| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 65448 | 2006-01-18 08:44:00 | Viruses and security | Lizard (2409) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 422180 | 2006-01-18 08:44:00 | After AVG detected thirteen viruses in the last week, I began to wonder if MS firewall was any good at all (I know I know, everyone said that MS firewall was useless, but up til now I hadn't had a problem). The main reason for using MS firewall was for some reason ZA wouldn't work when I installed it on the machine I built late-2004. But these viruses made me wonder if I shouldn't do something about it. Here are my questions: There were multiple instances of each of the following viruses that came in - Exploit.CVE-2005-1790 (fillmemadv483[1].htm) and Trojan horse Downloader.Agent.13.AI (xpladv483[1].wmf) and Trojan horse Exploit.Downloader (sploit[1].anr) How do these viruses get in, and does a firewall block them? Having no luck with ZA, I installed Sygate, which I'm liking so far. However, the programs that requested access to the internet when I fired it up I'm familiar with - in particular, NDIS User Mode I/O Driver, Application Layer Gateway Service, and LSA Shell (Export Version). I'm fairly certain these are Windows services, and should be allowed. Can anyone confirm this? Cheers Lizard |
Lizard (2409) | ||
| 422181 | 2006-01-18 09:01:00 | sorry but a firewall don't stop virus's. it can stop worms but will not stop your pc being infected by virus's or trojens. however a good firewall can stop virus's and trojens from gaining access to the net from your pc so they can't infect others, download futher infections, let your pc be remotly controlled or send out daat (bank pin numbers etc). virus's are generally downloaded, either by email, shared disks/files or simply going to an infected webpage. |
tweak'e (69) | ||
| 422182 | 2006-01-18 20:23:00 | Important: you may still have the Sasser virus running on your PC. Perhaps you should post a hijackthis log. Windows XP firewall is fine, with two caveats: * it's a resource hog, you'll need at least 512MB in your PC to support it. * it's an extremely popular target for hackers, because so many people use it. Always make sure you're up-to-date with WindowsUpdate if you use it. If you had thirteen viruses on your PC, your AVG software must have gotten really out of date. Due to the number of viruses, I'm guessing you're either into "evaluating" games, or at some point someone gained remote access to your PC, either via the Internet or wireless connection. Firewalls and anti-virus software installs are great, but they have to be kept up to date. Services --------- LSA is responsible for validating users for both local and remote logons, but it's also used by the Sasser virus. NDIS is network card related. Sometimes it's "wrapped" into Novell and wireless clients. I would consider it suspect. Application Layer Gateway Service is your firewall (and internet sharing). |
kingdragonfly (309) | ||
| 422183 | 2006-01-18 20:40:00 | if sasser virus wsa runnin they'd be gettin the 'windows will shut down in 60 seconds' message....... | drcspy (146) | ||
| 422184 | 2006-01-18 20:54:00 | If you had thirteen viruses on your PC, your AVG software must have gotten really out of date . Probably used the wrong terminology . AVG detected thirteen infected files, on three separate days . I suspect there aren't thirteen different viruses, though my knowledge of them is limited . Services --------- LSA is responsible for validating users for both local and remote logons, but it's also used by the Sasser virus . NDIS is network card related . Sometimes it's "wrapped" into Novell and wireless clients . I would consider it suspect . Application Layer Gateway Service is your firewall (and internet sharing) . Are you saying that LSA and NDIS should be blocked? Cheers Lizard |
Lizard (2409) | ||
| 422185 | 2006-01-18 21:00:00 | Are you saying that LSA and NDIS should be blocked I usually block any suspect service, and unless it stops something from working. It could be legitimate. If you'll post a hijackthis log here, it'll help the helpers. |
kingdragonfly (309) | ||
| 422186 | 2006-01-18 21:29:00 | Windows XP firewall is fine, with two caveats: * it's a resource hog, you'll need at least 512MB in your PC to support it. * it's an extremely popular target for hackers, because so many people use it. Always make sure you're up-to-date with WindowsUpdate if you use it. what a load of crock. XP firewall dosn't need 512mb. granted your pc wouyld run better with 512meg or more ram but the firewall dosn't need it to be able to run. XP firewall is not a target for hackers, pc's running MS OS's with no protection are. you don't need to hack XP firewall, its lets malicious applications straight through it by default. |
tweak'e (69) | ||
| 422187 | 2006-01-18 21:57:00 | you could try ditching AVG for Avast home (also free). Avast has multiple active scanners for P2P, web, standard, mail etc I've been surfing and avast has halted the loading of a page, warned me that the site contains a worm and gave me the choice to ignore it. I also don't have to wait 'till the end of a download to find out it's infected. |
apparition (3207) | ||
| 422188 | 2006-01-18 22:03:00 | I usually block any suspect service, and unless it stops something from working. It could be legitimate. If you'll post a hijackthis log here, it'll help the helpers. Can't post a HJ log until I get home tonight. But just to clarify - are NDIS and LSA Shell bona fide windows components, or are they non-windows programs? Cheers Lizard |
Lizard (2409) | ||
| 422189 | 2006-01-18 22:08:00 | NDIS is a windows component, so is LSA . BUT worms can also install/create/use LSA, as said in a previous post - ie: Blaster / Sasser . Other worms/trojans etc can also use the same name/s of other / valid windows components . |
Speedy Gonzales (78) | ||
| 1 2 | |||||