Internet Security Problems - I don't know how to fix

[MtnLadyinBlackHills1986]

First off, I will admit I'm a "computer dummy". I wrote here earlier and
received a lot of helpful information from a member here who called himself
"Daave". I had javascript problems, which were resolved later by removing
multiple firewalls I had on my computer.

But I have Internet security problems I want to resolve. (I was employed by
an online Internet company at the time and didn't have time to pursue this.)
"Daave" gave me the URL for the Gibson Research Corporation and I ran the
Shields Up test. I have 4 open ports, which are probably causing the
problems. They are:

#21 - File Transfer Protocol/Control Channel
#22 - SSH Remote Login Protocol
#23 - Telnet
#80 - World Wide Web HTTP Protocol

The information given at GRC for each of these ports states they should be
closed. It appears some might be done through the firewall. However, I
don't have the knowledge to know how to do that. I don't want to make
matters worse by changing advanced firewall settings, not knowing what I'm
doing.

I'm getting very concerned about the amount of Internet "junk" I keep
getting. My ISP's security program stops a lot of it and I have good
antivirus/antispyware software (no infections on my computer).

If anyone could help me, I'd really appreciate it. Thank you so much.

 

[Leonard Grey]

Fortunately, there is an enormous amount of easy-to-read information
about keeping yourself safe while on the internet. You need go no
further than your local library or bookstore to find what you need.

 

[Jose]

First off, I will admit I'm a "computer dummy".  I wrote here earlier and
received a lot of helpful information from a member here who called himself
"Daave".  I had javascript problems, which were resolved later by removing
multiple firewalls I had on my computer.

But I have Internet security problems I want to resolve.  (I was employed by
an online Internet company at the time and didn't have time to pursue this.)  
"Daave" gave me the URL for the Gibson Research Corporation and I ran the
Shields Up test.  I have 4 open ports, which are probably causing the
problems.  They are:

#21 - File Transfer Protocol/Control Channel
#22 - SSH Remote Login Protocol
#23 - Telnet
#80 - World Wide Web HTTP Protocol

The information given at GRC for each of these ports states they should be
closed.  It appears some might be done through the firewall.  However, I
don't have the knowledge to know how to do that.  I don't want to make
matters worse by changing advanced firewall settings, not knowing what I'm
doing.  

I'm getting very concerned about the amount of Internet "junk" I keep
getting.  My ISP's security program stops a lot of it and I have good
antivirus/antispyware software (no infections on my computer).  

If anyone could help me, I'd really appreciate it.  Thank you so much.  

Having more than one firewall running has been known to cause
problems. Sometime folks go overboard with wanting to feel
protected.

What kinds of issues did you have with the Windows firewall that
prompted the installation of a second?

What exactly are your Internet security problems?

What kind of junk are you receiving?

How much does Global Research want to fix the problems they found on
your system?

 

[Daave]

First off, I will admit I'm a "computer dummy". I wrote here earlier
and received a lot of helpful information from a member here who
called himself "Daave". I had javascript problems, which were
resolved later by removing multiple firewalls I had on my computer.

Hi, Sue! I had to search the archives, but I do remember you now. Here
is the thread from way back in April:

http://groups.google.com/group/[email protected]#0c92cc720dad2d09

You said you were simultaneously running three (!) firewalls: Windows
Firewall, Webroot, and PC Client Tools. Which firewall are you currently
running?

But I have Internet security problems I want to resolve.

What *specific* security problems do you have? Are they related to what
is on this page?:

http://windowsxp.mvps.org/sharedaccess.htm

(I was
employed by an online Internet company at the time and didn't have
time to pursue this.) "Daave" gave me the URL for the Gibson Research
Corporation and I ran the Shields Up test. I have 4 open ports,
which are probably causing the problems. They are:

#21 - File Transfer Protocol/Control Channel
#22 - SSH Remote Login Protocol
#23 - Telnet
#80 - World Wide Web HTTP Protocol

The information given at GRC for each of these ports states they
should be closed. It appears some might be done through the
firewall. However, I don't have the knowledge to know how to do
that. I don't want to make matters worse by changing advanced
firewall settings, not knowing what I'm doing.

You are correct to be concerned. You should always be in "stealth mode."
Either your firewall's settings need to be changed or you have been
infected with malware, which of course needs to be addressed! Malware is
always a real possibility.

