I have been getting attacked from the internet by trogen horses and i was wandering if there is eney way i could stop them from attacking me? I have norton internet security 2004. If you need eney more info ill write back. :confused:
Printable View
I have been getting attacked from the internet by trogen horses and i was wandering if there is eney way i could stop them from attacking me? I have norton internet security 2004. If you need eney more info ill write back. :confused:
Install a firewall and dont allow incoming connections (except needed ones). Also install a virus scanner that can detect and remove trojans etc. AVG is a good free one.... Also be wary of what you are double clicking on :) (you dont want to click on trojans)
What does norton internet security 2004 have? if it has a firewall and an antivirus .. thats a good start :)
Trojans do not attack from the internet, they attack from the inside.
I would hazard a guess that NIS keeps popping up with some type of warning along the lines of, "sub7 trojan hourse attack detected".
This is just the firewall part if NIS doing it's job, stopping attemps to connect to your pc. Infact they are probably not attemps to connect at all, but rather scans looking for pc's that are infected with what ever trojan. As such nothing to be alarmed about.
On the other hand you could possibly be infected. So run some av/malware scans to be sure. Don't limit your self to just NAV, use Trend Micro's House call, an online scan.
http://housecall.trendmicro.com/hous...start_corp.asp
Download install and run. Spybot search and destroy, Lavasoft's Adaware, MoosoftsThe Cleaner, Tds3. These are all found easily using google. Or indead looking through some of the posts here at AO where there may already be a link.
IMHO, the best thing is to go to the DiamondCS website and get a trial of TDS3.
There is some useful free stuff as well, like RegistryProt
Good luck! :)
My norton internet security does have a fire wall and anti virus. I all sow have Lavasoft's Adaware and i have scaned with both of them and found nothen. Two of the trogens horse's that have attacked me are (Backdoor/Subseven Trojan horse) and (Back Orifice 2000 Trogen horse). Thanks for your help sow far.
remember to keep your Antivirus uptodate to dude or it is useless :)
My Antivirus is uptodate.
Could'ent i just block the IP adress's ???
If you try to do that for each ip address that NIS reports an attempt to connect from you will spend the rest of your life putting ip addresses into the blocked part of the firewall.Quote:
Could'ent i just block the IP adress's ???
As long as you are confident that you have a clean pc, what you see reported from your firewall is just noise from the internet and nothing to worry about.
Let me explane how a trojan like sub7/back orifice works. There are two parts to a remote access trojan. The client and the server. The server needs to be installed on a targets pc, the client needs to be on the bad guys pc.
So having installed the server part of the trojan on a target the bad guy neads to connect to the server useing the client on his pc, from here he can carry out his hacking activities. Now it is not that easy to target a particular pc. The best way to install a trojan on a target is to send the server to as many pc's as possible. In the hopes that at least one numb nut will actually install it.
Not knowing which pc has the server installed, the hacker will have to find that pc. He does this by scanning a whole range of ip addresses untill he finds an ip address with the server active on it. He can then connect and do his stuff.
What your firewall is alerting you to, is the fact that some one is scanning a range of ip addresses, one of which is yours. That does not mean you are being attacked, just that someone is looking for someone to attack.
Hope this helps you some......................................................................................................................................................................And if anyone picks me up on useing the H word, i will rip your arms of and beat you with the soggy end :D
If you have a firewall and an up to date AV, then the AV should be able to delete the trojan, because both of them are awfully old i believe, but since that doesnt work, i found a few websites to help you remove them. Be sure to be careful when editing the registry.
Sub7 Removal
A few tools
Back Orfice
Am i the only sane person in a world gone mad.
Or should we all format our HDD and re-install because our firewalls have detected a scan for sub7/back orifice/deap throat/what ever.
well ive nothing new to say but to repeat to what others have said,
download one of these and get you system cleaned of any torjan horse
http://www.commodon.com/threat/threat-sub7.htm
http://www.polderware.com/software/security.shtml
http://securityresponse.symantec.com...00.trojan.html
also in your norten security pack enable the fire wall,if it doesn't ( ive nvr used the used it) the go and download zone alarm (its free)
http://www.zonelabs.com/store/conten...ap_za_grid.jsp
as some one above me said keep updating your antivirus ,as with out it it is use less
also as jinxy saidand by the way jinxy nice explanation !!Quote:
If you try to do that for each ip address that NIS reports an attempt to connect from you will spend the rest of your life putting ip addresses into the blocked part of the firewall.
offtopic:
is it spelled as torJan or torGen??
