Too much virus attack on my system
Results 1 to 9 of 9

Thread: Too much virus attack on my system

  1. #1
    Member
    Join Date
    Feb 2003
    Posts
    32

    Too much virus attack on my system

    Hi,

    I'm using win XP SP2 and use cable broadband. But my symantec antivirus always shows lots of worm and virus activity. Due to this I just rebuild my whole system 2 days ago. But today I again got the a W32.downadup worm attack on my system 10 times in last one hour. Only activity I'm doing is Youtube or BBC Iplayer. Could anyone tell me how the worm is coming from these and how to stop it in the future.

    Regards
    Darknite
    The more one comes to know a man the more one admires a dog.

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    What firewall do you have in place?

    And you ONLY visit Youtube and the BBC? No other sites at all?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Banned
    Join Date
    Jan 2008
    Posts
    605
    Disable the service it exploits then install an entire service pack of updates you missed.

  4. #4
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    The two posts already are good because as spec said, it's got to have something to exploit to get in normally, so I'd take his advice. And as MsMittens said, you should have some form of firewall blocking it's entry point.

    In smaller terms:

    If you can't get rid of it, format and reinstall Windows. I think the last time I checked, an unpatched Windows box has less than 20 minutes before something gets it.

    That isn't even enough time to patch. What I do, is first off, I have two switches and a router with a hardware firewall.

    If you can, get a hardware router with a firewall, they aren't expensive, and the wired ones as opposed to wireless are fairly cheap. So get one of those to block for you, while you install updates.

    Also, Microsoft had SP2 on CD they would send you for free. I took advantage. So I have SP2 on CD-ROM to get those patches installed and don't need the machine connected to do so.

    Your best bet is a hardware firewall in place, and as SOON as Windows loads up after installation, start updating right away and installing all the security patches as the first thing you do.

    This can take a while, but it's better than trying to clean up after a worm or virus or whatever makes it's way through the many holes an unpatched system offers.

    When I format a Windows machine and reinstall, the first thing I'm doing is making sure services aren't beaming rays over the net to everyone telling them they are open. And installing patches. Install as many of the critical ones up front as you can, and then from there you'll probably notice even MORE patches are available. This is ebcause Microsoft has to fix what they broke when they were fixing what they broke to begin with.

    If all else fails, Linux and BSD both cave web browsers that work fine in Youtube and BBC.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  5. #5
    Member
    Join Date
    Feb 2003
    Posts
    32
    Quote Originally Posted by MsMittens View Post
    What firewall do you have in place?

    And you ONLY visit Youtube and the BBC? No other sites at all?
    I visit other sites also, but at the time of incidence these were the only two I was accessing.
    Thanks for all of the useful responses
    As It's my office laptop, I don't have much control over build. I'm sure office people put lots of services open and I don't know which one got exploited.
    I discuss it with the IT team in office, they said the home connection is not secure, so I should not use that. They also disable the default windows firewall. So only hope is to try some hardware firewall. I'll give it a try soon and see what happens.

    Cheers
    Darknite
    The more one comes to know a man the more one admires a dog.

  6. #6
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Quote Originally Posted by darknite View Post
    I visit other sites also, but at the time of incidence these were the only two I was accessing.
    Thanks for all of the useful responses
    As It's my office laptop, I don't have much control over build. I'm sure office people put lots of services open and I don't know which one got exploited.
    I discuss it with the IT team in office, they said the home connection is not secure, so I should not use that. They also disable the default windows firewall. So only hope is to try some hardware firewall. I'll give it a try soon and see what happens.

    Cheers
    Darknite
    Disabale the default windows firewall?

    It might be wise to use ANOTHER Firewall.... but to disable it 'BEFORE' an other one is in place..... thats stupid.

    I ran into a similar problem once before.. i was unable to setup the sytem correctly in time before it was exposed to any dangers. My solution back then was to get ALL software and patches i needed by downloadin them manually and putting them onto a cd/dvd. After a fresh install of windows i made sure it was NOT connected to any network. I installed all the software i wanted and i put the patches in a folder on the desktop on the machine in question. I then updated/patched all software including AV/AntiSpyware/Service Packs/etc... from the FOLDER i had put them onto locally.