I'm getting very concerned about the amount of Internet "junk" I keep
getting. My ISP's security program stops a lot of it and I have good
antivirus/antispyware software (no infections on my computer).

What exactly do you mean by "Internet 'junk'"? It sounds like you may be
talking about spam or perhaps incoming e-mails that have malicious
attachments. But it could mean anything! Please be as thorough as
possible in your descriptions (be sure to include file names).

If anyone could help me, I'd really appreciate it. Thank you so much.

Also, to refresh your memory, please re-read this post from the thread:

http://groups.google.com/group/micr...p.help_and_support/msg/dc783cf06d9c64c3?hl=en

 

[MtnLadyinBlackHills1986]

Jose, thank you for responding to my post. I was called out of town
unexpectedly right after I posted and just got back to see your reply. I'll
try to answer your questions below:

Having more than one firewall running has been known to cause
problems. Sometime folks go overboard with wanting to feel
protected.

What kinds of issues did you have with the Windows firewall that
prompted the installation of a second?

I'm afraid I was one of those folks you mentioned above. I didn't realize
that "more" was not "better". I had no issues with the Windows Firewall. I
got the PC Client Tools program from my ISP as part of my Internet package.
I didn't realize that program had a firewall in it till much later. I got
the Webroot firewall program as part of my antivirus software. Earlier, I
couldn't access the Windows Firewall at all. I got an error message that I
couldn't because of "unknown reasons". Since removing both of those
firewalls, I can now access the Windows Firewall. It's the only one I'm
using now.

What exactly are your Internet security problems?

I ran the GRC "Shields Up" program and found the four ports (I mentioned in
my original post) were open. All others are running in "stealth" mode.

What kind of junk are you receiving?

My ISP provides the "Postini" program with my package. I get large amounts
of spam. A lot of it is what I call "smut mail". It's obvious by the
subject line and it's also obvious that English is not the spammers' first
language. Many are sent from what I've heard are called "vanity" sites. I
have NEVER clicked on links or ever solicited this stuff. It's more just a
nuisance.

My main concern is the "virus" emails that Postini isolates. The senders
appear to be legitimate email addresses from my ISP. (I live in a
sparsely-populated area with only one Internet provider available.) Even
more alarming is that some of the "senders" are my own email addy! Could
this be caused by some kind of malware on my computer? I have run scans
using my own antivirus software and also the Windows Live OneCare scan. They
show no viruses, spyware or adware on my computer. Is malware detected
differently?

How much does Global Research want to fix the problems they found on
your system?

Jose, I have not requested direct tech support from GRC. I ran the "Shields
Up" test. Just before I left, I was going to read through the "FAQ's". I
haven't done that yet. I wanted to respond to your post first.

Thank you so much for responding to my post. I appreciate it.

 

[MtnLadyinBlackHills1986]

Hi, Daave! Thank you so much for responding. I was called out of town
unexpectedly right after I posted and just got back to see your reply.

You said you were simultaneously running three (!) firewalls: Windows
Firewall, Webroot, and PC Client Tools. Which firewall are you currently
running?

Yes, I previously had three firewalls. Now the only one I'm running is
Windows Firewall. I uninstalled the other two.

What *specific* security problems do you have? Are they related to what
is on this page?:

http://windowsxp.mvps.org/sharedaccess.htm

I looked at this link again. I did have this problem before. Once I
removed the PC Client Tools program, I was able to access the Windows
Firewall again and still can.

What exactly do you mean by "Internet 'junk'"? It sounds like you may be
talking about spam or perhaps incoming e-mails that have malicious
attachments. But it could mean anything! Please be as thorough as
possible in your descriptions (be sure to include file names).

My ISP provides the "Postini" program with my package. I get large amounts
of spam. A lot of it is what I call "smut mail". It's obvious by the
subject line and it's also obvious that English is not the spammers' first
language. Many are sent (I assume) from what I've heard are called "vanity"
sites. There are many "advertising" ED drugs. I have NEVER clicked on links
or ever solicited this stuff. It's more just a nuisance. Here are a couple
examples (I picked two of the least objectionable ones :0) ):
From: (e-mail address removed) Subject: For your couple's hotter
intimating;
From: (e-mail address removed) Subject: Intimate like a stud

My main concern is the "virus" emails that Postini isolates. The senders
appear to be legitimate email addresses from my ISP. (I live in a
sparsely-populated area with only one Internet provider available.) Even
more alarming is that some of these "senders" show as my own email address!
Here are a couple examples:
From: (e-mail address removed) Subject: Notice of Underreported Income
From: (e-mail address removed) Subject: DHL Tracking Number 3YMH6JJY ("gwtc.net"
is my ISP's email)
(I don't have an example showing me as the sender. I clear this out several
times a day.)

