Spyware, viruses, & security : symptoms of malware activitiy???
symptoms of malware activitiy???
by qomarf - 1/24/07 8:52 AMmy computer's receiving bytes thru lan even whn i'm not using the net....the same happens when i have completely locked the firewall...besides i dnt c any visual indication of the bytes being downloaded to my computer (i.e. the small comps flickering on and off in the system tray)...is this a symptom to anything?? (malware, viruses etc)...i use a completely updated mcafee antivirus.
It wud very helpful if any explanations as well as solution to this matter is provided.
Thanking in advance
qomarf
Please Read Red at Top of Post Page. Much More Info....
by tobeach - 1/24/07 10:37 PM In reply to: symptoms of malware activitiy??? by qomarfneeded. Include info on AV(more than McAfee?), Anti-Spyware scanners, Anti-Adware (all with exact version and update dates also firewall/router, wired or wireless, Browser normally used, Sun Java(which) or just MS's.
Could be innocent: system keeping main line open w/ your ISP (to retain always on) or not. Info will reduce guessing by alot.
Thanks for helping us help you! 
protect your pc
by s-robert - 1/28/07 5:18 AM In reply to: symptoms of malware activitiy??? by qomarfyou should use emco network malware cleaner to protect your pc.
what firewall
by santuccie - 1/28/07 4:09 PM In reply to: symptoms of malware activitiy??? by qomarfWhat firewall are you using? Is it McAfee?
By the way, what type of Internet connection do you have? Dial-up, broadband, wireless, WiFi (wireless router), etc.
Yes I use mcafee....
by qomarf - 1/29/07 2:24 AM In reply to: what firewall by santuccieYes my firewall is mcafee firewall 2007 and i use broadband.
McAfee isn't detecting any malware?
by roddy32
- 1/29/07 6:14 AM
In reply to: Yes I use mcafee.... by qomarf
Have you scanned for spyware, etc? McAfee Virus scan is mainly for viruses. What other anti-malware programs do you have on your computer and have you scanned with them? If the only problem you are seeing is the little lights flickering, you may not have anything wrong but you need to do some scans to tell for sure.
run some scans
by santuccie - 1/29/07 9:09 AM In reply to: McAfee isn't detecting any malware? by roddy32
Roddy's right. You should have an anti-malware program or two on your machine. You can get free scanners from both Ewido (now AVG Anti-Spyware) and a-squared. They are the two best anti-Trojan scanners still in development.
I know the new McAfee is much stronger than the last version, but its firewall is still not an anti-hacker firewall. While some people can get away with just an application firewall that has a strong HIPS unit, people like me with WiFi routers in an area full of them cannot.
My grandma was using McAfee until October, when botnet worms hit her machine every twelve minutes while it was on. What I didn't realize was that she wasn't even surfing while this would happen. As soon as I found out what was going on, and saw that my IP address had been bumped to the next number, I knew, and brought the intrusions to an end with an anti-hacker (stateful inspection) firewall.
Get Better Firewall
by mleng7 - 1/29/07 7:05 PM In reply to: symptoms of malware activitiy??? by qomarfUpgrade to Zonealarm Security Suite, Even the free zonealarm firewall is better than anything else on the market, but the paid firewalls are even better get zonealarm security suite, its got so many features that uh...guh... it's great
just a suggestion
by santuccie - 1/29/07 7:21 PM In reply to: Get Better Firewall by mleng7There are a lot of ZoneAlarm fans out there. I used to be one (keyword: "used"). Its unprecedented maturity in terms of features or "fluff," as I would call it, continue to attract followers amongst average users, who know little about what firewalls actually do.
If you're going to use ZoneAlarm, I'd suggest you install a hardware firewall in front of it, to protect your ports when they're in use (ZoneAlarm won't). If you are using WiFi, however, I'd strongly suggest you reconsider altogether. Firewalls in routers are easily circumvented by cracking the encryption, leaving you face to face with an attacker who could just as easily attack an unprotected, open port. Application firewalls like ZoneAlarm will do nothing to stop this, except try and block a Trojan from phoning home AFTER it infects your machine.
