin" because it's worthless software (much like all Microsoft products)

Pseudo-security; it makes you feel better.
evilghost is offline   Reply With Quote
Old 04-01-06, 12:11 AM   #5
Capt. Picard
Registered User
 
Capt. Picard's Avatar
 
Join Date: Oct 2005
Location: South Africa
Posts: 6,386
Default Re: Virus - please help.

Quote:
Originally Posted by evilghost
It was tough....I had a slurry of inflamatory statements to make but I opted fo helping out instead.

I did flame PCillin calling it "Petercillin" because it's worthless software (much like all Microsoft products)

Pseudo-security; it makes you feel better.
How is Norton 2005? What AV would you recommend?

I've updated everything and haven't seen the warnings since. I were just shocked for seeing those warnings so quickly after I formatted and then connected
__________________
If beer is not the answer, you're asking the wrong question.
Capt. Picard is offline   Reply With Quote
Old 04-01-06, 04:23 AM   #6
rewt
mmm, Beer.. :drooling:
 
rewt's Avatar
 
Join Date: May 2004
Location: USA
Posts: 3,667
Default Re: Virus - please help.

You should slipstream Service Pack 2 into your XP installation CD to avoid problems like this in the future. I'd also recommend integrating RyanVMs update pack as well.
__________________
My pimp'n rig
Athlon64 Venice 3000+ @ 2.6GHz (4100+) · Win XP Pro x86, Vista Ultimate x64 · eVGA K8-NF41 nForce4 SLi · Corsair XMS 1.5GB PC3200 CAS2/1T · eVGA 2x 6600GT SLi · Leadtek Winfast TV2000 XP Deluxe · Western Digital Caviar SE ½TB RAID 0/1 · PowerLink LPK2-30 400W · LiteON LDW-411S OC to 811S 8x DVD±R/RW/ROM · MicroAdvantage 64MB QuickiDrive · Samsung SyncMaster 931B 19" LCD · Microsoft Optical Wheel Mouse USB · Sony PSXtoUSB Analog Gamepads · Memorex MX2700 Multimedia Keyboard · Lexmark 3200 Color Jetprinter · nForce Network Controller 1Gb/s LAN (Cable ~3Mb/s down) · ΩPioneer Dolby Digital 5.1 Surround Sound
rewt is offline   Reply With Quote
Old 04-01-06, 05:15 AM   #7
Capt. Picard
Registered User
 
Capt. Picard's Avatar
 
Join Date: Oct 2005
Location: South Africa
Posts: 6,386
Default Re: Virus - please help.

Quote:
Originally Posted by rewt
You should slipstream Service Pack 2 into your XP installation CD to avoid problems like this in the future. I'd also recommend integrating RyanVMs update pack as well.
My CD does have SP2.
__________________
If beer is not the answer, you're asking the wrong question.
Capt. Picard is offline   Reply With Quote
Old 04-01-06, 05:37 AM   #8
rewt
mmm, Beer.. :drooling:
 
rewt's Avatar
 
Join Date: May 2004
Location: USA
Posts: 3,667
Default Re: Virus - please help.

Does PCCillin have built in firewall?
__________________
My pimp'n rig
Athlon64 Venice 3000+ @ 2.6GHz (4100+) · Win XP Pro x86, Vista Ultimate x64 · eVGA K8-NF41 nForce4 SLi · Corsair XMS 1.5GB PC3200 CAS2/1T · eVGA 2x 6600GT SLi · Leadtek Winfast TV2000 XP Deluxe · Western Digital Caviar SE ½TB RAID 0/1 · PowerLink LPK2-30 400W · LiteON LDW-411S OC to 811S 8x DVD±R/RW/ROM · MicroAdvantage 64MB QuickiDrive · Samsung SyncMaster 931B 19" LCD · Microsoft Optical Wheel Mouse USB · Sony PSXtoUSB Analog Gamepads · Memorex MX2700 Multimedia Keyboard · Lexmark 3200 Color Jetprinter · nForce Network Controller 1Gb/s LAN (Cable ~3Mb/s down) · ΩPioneer Dolby Digital 5.1 Surround Sound
rewt is offline   Reply With Quote

Old 04-01-06, 07:11 AM   #9
Capt. Picard
Registered User
 
Capt. Picard's Avatar
 
Join Date: Oct 2005
Location: South Africa
Posts: 6,386
Default Re: Virus - please help.

Quote:
Originally Posted by rewt
Does PCCillin have built in firewall?
Yes
__________________
If beer is not the answer, you're asking the wrong question.
Capt. Picard is offline   Reply With Quote
Old 04-01-06, 08:38 AM   #10
Belarnion
Crazy Scientist
 
Belarnion's Avatar
 
Join Date: May 2003
Location: Norway
Posts: 167
Default Re: Virus - please help.

Quote:
Originally Posted by Capt. Jean-Luc Picard
How is Norton 2005? What AV would you recommend?

I've updated everything and haven't seen the warnings since. I were just shocked for seeing those warnings so quickly after I formatted and then connected
NOD32
.
Belarnion is offline   Reply With Quote
Old 04-01-06, 08:56 AM   #11
rewt
mmm, Beer.. :drooling:
 
rewt's Avatar
 
Join Date: May 2004
Location: USA
Posts: 3,667
Default Re: Virus - please help.

Quote:
Originally Posted by Capt. Jean-Luc Picard
Yes
Ah, yes that confirms it then. It was merely blocking the LSASS worm, as evilghost suspected.
__________________
My pimp'n rig
Athlon64 Venice 3000+ @ 2.6GHz (4100+) · Win XP Pro x86, Vista Ultimate x64 · eVGA K8-NF41 nForce4 SLi · Corsair XMS 1.5GB PC3200 CAS2/1T · eVGA 2x 6600GT SLi · Leadtek Winfast TV2000 XP Deluxe · Western Digital Caviar SE ½TB RAID 0/1 · PowerLink LPK2-30 400W · LiteON LDW-411S OC to 811S 8x DVD±R/RW/ROM · MicroAdvantage 64MB QuickiDrive · Samsung SyncMaster 931B 19" LCD · Microsoft Optical Wheel Mouse USB · Sony PSXtoUSB Analog Gamepads · Memorex MX2700 Multimedia Keyboard · Lexmark 3200 Color Jetprinter · nForce Network Controller 1Gb/s LAN (Cable ~3Mb/s down) · ΩPioneer Dolby Digital 5.1 Surround Sound
rewt is offline   Reply With Quote
Old 04-01-06, 09:06 AM   #12
Capt. Picard
Registered User
 
Capt. Picard's Avatar
 
Join Date: Oct 2005
Location: South Africa
Posts: 6,386
Default Re: Virus - please help.

Quote:
Originally Posted by rewt
Ah, yes that confirms it then. It was merely blocking the LSASS worm, as evilghost suspected.
But the thing is, although I'm not 100% sure, I think I had the firewall off at that time because I were setting up internet connection sharing between my two pc's, but I still got the warnings like in the pictures in my first post. I'm using windows firewall now because that, seemingly, doesn't block the network traffic. As is obvious I don't know enough to go and manually block or unblock certain ports, so I just have to do with the standard configurations.

Everything is updated now (windows and AV) and I've run a scan and found nothing.

But if I were infected, what would the symptoms be.
__________________
If beer is not the answer, you're asking the wrong question.
Capt. Picard is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 09:27 AM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright ©1998 - 2014, nV News.