Could this be caused by some kind of malware on my computer? I have run
scans using my own antivirus software. I have run the Windows Live OneCare
scan. They show no viruses, spyware or adware on my computer. Is malware
detected differently?

Also, to refresh your memory, please re-read this post from the thread:

http://groups.google.com/group/micr...p.help_and_support/msg/dc783cf06d9c64c3?hl=en

I reviewed this link again. My antivirus/antispyware software is current
and updates several times a day. The program uses software that looks for
"behavior" problems, and brings up and questions any Browser Helper Objects,
etc. that appear.

I no longer have any javascript problems and my computer is performing well.
However, I am concerned about these "holes" (open ports shown on the Shields
Up! test) in my security.

Thanks for replying and taking the time to dig through the archives for my
old posts. I appreciate it, Daave! :0)

Sue

 

[MtnLadyinBlackHills1986]

Leonard, I'm sure that's very true. However, I live in a very small town.
We have no bookstores. Our public library is small and pretty much limited
to the local school children.

But thanks for taking the time to reply to my post.

 

[Ken Blake, MVP]

Hi, Daave! Thank you so much for responding. I was called out of town
unexpectedly right after I posted and just got back to see your reply.


Yes, I previously had three firewalls. Now the only one I'm running is
Windows Firewall. I uninstalled the other two.

You were running three firewalls simultaneously? If so, it's very good
that you uninstalled two of them. You should never run more than one.
Running multiple firewalls provides no extra protection, will hurt
your performance, and can cause conflicts between them.

See http://www.microsoft.com/athome/security/protect/firewall.mspx
which includes the following:

"Q. Should I use both the built-in firewall and a software firewall
from a different company on my Windows XP computer?

"A. No. Running multiple software firewalls is unnecessary for typical
home computers, home networking, and small-business networking
scenarios. Using two firewalls on the same connection could cause
issues with connectivity to the Internet or other unexpected behavior.
One firewall, whether it is the Windows XP Internet Connection
Firewall or a different software firewall, can provide substantial
protection for your computer."

 

[Daave]

Hi, Daave! Thank you so much for responding. I was called out of
town unexpectedly right after I posted and just got back to see your
reply.

Hi, Sue. I like your reply to Leonard.

Depending on your interest and motivation, there is still a kernel of
helpful advice in Leonard's post. That is, there are a number of books
that might prove to beneficial to you (if you are so inclined). Living
far from a brick-and-mortar store is not a huge barrier since Amazon.com
and other online bookstores carry large numbers of titles. If you would
like to explore this more, you can start here:

http://www.amazon.com/s/ref=nb_ss?url=search-alias=stripbooks&field-keywords=windows+xp

Of course, there are 13,690 hits! But you can narrow down, depending on
your particular needs. I always look for high percentages of positive
customer reviews.

I just applied a few filters. Now there are only 429 results:

http://www.amazon.com/s/qid=1258126...285847,n:697344&bbn=697344&sort=relevancerank

Here are the top two:

http://www.amazon.com/Microsoft®-Wi...=sr_1_1?ie=UTF8&s=books&qid=1258126578&sr=1-1

http://www.amazon.com/Windows-Dummi...=sr_1_2?ie=UTF8&s=books&qid=1258126578&sr=1-2

Also, as I believe I mentioned before, Malke's page (she's one of the
MVPs) has tons of useful information:

http://www.elephantboycomputers.com/page2.html

Then again, you will probably find useful information just by posting
your questions here.

My ISP provides the "Postini" program with my package. I get large
amounts of spam. A lot of it is what I call "smut mail". It's
obvious by the subject line and it's also obvious that English is not
the spammers' first language. Many are sent (I assume) from what
I've heard are called "vanity" sites. There are many "advertising"
ED drugs. I have NEVER clicked on links or ever solicited this
stuff. It's more just a nuisance. Here are a couple examples (I
picked two of the least objectionable ones :0) ):
From: acronymbJ**munged**@bbtrumpet.com Subject: For your couple's
hotter
intimating;
From: occidental35**munged**@reuters.com Subject: Intimate like a
stud

Please note that I munged the above e-mail addresses. (But, alas, it's
probably too late.)