Well if ur system is safe i mean they are not getting into ur system then why are u worried. Anyway if u r getting hit frm a same IP address then email the ISP there ISP i mean and give ur log and complaint abt them thats it. And if u want to be secure get the latest version of Jammer frm Agnitum website this will really help u a very good and easy to use tool.Quote:
Originally posted here by comp_custom
I have been getting attacked from the internet by trogen horses and i was wandering if there is eney way i could stop them from attacking me? I have norton internet security 2004. If you need eney more info ill write back. :confused:
Thanks for all your help i think i got it now.
How do you know this?Quote:
Originally posted here by comp_custom
I have been getting attacked from the internet by trogen horses {..}
What is the exact message NIS is giving you?
Oh and it's trojan not trogen :D
I greenied Jinxy for this post because you will have to forgive me if I sound like I'm spontaneously channelling the spirit of Catch, but post after post after post I've seen in my brief time here the advocation of firewalls as a pancea without a concomitant education programme on drilling in to users to adopt secure practices i.e. do NOT open or run attachments/executables unless you can verify the source as trustworthy and have scanned the attachment/executable through your AV software.Quote:
Trojans do not attack from the internet, they attack from the inside.
We can tell users to slap up a firewall, run AV software, yada yada yada, till we are blue in the face but it will not have any effect unless we continually remind users to educate themselves on the purpose and role of AV's, firewalls, IDS's, Routers, etc, as well as how to adopt best practice in ensuring that they operate using secure principles, or at least keeping these principles in mind.
Please forgive my Steve Gibson haranguing, but I think it is of the utmost importance to educate users like comp_custom (and myself, for that matter) on not what to do i.e. install a firewall, run AV etc, but why i.e. you need to install a firewall because of x and y, but not of z, for which you need AV to deal with. Then once suitably armed with basic information, they can then peruse these forums to educate themselves in greater detail.
This post was not directed at anyone as there is some useful and educational advice contained here, but ... Jesus! Doesn't anyone feel a stab of existential angst, a sense of Groundhog Day and that feeling, 'Here we go again ..' when a user has installed a firewall (phew) but gives the impression of opening up attachments without any thought whatsoever to their source? Apologies comp_custom if I sound like I'm flamming you (or anyone else, I'm not) but I'm worried that we've all been brain-washed into thinking that a firewall, AV, etc allows us to adopt bad practices without consequence.
That's it. I'm finished now :P
Regards,
Riotgirl
Allow me to clarify the situation if I may.....
Definitions:-
Trojan: A trojan is a piece of software that purports to do something usefull or entertaining while, (whether it is useful or entertaining as well), does something harmful.
Backdoor: A backdoor is a program that quietly listens on the internet for someone to connect to it. Once they do they usually have the rights to do anything they like to the backdoored computer.
You may receive a trojan in any number of ways, (email, chat programs, downloads, kazaa and other P2P crap, (sorry, editorializing.... ;)), and in many cases the Trojan opens a backdoor on your computer. Backdoors come in many flavors, (thousands), but the best know are SubSeven and backOrifice
From time to time bored script kiddies will scan entire subnets of the internet looking for computers that have a particular backdoor open and will then connect to them in order to have their twisted fun.
The Firewall companies are dumbasses. When their firewall reports that it has successfully blocked and logged a scan for a particular backdoor they report an attack by a trojan or something equally incorrect, confusing and stupid. Thier alert should read something like this:-
So.... When your firewall tells you that you are being attacked from the outside you actually have nothing to worry about. You need to worry when it tells you it blocked something going outbound or if it stops telling you things......Quote:
Tiger Sharks Superior Firewall User Friendly Alert
*****************************************
Tiger Sharks Superior, (not to mention user friendly), Firewall just detected an attempt
to connect to your computer trying to find the backdoor:-
SubSeven
Tiger Sharks Superior, (not to mention user friendly), Firewall blocked this attempt.
Even if your computer were to be infected with the backdoor:-
SubSeven
the attacker at luser.user.lamebrain.com was unable to determine any possible infection
and is no wiser today that the day he was born.
Thank you for your attention, you are now safe to go back to your beer and porn
yea i agree riotgirl, what kind of connection does this guy have? norton isnt the best, resource hog and nis is like a nagging mother that never stops. ive used it before and will NEVER use it again, anyways if this guy has a broadband connection, i would just use avg or something like that for free (thats what i use) and get a dedicated firewall, such as smoothwall its free, just google it. im not trying to advertise or anything but the thing is freakin genious. very very very easy to use and setup plus plenty of support they give is on their site. but back to the problem, i would block all incoming traffic unless your serving something, and if you do have broadband and you have a router or switch of some kind, why not block incoming icmp? b/c you shouldnt be getting that kind of stuff if you have a router or switch unless it got rooted and passes everything through. im telling you, get a small not very powerful machine and get smoothwall you'll never forget it, i see stuff in my logs all the time about all the stuff it blocks.
-incideagent
I have a dial-up connection. incideagent