Advice required on repeated attacks

  • Thread starter Thread starter LongYP
  • Start date Start date
L

LongYP

Over the years I've been very careful about malicious attacks and I am
currently using Symantec.

I've been attacked and Symantec detected it and lists the following virus'

Trojan.BAT
hacktool.dos
IRC.Trojan

Files are created in \windows\java and \winnt\system32\certsvr and my
registry is modified to run some batch files (vv.bat?) which contains a load
of net stop commands to kill off any anti-virus software...other
applications like KAMMI.EXE are also installed.

Symantec says they are detected and quarantined but somehow these files
still get in and my registry modified.

Somehow, there is a door that's open on my PC allowing these attacks to
happen and I do not know how to find or close the door.

Whilst online, Symantec can trigger 3-4 times with these attacks, each
attack reporting 15 files detected with virus'

Anyhelp help.suggestions welcomed.

(I've booted into safe mode and deleted all these files but they still keep
coming back)
 
LongYP said:
Over the years I've been very careful about malicious attacks and I am
currently using Symantec.

I've been attacked and Symantec detected it and lists the following virus'

Trojan.BAT
hacktool.dos
IRC.Trojan

Files are created in \windows\java and \winnt\system32\certsvr and my
registry is modified to run some batch files (vv.bat?) which contains a load
of net stop commands to kill off any anti-virus software...other
applications like KAMMI.EXE are also installed.

Symantec says they are detected and quarantined but somehow these files
still get in and my registry modified.

Somehow, there is a door that's open on my PC allowing these attacks to
happen and I do not know how to find or close the door.

Whilst online, Symantec can trigger 3-4 times with these attacks, each
attack reporting 15 files detected with virus'

Anyhelp help.suggestions welcomed.

(I've booted into safe mode and deleted all these files but they still keep
coming back)
Click to expand...

If you're using WinXP, you should disable the Restore feature and then redo
the virus scan.
Try an online virus scan (free), especially if your Norton is not up to
date.
Antivirus scanners:
--------------------------
http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.kaspersky.com/remoteviruschk.html
http://security.symantec.com/sscv6/default.asp
http://www.pandasoftware.com/activescan/activescan.asp
http://commandondemand.com/eval/index.cfm
http://www.ravantivirus.com/scan/ [See **]
http://www.bitdefender.com/scan/licence.php
http://www.pcpitstop.com/antivirus/default.asp
http://scan.sygatetech.com/prestealthscan.html

Also, your firewall should be stopping most of those attacks.
If you don't have one, you should probably install one.
ZoneAlarm has a good free firewall.
Also install these three free SpyWare detector and preventor programs.
They are free.
Download,install,update and THEN run:

AdAware
http://www.lavasoftusa.com/

Spybot Search & Destroy
http://security.kolla.de/

Spyware Blaster
http://www.wilderssecurity.net/spywareblaster.html
 
Buffalo said:
LongYP said:
Over the years I've been very careful about malicious attacks and I
am currently using Symantec.

I've been attacked and Symantec detected it and lists the following
virus'

Trojan.BAT
hacktool.dos
IRC.Trojan

Files are created in \windows\java and \winnt\system32\certsvr and my
registry is modified to run some batch files (vv.bat?) which
contains a load of net stop commands to kill off any anti-virus
software...other applications like KAMMI.EXE are also installed.

Symantec says they are detected and quarantined but somehow these
files still get in and my registry modified.

Somehow, there is a door that's open on my PC allowing these attacks
to happen and I do not know how to find or close the door.

Whilst online, Symantec can trigger 3-4 times with these attacks,
each attack reporting 15 files detected with virus'

Anyhelp help.suggestions welcomed.

(I've booted into safe mode and deleted all these files but they
still keep coming back)
Click to expand...

If you're using WinXP, you should disable the Restore feature and
then redo the virus scan.
Try an online virus scan (free), especially if your Norton is not up
to date.
Antivirus scanners:
--------------------------
http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.kaspersky.com/remoteviruschk.html
http://security.symantec.com/sscv6/default.asp
http://www.pandasoftware.com/activescan/activescan.asp
http://commandondemand.com/eval/index.cfm
http://www.ravantivirus.com/scan/ [See **]
http://www.bitdefender.com/scan/licence.php
http://www.pcpitstop.com/antivirus/default.asp
http://scan.sygatetech.com/prestealthscan.html

Also, your firewall should be stopping most of those attacks.
If you don't have one, you should probably install one.
ZoneAlarm has a good free firewall.
Also install these three free SpyWare detector and preventor programs.
They are free.
Download,install,update and THEN run:

AdAware
http://www.lavasoftusa.com/

Spybot Search & Destroy
http://security.kolla.de/

Spyware Blaster
http://www.wilderssecurity.net/spywareblaster.html
Click to expand...

You should also include in this list, this spyware scanner as well:

Spy Sweeper
http://www.webroot.com
 
Quoth the raven The Prophecy:
You should also include in this list, this spyware scanner as well:

Spy Sweeper
http://www.webroot.com
Click to expand...

You forgot to mention the price...

I do have the product, as part of a bundled freebie from one of my
ISPs, and I have formed the opinion that SpySweeper is no better than
the combination of AdAware and SpybotS&D.

Some folks have written that SpySweeper alerts with a lot more false
positives than any of the others.
 
Back
Top