Just about everybody gets tons of spam. And when one's e-mail address
can be seen on the Web, the bots harvest it and the amount of spam one
receives therefore goes up exponentially. As long as your spam is being
filtered, just continue to let the filtering take place. I wouldn't even
monitor it. Set it and forget it! Only if someone informs you they sent
you an e-mail you never received, then in that situation look in your
filter specifically for an e-mail from that particular person.

Another phenomenon is the spambot network. If one of your friends gets
hit with certain types of malware, it controls the e-mail program
(including the address book). This means that, without their knowledge,
their PC starts sending out tons of spam (or viruses, etc. or both),
using all the names from the address book (perhaps yours!) as the From
line.

This is one big reason why it is important to make sure you (everyone)
is malware-free!

My main concern is the "virus" emails that Postini isolates. The
senders appear to be legitimate email addresses from my ISP. (I live
in a sparsely-populated area with only one Internet provider
available.) Even more alarming is that some of these "senders" show
as my own email address! Here are a couple examples:
From: (e-mail address removed) Subject: Notice of Underreported Income
From: rsted**nubged**@gwtc.net Subject: DHL Tracking Number
3YMH6JJY
("gwtc.net" is my ISP's email)
(I don't have an example showing me as the sender. I clear this out
several times a day.)

Could this be caused by some kind of malware on my computer? I have
run scans using my own antivirus software. I have run the Windows
Live OneCare scan. They show no viruses, spyware or adware on my
computer. Is malware detected differently?

It's possible you have malware. It's more likely it's coming from other
PCs.

I would run a MalwareBytes' Anti-Malware scan if you haven't done so
already. Site:

http://www.malwarebytes.org/mbam.php

(The free version is all you need.)

Also, see this section from Malke's page:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

David Lipman's Multi-AV is very effective. Another method is to burn a
bootable antivirus rescue CD and scan your PC that way. See:

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

I would try BitDefender or Avira. Also note that some PC hardware may
not be able to run these (it's hit or miss!).

Which antivirus program do you currently use?

FWIW, I would imagine that the spam and viruses are not coming in
because of your PC. But it is always good to be as safe and sure as
possible!

I no longer have any javascript problems and my computer is
performing well. However, I am concerned about these "holes" (open
ports shown on the Shields Up! test) in my security.

We need to have a look at the Windows Firewall, then. Also note that it
is possible that you *do* have malware that is circumventing your
firewall!

Try this:

Start | Control Panel | Windows Firewall

Looking at the General tab, is the firewall on?

Looking at the Exceptions tab, list all the programs and services you
see and indicate which ones are checked.

Under the advanced tab, when you click the Settings tab for your
connection, do you see any boxes checked?

Thanks for replying and taking the time to dig through the archives
for my old posts. I appreciate it, Daave! :0)

Sue

You're welcome.

 

[MtnLadyinBlackHills1986]

Depending on your interest and motivation, there is still a kernel of
helpful advice in Leonard's post. That is, there are a number of books
that might prove to beneficial to you (if you are so inclined). Living
far from a brick-and-mortar store is not a huge barrier since Amazon.com
and other online bookstores carry large numbers of titles. If you would
like to explore this more, you can start here:

http://www.amazon.com/s/ref=nb_ss?url=search-alias=stripbooks&field-keywords=windows+xp

Of course, there are 13,690 hits! But you can narrow down, depending on
your particular needs. I always look for high percentages of positive
customer reviews.

I just applied a few filters. Now there are only 429 results:

http://www.amazon.com/s/qid=1258126...285847,n:697344&bbn=697344&sort=relevancerank

Here are the top two:

http://www.amazon.com/Microsoft®-Wi...=sr_1_1?ie=UTF8&s=books&qid=1258126578&sr=1-1

http://www.amazon.com/Windows-Dummi...=sr_1_2?ie=UTF8&s=books&qid=1258126578&sr=1-2

You're right, Daave. I have purchased from Amazon.com. I knew if I
searched for "computer references", there would be huge number of hits and I
didn't know where to start. Thank you so much for narrowing it down. I am
planning to purchase one (if not both books). I appreciate your help!