    Most sites offer to download patches and updates manually. After i setup all these things without going online yet (that includes disabling the win firewall but setting up another one BEFORE disabling it) i enabled/disabled the services of my choice. Only then did i connect the box to a network.

    Since you see to know which infection you are dealing with... make sure you have all available antidotes for it beforehand.

    Also you mention a laptop. My guess is that it has a recovery partition that will just bring the laptop back to a state as when you first got it. I also guess that its a media edition? Well.. not important. Just make sure that you GET all patches and updates and software and service packs that you need for YOUR exact OS and version. Set it all up locally.

    In addition to all this. You can setup the perfect system beforehand. You can do this and that when setting it up and configuring it. But.. it will all be in vain if you DO NOT maintain it correctly afterwards. Yes.. patching is important and updating. But thats far from being enough nowadays on the internet. Its also about policy. Example: Dont Login with administrator account todo user work. Use a normal restricted user account. Make sure you are fully uptodate at ALL times. When it comes to firewalling.. dont open the gates and start patching and closing the holes. First shut the gates.. then open only what is REALLY needed. Dont open mails or attachments or downloads that you are not 100% sure of their origin and what they might contain. Setup another user account on your maching if there is ANYONE else using it. That includes family members. Read the logfiles regularly. If while your doing something and an annoying security message pops up.. dont ignore it just because you dont have the time or the nerve to deal with it right away. Read the problem.. and fix is ASAP. Also make sure you use STRONG passwords at all times and change them regularly (maybe once every couple of months).

    I know that these sort of things are annoying.. especially they take away comfort and ease of use. But thats the price that has to be paid if you want you computer to function the way it is supposed to correclty. Whilst i agree that windows is NOT the easiest of OSs' to keep clean... it can be kept clean with a little bit of effort and alot of head banging on the walls.


    Good luck to you.
    Last edited by instronics; January 15th, 2009 at 11:40 AM.
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Downadup exploits MS08-067, the emergency update. It also copies itself to writable shares and abuses the autorun.inf feature.

    I discuss it with the IT team in office, they said the home connection is not secure, so I should not use that. They also disable the default windows firewall.
    Your IT team should be fired on the spot.. They're morons.
    Last edited by SirDice; January 16th, 2009 at 03:44 PM.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    Banned
    Join Date
    Jan 2008
    Posts
    605
    They also disable the default windows firewall.
    You can't do that under a normal user account. I know this thing exploits a service so privileges wouldn't be a problem for it...
    but still, check and see that you're not logged in as admin next time you use computers. Hah!
    Last edited by The-Spec; January 16th, 2009 at 09:58 PM.

  9. #9
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    It also copies itself to writable shares and abuses the autorun.inf feature.
    I had heard that if you create a blank autorun.inf file on your thumb drive, and make it read only, it help protect it from infections.

    Anyone else heard this? Makes sense, but I wonder how easy it would be to circumvent.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

Similar Threads

  1. Viruses We'd Like to See
    By The Organized Resistance in forum Tech Humor
    Replies: 3
    Last Post: January 12th, 2008, 11:45 PM
  2. Virus Research Information: What Are The Different Kinds?
    By Spyder32 in forum The Security Tutorials Forum
    Replies: 18
    Last Post: September 3rd, 2004, 11:23 PM
  3. Nice AO members please read this
    By IrishKid3223 in forum Site Feedback/Questions/Suggestions
    Replies: 26
    Last Post: October 5th, 2003, 01:22 AM
  4. New Viruses (humor)
    By sumdumguy in forum Tech Humor
    Replies: 20
    Last Post: July 6th, 2002, 07:10 PM
  5. Traceroute: under the hood
    By antihaxor in forum Non-Security Archives
    Replies: 0
    Last Post: January 24th, 2002, 04:42 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides