March 10th, 2004, 06:22 PM
norton firewall, is it crazy?
I have had norton personall firewall installed on my xp sp1 driven computer for awhile now.
I turned it on today and I keep getting alerts for inboundUDP 18.104.22.168 was executed.(high risk) When I click o.k. it just keeps on coming up. I have checked my alert settings, nothing.I have scanned for trojans with adaware. I have norton anti 2004 with it.
heres the details
Remote Address: 22.214.171.124:137
Local Address: 126.96.36.199:137
Now when I click o.k. the Remote address and the local address change.
any suggestions??? thanks a million
March 10th, 2004, 06:28 PM
Maybe some kiddie trying to DoS you with an UDP flood.
I wonder why the target port changes???
The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content
March 10th, 2004, 06:32 PM
O.k. just shut off my modem and im still getting alert???
remot address: 68.42.244.:53
local address: all local network adapters: 1029
same as above....
Im guessing its my settings, but where?
March 10th, 2004, 08:01 PM
Try contacting Symantec customer support. I'm sure that they could help you.
I, however, am not so sure about this. If the protocol is outbound, then it is coming from you.
Perhaps ie is just wanting to access a website??
And if you shut off your modem and still get alerts, then this would mean that you are possibly infected??
March 10th, 2004, 10:41 PM
yea thats what im thinking.
I got svchost.exe and iexplor.exe both trying over and over and I didnt make anychanges
although Im not the only person who uses this comp. thanks I'll keep on it..
March 10th, 2004, 11:28 PM
is it iexplor.exe or iexplore.exe ?
do you have an AV and a trojan scanner ?
could be Trojan.Sidea
there are also a few trojans that mask as a vaild system file such as svchost.exe
you might want to search google a bit (and these forums) and look at what the file sizes are compared to the valid windows file sizes.. but I'd be running tauscan and pestpatrol and a few other scanners on them if I were you.
March 11th, 2004, 03:12 AM
yea scanned with norton and found 3 files
and I deleted them successfully
but its still doing it , I havent restarted yet but I think maybe i'll try uninstalling it and reinstalling,
well now it's not explore.exe or svchost.exe those have stopped
now its ccproxy.EXE and Lucomserver.EXE
path: \program files\symantec\liveupdate\
and I have updated everything(wierd)
it keeps showing the alert but I have gone thru all the settings and it says "permit all"
for those items - I have looked all over for the alert settings and I have set it to not alert me on those connections but it still does? So I'll try the reinstall thing then I"ll get back....
March 11th, 2004, 06:51 AM
Just a suggestion . . . it's not really a good idea to uninstall and reinstall your firewall or AV before thoroughly cleaning up whatever it is that's infected your system - IMHO. There's a good possibility that your reinstalled program has now been compromised. At this point I'd zero out my hard drive and reinstall the Master Boot Record and operating system - start over from scratch. That's just me though - a bit paranoid when dealing with viri, trojans and the like . . . I had a bad experience, which kept getting worse using Norton AV - so I never went back to them. Are you running anything for trojans? If not, you might want to try SwatIt. You can set the program to scan individual files or complete drives, make additions to the standard scanned extensions file and there is a free version. I wish you the best of luck . . . trojans are a royal pain!!
All truths are easy to understand once they are discovered; the point is to discover them. What lies behind us and what lies before us are tiny matters compared to what lies within us.