Thank you also for clarifying how bots and the spambot networks function. I
now have an understanding of how they "harvest" information.

This is one big reason why it is important to make sure you (everyone)
is malware-free!
It's possible you have malware.

I would run a MalwareBytes' Anti-Malware scan if you haven't done so
already. Site:

http://www.malwarebytes.org/mbam.php

(The free version is all you need.)

I downloaded and installed this software and ran it. I'm embarrassed to
admit that it DID find malware on my computer. 99.5% of it was from an old
toolbar I downloaded years ago, when I was even more ignorant than I am now.
:0) I did uninstall the toolbar over six months ago, but obviously, the
malware was still there. I have deleted all the malware found by
Malwarebytes.

Also, see this section from Malke's page:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

David Lipman's Multi-AV is very effective. Another method is to burn a
bootable antivirus rescue CD and scan your PC that way. See:

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

I would try BitDefender or Avira. Also note that some PC hardware may
not be able to run these (it's hit or miss!).

I think I should definitely go ahead and pursue this further. It appears
that it will take some time to go through the steps. I wanted to reply to
your post here first.

Which antivirus program do you currently use?

I use Webroot Antivirus with Antispyware. The subscription is current and
updates several times a day.

Regarding my firewall settings,

Try this:

Start | Control Panel | Windows Firewall

Looking at the General tab, is the firewall on?

Looking at the Exceptions tab, list all the programs and services you
see and indicate which ones are checked.

Under the advanced tab, when you click the Settings tab for your
connection, do you see any boxes checked?

Yes, my firewall is on. Here is the list of programs and services on the
Exceptions tab:

DCOM(135) - Checked
File and Printer Sharing
hpiscnapp.exe - Checked
hposid01.exe - Checked
hpqkygrp.exe - Checked
hpqste08.exe - Checked
hpqtra08.exe - Checked
iTunes
Live Update - Checked
Network Diagnostics for Windows XP - Checked
PxClient (I think that's PC Client Tools - which I've uninstalled)
Remote Assistance - Checked
Remote Desktop
Run WeatherBug - Checked
Second Life - Checked
Skype - Checked
SL Voice - Checked
Spy Sweeper - Checked
UPnP Framework
Windows Live Call - Checked
Windows Live ID - Checked
Windows Live Messenger - Checked
Windows Live Sync - Checked
Windows Messenger - Checked
Yahoo! FT Server - Checked
Yahoo! Messenger - Checked

In Services, under Advanced Settings, there are no boxes checked.

Thank you so much for your help and advice, Daave. I think I'm starting to
"see the light at the end of the tunnel".

Sue

 

[Daave]

You're right, Daave. I have purchased from Amazon.com. I knew if I
searched for "computer references", there would be huge number of
hits and I didn't know where to start. Thank you so much for
narrowing it down. I am planning to purchase one (if not both
books). I appreciate your help!

Thank you also for clarifying how bots and the spambot networks
function. I now have an understanding of how they "harvest"
information.
YW.


I downloaded and installed this software and ran it. I'm embarrassed
to admit that it DID find malware on my computer. 99.5% of it was
from an old toolbar I downloaded years ago, when I was even more
ignorant than I am now. > 0) I did uninstall the toolbar over six
months
ago, but obviously, the malware was still there. I have deleted all
the
malware found by Malwarebytes.

Which toolbar?

Depending on the malware, it might have affected your firewall settings.
Have you gone back to grc.com to test your ports? Remember that your
goal it to be in Stealth Mode 100%.

Also, do you have a router? If so, you should be able to configure its
firewall. (There would be no conflict in this situation since this would
be a hardware firewall.)

I think I should definitely go ahead and pursue this further. It
appears that it will take some time to go through the steps. I
wanted to reply to your post here first.


I use Webroot Antivirus with Antispyware. The subscription is
current and updates several times a day.

