Results 1 to 5 of 5

Thread: Puzzled

  1. #1
    Junior Member
    Join Date
    Aug 2001
    Posts
    5

    Unhappy Puzzled

    My hormonally driven teenage son opens an e-mail message with "Snow White..." in the subject line using outlook on a win98 box. Message has no visible attachment or message. At the time the message was opened I had installed all the windows updates and was running NAV with updated definitions. I am also running Sygate Personel Firewall.

    Now for my question (other than which military school to ship said son off to), The fire wall shows kernel32.dll listening on 3 ports (137, 138 & 139). I don't recall seeing this. Is it normal?
    NAV scan has not detected anything. I downloaded the EICAR test string and it detected that, but I am still unconvinced (read paranoid). I run F-prot from a cd and it also did not detect anything, but the firewall shows kernel32.dll trying to connect to the internet.

    Any sugestions?

    Boral.

  2. #2
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Those are netbios ports. You need to disable netbios. Remove the Microsoft Network client.

    Netbios name service=137
    netbios Datagram service=138
    Netbios Session Service=139

    Hope that helps.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  3. #3
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    Ummm, the Snow White message is a virus. I would bet money that it was sent from hahaha@yahoo.com (if I remember correctly). It installs a back door trojan on your puter. If NAV isn't showing anything, you need to update your virus definations. If you don't want to pay for new definations, you can get AVG from www.grisoft.com for free. If for some reason that still doesn't work, go to www.tauscan.org and download the trojan cleaner program (can't remember the name).
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  4. #4
    Junior Member
    Join Date
    Aug 2001
    Posts
    5
    Thanks for the info Korp, I'll check when I get home.

    Soulman...I know about the snowwhite virus, that's why number one son is hanging from the yard arm by his hormones. What puzzles me is that norton (with current definitions) nor F-prot (again with current defs) does not detect anything. Makes my paranoid meter go tilt. According to the Sygate traffic log, kernel32.dll never tried to access until 3/01, the same day that e-mail was opened.

  5. #5
    If an up to date Norton isn't detecting anything than chances are the trojan didn't install. try a free online virus/trojan scanner here....Also, The Cleaner is a good little trojan removal tool. You can get it here....It's shareware and only lasts 30 days but that should be more than enough time to remove that evil temptress, SnoWhite....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •