Re: Keep losing browser capabilities

From: Menno Hershberger (mhersh22_at_hotmail.com)
Date: 05/08/04 

Date: Sat, 08 May 2004 00:22:41 -0700

Malke <malke@nospoonnotreally.com> wrote in news:#PlpYd9MEHA.1272
@tk2msftngp13.phx.gbl:

> Menno Hershberger wrote:
>
>> Malke <malke@nospoonnotreally.com> wrote in
>> news:OgiIFD7MEHA.1608@TK2MSFTNGP12.phx.gbl:
>>
>>> Menno Hershberger wrote:
>
>> That's what I do too. Kinda humbles a guy to have to ask for help.
>
> I know what you mean, but false pride is a luxury intelligent people
> can't afford. I've learned that the smartest thing to do sometimes is
> admit you don't know. Life is too short to be stupid.
>
>> I'm glad it happened on my own computer at least. And yes, Norton
>> grabbed one of those Gaobot trojans just before that started
>> happening. It just popped up and said it had fixed it.
>> Unfortunately I think it got it off a customer's computer who I had
>> networked. His had two instances of Sasser and two or three of
>> gaobot plus many more. But I got his all cleaned up and it was
>> working fine. I'm in Safe Mode at the moment and it just keeps
>> plugging away. Apparently even though you disable EVERYTHING in
>> msconfig, something is still loading in normal mode that doesn't in
>> safe mode.
>
> I just got back from the latest. She had three variants of Sasser and
> Agobot. Check out this article about the W32.HLLW.Polybot, often known
> as Agobot, Phatbot, and a slew of other bots - it is very helpful in
> showing where to look:
>
> http://securityresponse.symantec.com/avcenter/venc/data
> w32.hllw.polybot.html
>
> Of course, you've noted that the url wraps in my newsreader.
>
>> Save the lecture about networking customer's computers.... :-)
>> I like to learn the hard way.
>
> Did I say anything? I didn't have to, did I? ;-)
>
>> I do have Zone Alarm on here but I usually don't run it behind the
>> router. When I do, it never logs anything at all, That's the reason I
>> figured I didn't need it. If I plug a computer direct into the T1
>> without a firewall running, I can almost it will "catch" a virus in 10
>> minutes time. I forgot right offhand which one, but it's the one with
>> brasil.exe and that other slew of files and puts a long list in
>> win.ini (on Win98 computers)
>>
> I actually do run Sygate free version on the Windows boxen, even though
> I'm behind a router to the cable connection. I like having a firewall
> for exactly the reason that if something slips in, I have a chance of
> catching it trying to get out. This is the way I cleaned up a client's
> computer yesterday - after using the Sasser removal tool and Stinger, I
> still couldn't get Task Manager/regedit to run and yet I didn't see
> anything strange in msconfig. Then the eTrust firewall flagged
> something almost innocuous and >bang!< - gotcha, you b*st*rd!
>
> So, I do think you've got something like a polybot and I think that the
> firewall will help catch it. And as I said in my first post, check the
> hosts files. Let me know how things go for you.
 
    I seem to have temporary relief. I plugged directly into the T1 and
set it to let DHCP pick an IP. I had no problem then, except that I was
"out" of my network. So I left the settings the same and plugged it back
into my router and let my router assign me an IP. It still continued to
work. But I need my static IP since I have assignments to it in the
router (like PCAnywhere). So I switched it back to the way it always was
(static IP) and it is STILL working. Even after a couple of reboots,
it's been hanging in there for over 24 hours now. I must have jostled
*something* loose... :-)
I hate it though. It's kinda like kicking something and it starts
working again. You never know what the damn problem was in the first
place.
   Thanks for your suggestions and assistance. I too have been busy with
other people's problems... just got done with a 98 machine that had 38
instances of 11 viruses, and Pest Patrol got 2,358 "hits" on it... :-) 

-- 
   There are 3 kinds of people: Those who can count & those who can't.

Relevant Pages

  • Re: Windows Firewall
    ... Safe Mode will stop most non critical system services/processes from ... will allow networking to function. ... The router could be the problem if it is blocking ports ... and was able to turn off the firewall. ...
    (microsoft.public.win2000.security)
  • Re: Just venting (totally OT)
    ... the ame router to get access to the net! ... I'm paranoid about opening up my firewall "just in case..." ... not visiting dodgy Websites. ... The protection that it does supply is also provided by ...
    (uk.people.support.depression)
  • Re: Just venting (totally OT)
    ... how long it plays for because it's all been ripped on to hard disc ... the ame router to get access to the net! ... I'm paranoid about opening up my firewall "just in case..." ... The protection that it does supply is also provided by ...
    (uk.people.support.depression)
  • Re: What is broken:McAfeee firewall or my router ????? Urgent, ple
    ... your computer regardless of what McAfee firewall said. ... If your router is ... warned about those ports being available right away if you had any of those ...
    (microsoft.public.security)
  • Re: What is broken:McAfeee firewall or my router ????? Urgent, ple
    ... your computer regardless of what McAfee firewall said. ... If your router is ... warned about those ports being available right away if you had any of those ...
    (microsoft.public.security)