Regarding my firewall settings,


Yes, my firewall is on. Here is the list of programs and services on
the Exceptions tab:

DCOM(135) - Checked
File and Printer Sharing
hpiscnapp.exe - Checked
hposid01.exe - Checked
hpqkygrp.exe - Checked
hpqste08.exe - Checked
hpqtra08.exe - Checked
iTunes
Live Update - Checked
Network Diagnostics for Windows XP - Checked
PxClient (I think that's PC Client Tools - which I've uninstalled)
Remote Assistance - Checked
Remote Desktop
Run WeatherBug - Checked
Second Life - Checked
Skype - Checked
SL Voice - Checked
Spy Sweeper - Checked
UPnP Framework
Windows Live Call - Checked
Windows Live ID - Checked
Windows Live Messenger - Checked
Windows Live Sync - Checked
Windows Messenger - Checked
Yahoo! FT Server - Checked
Yahoo! Messenger - Checked

In Services, under Advanced Settings, there are no boxes checked.

You can temporarily check "Don't allow exceptions" on the General tab of
Windows Firewall to see if that makes a difference.

Thank you so much for your help and advice, Daave. I think I'm
starting to "see the light at the end of the tunnel".

Sue

YW, Sue.

 

[MtnLadyinBlackHills1986]

Hi, Daave. Thank you for responding so quickly.

Which toolbar?

It was a toolbar called "MyWebSearch". Years ago, I liked to use emoticons
and the toolbar came with the "smilie" program. It appears to be adware
related. The Malwarebytes scan did find two Trojan Horses (Trojan.Vundo) .
I just couldn't believe it - I try to be so careful!

I tried running the Kaspersky AV in this application tonight, but something
didn't work right. I had an error message that the DLL file didn't load
properly. The only messages I kept getting were about a "wrong pointer being
deleted". I'll try it again later this morning. I haven't gotten to the
bootable antivirus rescue CD program yet.

Also, do you have a router? If so, you should be able to configure its
firewall. (There would be no conflict in this situation since this would
be a hardware firewall.)

Yes. It is a combination router-modem, which I rent from my ISP. I tried
to find it in Device Manager. Would it be the "Realtek RTL8139/810x Family
Fast Ethernet NIC"? (I'm pathetically ignorant when it comes to hardware.)
I have no manual or documentation for it. Could you give me any instructions
on how to configure the firewall for it? I'd appreciate it.

Depending on the malware, it might have affected your firewall settings.
Have you gone back to grc.com to test your ports? Remember that your
goal it to be in Stealth Mode 100%.


You can temporarily check "Don't allow exceptions" on the General tab of
Windows Firewall to see if that makes a difference.

I did the grc.com test again. The same four ports are still open. I did
check the "Don't Allow Exceptions" box at Windows Firewall and rebooted my
computer. Unfortunately, I got the same result again on the grc.com test.

Thanks again for your patience and assistance, Daave.

Sue

 

[Daave]

Hi, Daave. Thank you for responding so quickly.


It was a toolbar called "MyWebSearch". Years ago, I liked to use
emoticons and the toolbar came with the "smilie" program. It appears
to be adware related. The Malwarebytes scan did find two Trojan
Horses (Trojan.Vundo) . I just couldn't believe it - I try to be so
careful!

Ah ha!

Vundo is a nasty one. In fact, it very well might be responsbile for
your insecure ports. (And there might be other infections in your PC as
well which are camoflaged.) Sometimes, when a PC is compromised to a
certain degree, the only practical solution is a Clean Install of the
OS. You can try one more thing, though. Have a look at this page:

http://www.bleepingcomputer.com/virus-removal/remove-vundo-virtumonde

Make sure you ignore the ads! Scroll down to the main section that says
"How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo."

I see you already ran MBAM. Sometimes it needs to be run in Safe Mode.
Also, perhaps you will need to run the VundoFix. And you might even need
to run HijackThis and post your results log to a Web forum where experts
analyze such logs.

Then again, a Clean Install might wind up being the quickest and most
thorough solution. As a learning experience, you may want to try the
above, though (if you have lots of time!).

I tried running the Kaspersky AV in this application tonight, but
something didn't work right. I had an error message that the DLL
file didn't load properly. The only messages I kept getting were
about a "wrong pointer being deleted". I'll try it again later this
morning. I haven't gotten to the bootable antivirus rescue CD
program yet.


Yes. It is a combination router-modem, which I rent from my ISP. I
tried to find it in Device Manager. Would it be the "Realtek
RTL8139/810x Family Fast Ethernet NIC"? (I'm pathetically ignorant
when it comes to hardware.) I have no manual or documentation for it.
Could you give me any instructions on how to configure the firewall
for it? I'd appreciate it.

