safe firewall settings?

  • Thread starter Thread starter Chris Berry
  • Start date Start date
C

Chris Berry

Just got a nasty surprise when configuring my firewall.
I thought I'd be bright and enable the multi-DMZ settings and give my main
PC a WAN IP address.
Lo and behold, seconds later there was and IRC backdoor trojan file
(msgfix.exe) created on my PC duly detected by NOD32.
I abandoned the WAN IP address thoughts I had.
before I could change the settings back, internet access was disrupted.
Next thing, I find a winbasic32 process running - killing this restored
internet connectivity.
i've scanned those files and didn't find anything.
How can I be sure that there's no longer an infection?
Thanks.
cb
 
Just got a nasty surprise when configuring my firewall.
I thought I'd be bright and enable the multi-DMZ settings and give my main
PC a WAN IP address.
Lo and behold, seconds later there was and IRC backdoor trojan file
(msgfix.exe) created on my PC duly detected by NOD32.
I abandoned the WAN IP address thoughts I had.
before I could change the settings back, internet access was disrupted.
Next thing, I find a winbasic32 process running - killing this restored
internet connectivity.
i've scanned those files and didn't find anything.
How can I be sure that there's no longer an infection?
Click to expand...

Probably by cleaning up the registry and deleting files according to
one of these descriptions which are easily Googled up:

http://uk.trendmicro-europe.com/ent...tail.php?id=59622&VName=WORM_SDBOT.TW&VSect=T
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName= WORM_SDBOT.SM&VSect=T
http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sn.html
http://es.trendmicro-europe.com/ent...tail.php?id=58547&VName=WORM_SDBOT.SN&VSect=T
http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.GE


Art
http://www.epix.net/~artnpeg
 
Probably by cleaning up the registry and deleting files according to
one of these descriptions which are easily Googled up:

http://uk.trendmicro-europe.com/ent...tail.php?id=59622&VName=WORM_SDBOT.TW&VSect=T
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName= WORM_SDBOT.SM&VSect=T
http://es.trendmicro-europe.com/ent...tail.php?id=58547&VName=WORM_SDBOT.SN&VSect=T
http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.GE
Click to expand...

Cleaned up the registry. I thought that NOD32 was supposed to provide me
with good protection against this sort of thing.
I'd really like to know what else was touched by the back door attacker.
cb
 
Back
Top