If my memory serves me, ZoneAlarm Security Suite uses Computer Associates' VET antivirus engine, which is a poor performer, and one of the very slowest to release signature updates.
allow me to elaborate
by santuccie - 1/29/07 8:01 PM In reply to: just a suggestion by santuccieSorry. I stated the problem, but not the solution. If you are using WiFi, an infected machine that also uses WiFi can be commanded by its botmaster to "sniff" your wireless signal, and eventually crack your network encryption. Depending on the type of encryption you use, the strength of the password, the implementation of MAC address filtering, and whether or not your network is broadcast; the amount of time it takes can vary. But these botmasters do this stuff for a living, and they have nothing but time.
Application firewalls like ZoneAlarm, Comodo, Sygate (now Norton), McAfee, and many others try to protect key system components using their integrated HIPS components. They also control which applications are authorized to use the Internet, and make sure any ports not in use are hidden. Unfortunately, open ports still have enough bandwidth to admit unsolicited incoming traffic as well, unsolicited incoming traffic that an application firewall is not built to monitor. They compete with each other in the "leaktest" baseline, which shows how well an application firewall can block information from leaving the machine, such as the information a Trojan sends back to its owner once having established itself amongst your running processes.
Firewalls with SPI (Stateful Packet Inspection) are known as "true anti-hacker products," as their primary focus is to prevent unsolicited inbound traffic from ever entering your machine in the first place. They work by keeping track of all outgoing connections you have made on a "state table," and verifying each and every incoming packet against this information, whether the application being contacted is trusted or not. While stateful firewalls will also hide unused ports, they are designed to ensure that no one can access your machine unless you are the one who solicits the connection.
There are a lot of stateful firewalls out there, but I can only comment on the ones I have actually used. They are ISS BlackICE, Sunbelt Kerio, NetVeda Safety.Net, and Jetico.
Jetico is free, and has a HIPS unit that rivals that of ZoneAlarm Pro and Comodo. However, the fact that it's also a stateful firewall raises it head-and-shoulders above the other two. Its downfall is that its interface is unintuitive, and extremely awkward to use. In many cases, you will have to select a rule from a drop-down menu just to make it remember a decision.
Safety.Net is the one I use. Its vast console gives me complete and intimate control over every aspect of my firewall protection. However, this firewall must be manually configured before it will even work, making it even more difficult than Jetico for an inexperienced user.
Kerio is the direct descendant of the immortal "Tiny Personal Firewall," a name that every geek has heard and will always reference with respect. Kerio's interface is quite intuitive and understandable, making it my stand-out recommendation for average users. Note that the free version disables HIPS after 30 days, leaving you vulnerable to buffer overflow attacks, but this void can easily be filled by installing a dedicated HIPS unit like Cyberhawk or Prevx1.
Finally, there's ISS BlackICE. The latest versions of this product have a feature called "Application Protection," which runs a full baseline of your system when you first install the firewall, to minimize annoying authorization requests afterward. BlackICE has the largest intrusion database of any firewall, dwarfing that of Kaspersky Anti-Hacker, and gives you detailed information about intruders. Hence the name "BlackICE" (hackers trying to attack your system get caught "slipping" on BlackICE ). I am familiar with no anti-hacker product that is stronger than this one, and it is the one that most Windows hackers actually use themselves. Unfortunately, this is the one SPI firewall out of the four I've used that doesn't offer a free version.
sysinternals
by aznprince513 - 1/30/07 5:22 AM In reply to: allow me to elaborate by santuccieI use these portable apps whenever my computer acts strangely. All are available from Sysinternals or Microsoft. Portmon and ProcessMonitor are the first tools I use to investigate suspicious activity (although most often it's just Widgets and Gadgets).
Black Ice
by chchis - 1/30/07 8:18 AM In reply to: allow me to elaborate by santuccieYour response got me interested in the Black Ice PC product. I already have a firewall which is part of the AOL Safety and Security Center and it appears to be quite good. I think it was developed for AOL by McAfee Can I leave the firewall in AOL Security Suite active and also use Black Ice?
BI and AOL
by santuccie - 1/30/07 10:32 AM In reply to: Black Ice by chchisYou're right. The firewall in AOL S&SC is from McAfee. They beefed it up quite a bit after the big botnet epidemic. The new one is too big and cumbersome for my grandma's computer, and I also knew long before then that SPI was the only way to go.
No. You cannot have two active firewalls at a time. However, I believe S&SC is in fact compatible with BlackICE. It doesn't work with my Safety.Net, but I do seem to remember it working just fine with BlackICE.
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
