Free Malware Removal Forum

[Vino Rosso]

Hi Dougal

but I just thought I should run through with you about what the logs in Zonealarm were like.

I suspect most, if not all, of these would be incoming alerts therefore demonstrating the need to run a firewall.

The logs also had what looked like internet web addresses but when I put them in the address bar they went nowhere. Some looked a bit suspect but I can't remember any of the addresses now. Here are a couple I wrote down but they aren't as suspect as some of the others.

Not something I would recommend without very good protection running on your computer!

Should I reinstall ZA and get some better log details?

On no account should you run two firewalls at the same time on the same computer. Doing this would cause conflicts likely to result in reduced protection and resource problems. If you prefer Zone Alarm over Norton then you must remove Norton before installing Zone Alarm. However I recommend that you leave things as they are and update to SP2 before considering changing firewalls.

Please go ahead with updating to SP2.

Vino

[Dougal]

Just one more thing I forgot to mention.

I emailed the only 2 entries I had in NAV's logs earlier this year to my ISP's technical support division. Here is their reply:


I have received notification that you have firewall
logs showing incoming traffic to your computer on known trojan horse ports.

From examining the IP addresses supplied (202.124.114.131 on 1 May
2006, and 202.124.110.150 on 6 November 2005) I have determined these to
point to your account on both occasions. As such, it appears
your computer is attacking itself using the external dial-up interface,
using the IP address we're giving your computer when it dials up. It
looks as though this happens almost immediately after you dial up,
judging by your firewall records and our dial-in records.

I recommend that you scan your machine for viruses, using an up-to-date
virus scanner; additionally, scanning your machine for spyware/malware
using a scanner such as Spybot Search & Destroy, and as a last resort,
dropping your computer to a computer repair centre for inspection.


I know this probably doesn't change the situation but I thought I better let you know anyway.

Will continue on with the SP2 install. Will reply back on either Thursday/Friday night depending how well I go.

Thanks for your time and patience.
Dougal

[Vino Rosso]

I have received notification that you have firewall
logs showing incoming traffic to your computer on known trojan horse ports.

Hi Dougal

If you still have the firewall logs, they will show the traffic direction.

[Dougal]

Hi Vino,

They were inbound. Are you saying that I do not have to worry about my computer being infected unless the traffic is outward bound? Sorry if that is a dumb question.

Here are the logs.

1/5/2006 - 5:47:26pm
Rule "Default Block DeepThroat Trojan horse" blocked (202.124.114.131,3150).
Inbound UDP packet.
Local address,service is (localhost,3150).
Remote address,service is (202.124.114.131,3150).
Process name is "N/A".

6/11/2005 - 6:00:37pm
Rule "Default Block Master Paradise Trojan horse" blocked (202.124.110.150,3129).
Inbound UDP packet.
Local address,service is (localhost,3129).
Remote address,service is (202.124.110.150,3129).
Process name is "N/A".

Thanks
Dougal.

[Vino Rosso]

Hi Dougal

Basically, 'incoming' means just that! Your firewall is doing what it should by blocking unsolicited incoming packets.
I suggest it's highly unlikely that malware would want to go out through the firewall and back in again to attack your PC. Unless there is a corresponding outgoing entry in the firewall log, I doubt there is a problem and would suggest the warnings may be 'false positives'.

Searching on Google for the two warnings you've shown brings up some interesting stories such as >here< and >here< where false positives are suspected.

[Dougal]

Hi Vino,

Thanks for the reply and the links. Would appreciate having security software that didn't worry you unnecessarily. I have only ever owned NAV so have never been able to monitor outgoing traffic (maybe something to think about changing). When I did have ZA firewall installed though I don't remember any blocks on suspicious outgoing traffic. Therefore the computer is clean I guess.

Will get back on Friday when everything is finished.

Thanks once again.
Dougal.

[Dougal]

Hi Vino,

Am having trouble getting the computer in good working order before installing SP2. When I did the system recovery 6 months ago it seems to have mucked up the uninstall programs for some of software that I have. The problem is trying to figure out how to remove the software properly without these. Adobe Reader is one piece of software I am struggling with.

Will get back to you next Friday. Hopefully all will be finished.

Dougal.

[Vino Rosso]

Hi Dougal

If you are having non-malware related issues with your computer, for example uninstalling Adobe Reader as you mention, I can recommend you visit and ask for assistance at a forum that specialises in these types of problems. Try >PCPitStop< or >Computer Trouble<. Should you have any malware related issues, please come back and see us... we would be very happy to help.

I'd be grateful if you could reply to this post so that we know it can be archived. Should you find that you are having malware problems, you will be able to re-open this thread at a later date.

Thanks and good luck
Vino

[Dougal]

Hi Vino,

Sorry about the late reply.

Yes, I might go and check out one of those two forums. I was considering paying somebody to fix the computer but the cost involved is probably not worth it.

Anyway, I would like to thank you for all the effort you have put in, in trying to figure out what was wrong with the computer. It's been great having a place like this to come and ask for help. Hopefully once the software problems are sorted out that will be the end of it.

Thanks once again and good luck for the future.
Dougal.

[NonSuch]

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.