Re: Sending millions of packets

From: Chuck (none_at_example.net)
Date: 10/10/04 

Date: 10 Oct 2004 14:36:08 -0500

On Sun, 10 Oct 2004 14:09:35 -0400, "J" <Jesse@nospam.LogicalArts.com> wrote:

>Sunday 2:10pm
>
>Laptop XP PRO, SP2
>
>Millions of packets are sent when starting the computer.
>
>Been on for 40 minutes now, sent 313,532,612,754 packets.
>received 28.
>
>Disable the connection and start again: 40 seconds 146 million packets sent.
>
>The network icon in the try displays activity but ZoneAlarm does not show
>actual access to the network.
>
>I had uninstalled ZA before installing SP2. I installed ZA to check for
>spyware of some sort.
>
>I had completed scans with Spybot, Ad-Aware and NAV2004. Items were found
>but no virues/trojans.
>
>Any thoughts?
>
>J
>

Jesse,

ZoneAlarm will detect network activity by specific applications. Some crapware
(adware, spyware, viruses) may use system functions to send and receive, and ZA
will look the other way.

How current is your virus protection? Try one or more of these free online
virus scans, which should complement your current protection:
<http://www.bitdefender.com/scan/license.php>
<http://www.pandasoftware.com/activescan>
<http://www.ravantivirus.com/scan/>
<http://security.symantec.com/ssc/home.asp>
<http://housecall.trendmicro.com/housecall/start_corp.asp>

Now check for, and learn to defend against, additional problems - adware,
crapware, spyware. Have you downloaded these programs before? Download them
again, as the latest version may be needed to keep up with the current level of
malware being attempted constantly - get the absolutely most current version of
each product listed. They're all free - and most pretty small, so they download
quickly enough.

Start by downloading each of the following additional free tools:
AdAware <http://www.lavasoftusa.com/>
CWShredder <http://www.majorgeeks.com/download4086.html>
CoolWWWSearch.SmartSearch (v1/v2) MiniRemoval
<http://www.majorgeeks.com/download4113.html>
HijackThis <http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix and WinsockXPFix <http://www.cexx.org/lspfix.htm>
Spybot S&D <http://www.safer-networking.org/index.php?page=download>
Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger>

Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. AdAware and Spybot S&D have install routines - run them.
The other downloaded programs can be copied into, and run from, any convenient
folder.

First, run Stinger. Have it remove any problems found.

Next, close all Internet Explorer and Outlook windows, and run
CoolWWWSearch.SmartSearchMiniRemoval, then CWShredder. Have the latter fix all
problems found.

Next, run AdAware. First update it ("Check for updates now"), configure for
full scan (<http://forum.aumha.org/viewtopic.php?t=5877>), then scan. When
scanning finishes, remove all Critical Objects found.

Next, run Spybot S&D. First update it ("Search for updates"), then run a scan
("Check for problems"). Trust Spybot, and delete everything ("Fix Problems")
that is displayed in Red.

Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<http://forums.spywareinfo.com/index.php?showtopic=227>
<http://www1.spywareinfo.com/articles/hijacked/prevent.php>

Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts, here):
Aumha: <http://forum.aumha.org/index.php>
Net-Integration: <http://forums.net-integration.net/>
Spyware Info: <http://forums.spywareinfo.com/>
Spyware Warrior: <http://spywarewarrior.com/index.php>
Tom Coyote: <http://forums.tomcoyote.org/>

If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.

Finally, improve your chances for the future.

Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/

Block Internet Explorer ActiveX scripting from hostile websites (Restricted
Zone).
<https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)

Block known dangerous scripts from installing.
<http://www.javacoolsoftware.com/spywareblaster.html>

Block known spyware from installing.
<http://www.javacoolsoftware.com/spywareguard.html>

Make sure that the spyware detection / protection products that you use are
reliable:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Harden your operating system. Check at least monthly for security updates.
http://windowsupdate.microsoft.com/

Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
use:
http://www.accs-net.com/hosts/get_hosts.html
http://www.mvps.org/winhelp2002/hosts.htm
(The third is included, and updated, with Spybot (see above)).

Maintain your Hosts file (merge / eliminate duplicate entries) with:
eDexter <http://www.accs-net.com/hosts/get_hosts.html>
Hostess <http://accs-net.com/hostess/>

Secure your operating system, and applications. Don't use, or leave activated,
any accounts with names or passwords with trivial (guessable) values. Don't use
an account with administrative authority, except when you're intentionally doing
administrative tasks.

Use common sense. Yours. Don't install software based upon advice from unknown
sources. Don't install free software, without researching it carefully. Don't
open email unless you know who it's from, and how and why it was sent.

Educate yourself. Know what the risks are. Stay informed. Read Usenet, and
various web pages that discuss security problems. Check the logs from the
security products that you use regularly, look for things that don't belong, and
take action when necessary.

And Jesse, I wouldn't bet that your email munging technique will fool too many
email address mining viruses. Learn to munge your email address properly, to
keep yourself a bit safer when posting to open forums. Protect yourself and the
rest of the internet - read this article.
http://www.mailmsg.com/SPAM_munging.htm

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

Relevant Pages

  • Re: Browser freeze
    ... IMHO) will graphically show you what network traffic is present on your system. ... Process Explorer will show you what processes, foreground and background, ... They're all free - and most pretty small, so they download quickly enough. ... Now check for, and remove, spyware. ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Sending millions of packets
    ... >>actual access to the network. ... >>spyware of some sort. ... Download ... > Block known dangerous scripts from installing. ...
    (microsoft.public.windowsxp.network_web)
  • After installing update ADODB.stream (KB870669) all my downloads are corrupted
    ... I installed the update on both my XP workstation and on ... that you're using Getright to download, well, maybe the ... >After installing this update to my XP workstation and a ... >from network are corrupted. ...
    (microsoft.public.windowsxp.general)
  • Re: Debian netboot on a SunFire v20z
    ... really needs to download any packages. ... After installing this way I was ... able to a deb mirrors on the running system. ... >a problem with your network, ...
    (Debian-User)
  • Re: page freezer....
    ... Download and run the CWS removal tool. ... accessing any spyware related sites if installed. ... Due to many Spyware help sites being under a DDoS attack (Distributed Denial ... After installing Ad-Aware, open it and click on the ref update to get the ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
Loading