PDA

View Full Version : Q: Am I infected? [ZoneAlarm]



Unregistered
08-19-2003, 09:20 AM
Hi,

I was on Direct Connect downloading some files over the night through my ADSL-connection. In the morning I noticed that my browser was lagging. It's very unresponsive and slow. For example, when I use the scrollbar to scroll up or down on a website, the site moves in a stuttering way, not smooth like it used to. My former startpage www.expressen.se causes my browser (IE6) to freeze and that's the only site I've found to do so (strange). Also, when typing this message there's a lag between my keystroke and when the characther appears on the screen. Not big but noticable. When positioning the mousepointer over a link, there's a lag until the arrow changes to a hand etc.
I tried various free virusscanners but they haven't found anything. Then I installed ZoneAlarm and every minute or so it reports that various IP-adresses is trying to ping me, mostly adresses within my ISP-s domain. Has someone managed to place - I don't know the term for it - some software on my computer that uploads my file's somewhere?
If you think so, how do I get rid of it? I use w*8 BTW, so it can't be the BlasterWorm. I've tried scandisc and defragging to see if that would speed things up, to no avail.

Best regards,

Simon, Sweden

mbravo
08-19-2003, 07:39 PM
You can do at least two things:

go to http://housecall.trendmicro.com/ and check your computer for viruses

go to http://security.kolla.de/ and get Spybot S&D utility, it's free and will check your machine for over 5000 possible kinds of malware

Unregistered
08-19-2003, 09:35 PM
i have zone alarm and I am getting crazy icmp echo ping request on port **5.
I contacted my ISP and they claim it is chat software but I don't have any on the start page or anywhere that i can think of

DATA
08-21-2003, 07:40 AM
hi,

look at this

http://securityresponse.symantec.com/avcenter/venc/data/w*2.welchia.worm.html

it says-


W*2.Welchia.Worm is a worm that exploits multiple vulnerabilities, including:


The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS0*-026) using TCP port **5. The worm specifically targets Windows XP machines using this exploit.
W*2.Welchia.Worm does the following:

Checks for active machines to infect by sending an ICMP echo request, or PING, which will result in increased ICMP traffic.
Attempts to remove W*2.Blaster.Worm.


There is a removal tool for it in that site-if you doubt you are infected run that tool.


I contacted my ISP and they claim it is chat software but I don't have any on the start page or anywhere that i can think of

Lots of chat servers world wide are receiving heavy pings from lots of systems round the globe and it has been a headache to deal with it. Some of those running chat servers have reduced the ping time out time to thrawt this attack but if you idle for a few minutes you will ping time out from the chat server. It all most be the work of this worm ,if i am correct.

That worm also probes port 80,go through that site and stay safe :)

Regards Data.