No, that's your Ethernet card. Your router is plugged into it.

If you didn't get a manual with your router, you should be able to enter
its name and model number into a Google search along with the terms
"manual" and "PDF." Let me know if you find it. Normally, what you need
to do to configure a router is enter an address like 192.168.1.1 in your
Web browser's address bar and then enter the proper user name and
password. All the information you need should be in that manual.

I did the grc.com test again. The same four ports are still open. I
did check the "Don't Allow Exceptions" box at Windows Firewall and
rebooted my computer. Unfortunately, I got the same result again on
the grc.com test.

Thanks again for your patience and assistance, Daave.

Sue

YW, Sue. Be prepared for a Clean Install!

 

[MtnLadyinBlackHills1986]

Good morning, Daave. Thank you for responding.

Vundo is a nasty one. In fact, it very well might be responsbile for
your insecure ports. (And there might be other infections in your PC as
well which are camoflaged.) Sometimes, when a PC is compromised to a
certain degree, the only practical solution is a Clean Install of the
OS. You can try one more thing, though. Have a look at this page:

http://www.bleepingcomputer.com/virus-removal/remove-vundo-virtumonde

Make sure you ignore the ads! Scroll down to the main section that says
"How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo."

I ran the Vundo Tool. It found no infected items. I have run both the
quick and the full scan on MBAM in both regular mode and Safe mode. No
further infected items were found.

Regarding my router:

If you didn't get a manual with your router, you should be able to enter
its name and model number into a Google search along with the terms
"manual" and "PDF." Let me know if you find it. Normally, what you need
to do to configure a router is enter an address like 192.168.1.1 in your
Web browser's address bar and then enter the proper user name and
password. All the information you need should be in that manual.

I located the model number on my router and did manage to locate and save
the PDF Manual. I tried entering the "192.168.1.1" in my browser, but it
would not connect. The manual stated to do this and showed an example of the
screen that should come up. Mine didn't.

Then again, a Clean Install might wind up being the quickest and most
thorough solution.

Daave, I have a couple questions about the Clean Install. Does this involve
the XP OS only and involve re-installing from my original disk and then
getting Service Pack 3 and any other updates deemed necessary by Windows
Update?

Or does it involve wiping out my entire hard drive? I can save my data to
my external hard drive. But I have older programs on my computer that I use
constantly. I don't have the installation disks for these programs any more.
(I have a second hard drive configured as a boot drive that I back up to, in
case my original hard drive crashes. I'm also considering getting online
backup next year.)

If the Clean Install involves wiping out the hard drive, as much as I regret
to do it, I may have to take my chances with it as it is. I'm willing to
install and run "Hijack This" and send the information in to an appropriate
web forum. If I can retain my programs and reinstall the Windows XP OS, I
would be more than willing to do so.

Again, thanks, Daave. I really do appreciate your continued help! I just
don't understand the mentality of the "sickos" who enjoy making life
miserable for people they don't even know!

Sue

 

[Daave]

Good morning, Daave. Thank you for responding.


I ran the Vundo Tool. It found no infected items. I have run both
the quick and the full scan on MBAM in both regular mode and Safe
mode. No further infected items were found.

That's good news.

Regarding my router:


I located the model number on my router and did manage to locate and
save the PDF Manual. I tried entering the "192.168.1.1" in my
browser, but it would not connect. The manual stated to do this and
showed an example of the screen that should come up. Mine didn't.

That's not good. What is the make and model of your router? How is it
connected to your PC? When you say "it would not connect," what exactly
happened?

It is important to have a functioning router/hardware firewall!

Daave, I have a couple questions about the Clean Install. Does this
involve the XP OS only and involve re-installing from my original
disk and then getting Service Pack 3 and any other updates deemed
necessary by Windows Update?

Or does it involve wiping out my entire hard drive? I can save my
data to my external hard drive. But I have older programs on my
computer that I use constantly. I don't have the installation disks
for these programs any more.

The Clean Install wipes the drive, yes. Programs would need to be
reinstalled. It is important to always keep your installation
media/files! Sounds like you're working without a net!

A Repair Install, if done properly, leaves all your data and installed
programs intact. But a Repair Install won't get rid of hidden
infections. It's used to specifically address OS issues.

(I have a second hard drive configured
as a boot drive that I back up to, in case my original hard drive
crashes. I'm also considering getting online backup next year.)

Two hard drives? Do you have a dual boot? If so, what OS is installed on
your second hard drive? What do you mean by "configured as a boot drive
that I back up to"? Is this perhaps a clone of the first drive?

If the Clean Install involves wiping out the hard drive, as much as I
regret to do it, I may have to take my chances with it as it is. I'm
willing to install and run "Hijack This" and send the information in
to an appropriate web forum. If I can retain my programs and
reinstall the Windows XP OS, I would be more than willing to do so.

See this post, then (for HJT):

http://groups.google.com/group/alt.comp.virus/msg/954139bef5031d1b?hl=en

Again, thanks, Daave. I really do appreciate your continued help! I
just don't understand the mentality of the "sickos" who enjoy making
life miserable for people they don't even know!

Sue

YW, Sue. I agree that they're sick!

Although I'm glad that it *seems* you are free of malware (but it's not
a guarantee), I am troubled by your open ports and the inability to
communicate with your router. HijackThis is a useful tool. Don't make
any changes unless an experienced person is involved. And you need to
figure out what's going on with your router.

 

[Daave]

Good morning, Daave. Thank you for responding.

Sue, the MS news server appears to have removed my post!

It did propagate, however. In case you missed it, here it is again:

http://groups.google.com/group/micr...p.help_and_support/msg/c6a5ef36d62a2146?hl=en

 

[MtnLadyinBlackHills1986]

Good evening, Daave. Thank you for posting the link. I checked a number of
times and I didn't
see your latest post. The server must be tired of my problems. :0) Almost
every time on my
first attempt to post, I get the "server busy" message. I learned my lesson
and copy my post to
a Notepad file before sending, so I don't have to re-do it. It always goes
on the second attempt.

That's not good. What is the make and model of your router? How is it
connected to your PC? When you say "it would not connect," what exactly
happened?

My router make and model are: ZHONE - Model # 6218-12-200-0GM-ADSL2+ 4PORT
WIFI
W/BRCM. If you are interested, the link to the manual is:
http://www.zhone.com/support/manuals/docs/62/6218-A2-GB20-10.pdf

The unit is connected to my computer by cable to my Ethernet port. When I
type in
"192.168.1.1" in a new browser, the connection is attempted. It does not
connect and diverts
over to a Google page: http://www.google.com/search?q=192.168.1.1

If I click on the Google "192.168.1.1 will not connect... ???" link, it
brings up the website,
"computing.net by Tom's Guide". I followed the instructions there and tried
to "ping" the
192.168.1.1. It timed out. I brought up "Run", "CMD" and typed in
"ipconfig", as suggested.
The default shown is NOT "192.168.1.1". I don't think I want to type in the
actual number
shown, here on a public forum. There are no further instructions, since the
person who posted
had the correct settings. It appears I don't.

Wow. This is getting too much for my little brain. I don't know how to
proceed from here. Do
you have any suggestions, Daave?

See this post, then (for HJT):

http://groups.google.com/group/alt.comp.virus/msg/954139bef5031d1b?hl=en

I downloaded and ran "Hijack This". I have saved the log. I'll send it to
the "Suggested Primary"
website first, as suggested in your link. I promise I will not change
anything. As soon as I get
a reply, I'll let you know what was said.

Two hard drives? Do you have a dual boot? If so, what OS is installed on
your second hard drive? What do you mean by "configured as a boot drive
that I back up to"? Is this perhaps a clone of the first drive?

I don't have a dual boot. When I purchased my second hard drive (Western
Digital), I was given
a program called "Data Lifeguard". The installation option I use is called
"Add the Drive as the
New Boot Device". So it is a clone of the first drive.

The Clean Install wipes the drive, yes. Programs would need to be
reinstalled. It is important to always keep your installation
media/files! Sounds like you're working without a net!

***Gulp*** I was afraid of that. I'm guilty as charged. When I installed
these programs years
ago, viruses and other malware were not as numerous or as sophisticated. I
didn't throw the
installation media away. They have just gotten lost over the years. I hope
an expert forum on
Hijack This can clear up these problems. Otherwise, I can only hope for the
best.

Thank you for your continued patience and help, Daave. I've taken a lot of
your time.
I do appreciate it so much.

Sue