Trying to find info on virus / trojan attacks



Paul
07-09-2005, 10:49 PM
Hi, I've been trying to locate some information on how computers are
attacked by a virus and /or trojans via a broadband connection. I recently
installed the Windows XP operating system on my fathers PC (it had Win Me
previously and the harddrive was formatted prior to installing Win XP) and
by the time I'd installed and updated Win XP and Panda Antivirus via the
broadband connection, Panda was already reporting Trojans on the PC.

My question is that once you're connected to the Interent is your PC
vulerable to attack until such time as your operating system and antivirus
are updated, even if that's only a few minutes? Are their malicious programs
roaming the internet looking for unprotected broadband connections and
pounce on it when discovered? How can you tell your connection is being
targeted? I guess what I'm saying is can anybody point me in the direction
of a document (for a non-expert) where I can read up about how these things
operate.

Thanks

Paul

BSchwarz
07-09-2005, 10:49 PM
There are a few older worms in the wild that will infect you before the
install is completed.
The best way to make sure you get a clean install of XP is to leave the
box disconnected from the internet. Once the install is complete boot
into Windows and turn on the firewall. Once the firewall is turned on
connect to the network and head to WU. Once all patches and fixes are
installed you'll have a very secure system.


--
BSchwarz
Posted via http://ms-os.com Forum to Usenet gateway

David H. Lipman
07-09-2005, 10:49 PM
From: "Paul" <paul@spamalot.eclipse.co.uk>

| Hi, I've been trying to locate some information on how computers are
| attacked by a virus and /or trojans via a broadband connection. I recently
| installed the Windows XP operating system on my fathers PC (it had Win Me
| previously and the harddrive was formatted prior to installing Win XP) and
| by the time I'd installed and updated Win XP and Panda Antivirus via the
| broadband connection, Panda was already reporting Trojans on the PC.
|
| My question is that once you're connected to the Interent is your PC
| vulerable to attack until such time as your operating system and antivirus
| are updated, even if that's only a few minutes? Are their malicious programs
| roaming the internet looking for unprotected broadband connections and
| pounce on it when discovered? How can you tell your connection is being
| targeted? I guess what I'm saying is can anybody point me in the direction
| of a document (for a non-expert) where I can read up about how these things
| operate.
|
| Thanks
|
| Paul
|

If they are truly Trojans and not Internet worms then you the only way to get a Trojan is to
go to a web site that installed it or an emiam was opened that cause one to be installed or
a similar process through an Instant Messanger. The other possibility is that you installed
softtware that was warez or other software that had a Trojan in it.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Paul
07-09-2005, 10:49 PM
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:eiCp515bFHA.3184@TK2MSFTNGP15.phx.gbl...
> From: "Paul" <paul@spamalot.eclipse.co.uk>
>
> If they are truly Trojans and not Internet worms then you the only way to
> get a Trojan is to
> go to a web site that installed it or an emiam was opened that cause one
> to be installed or
> a similar process through an Instant Messanger. The other possibility is
> that you installed
> softtware that was warez or other software that had a Trojan in it.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
Thanks Dave, perhaps I'm not using the correct terminology but Panda
reported "Trojans" as opposed to Internet worms. I'm assuming that as the
installer CD was official Microsoft product that wouldn't have Trojans in
it!

Paul

David H. Lipman
07-09-2005, 10:49 PM
From: "Paul" <paul@spamalot.eclipse.co.uk>


| Thanks Dave, perhaps I'm not using the correct terminology but Panda
| reported "Trojans" as opposed to Internet worms. I'm assuming that as the
| installer CD was official Microsoft product that wouldn't have Trojans in
| it!
|
| Paul
|

That's correct Paul. Internet worms are viruses that use network protocols to self
replicate. Trojans don't self replicate. They need assistance to replicate and be
installed on a computer. You must have gone to a bad website during your updating process.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Phil Weldon
07-09-2005, 10:49 PM
'David H. Lipman' wrote, in part:

"You must have gone to a bad website during your updating process.

What about incomming port scan attacks via the internet?"

Phil Weldon

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%23qw2G5BcFHA.1404@TK2MSFTNGP09.phx.gbl...
> From: "Paul" <paul@spamalot.eclipse.co.uk>
>
>
> | Thanks Dave, perhaps I'm not using the correct terminology but Panda
> | reported "Trojans" as opposed to Internet worms. I'm assuming that as
> the
> | installer CD was official Microsoft product that wouldn't have Trojans
> in
> | it!
> |
> | Paul
> |
>
> That's correct Paul. Internet worms are viruses that use network
> protocols to self
> replicate. Trojans don't self replicate. They need assistance to
> replicate and be
> installed on a computer. You must have gone to a bad website during your
> updating process.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

David H. Lipman
07-09-2005, 10:49 PM
From: "Phil Weldon" <notdiscosed@example.com>

| 'David H. Lipman' wrote, in part:
|
| "You must have gone to a bad website during your updating process.
|
| What about incomming port scan attacks via the internet?"
|
| Phil Weldon
|

Those would be Internet worms. Trojans may communicate via network protocols but they don't
infect via network protocols.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

cquirke (MVP Windows shell/user)
07-09-2005, 10:49 PM
On Sun, 12 Jun 2005 18:24:12 -0400, "David H. Lipman"

>If they are truly Trojans and not Internet worms then you the only way to get a Trojan is to
>go to a web site that installed it or an emiam was opened that cause one to be installed or
>a similar process through an Instant Messanger.

Several bots exploit LSASS and RPC, so you can get
Lovesan/Blaster-style (RPC) or Sasser-style (LSASS) infections by
SDbot, Rbot, etc. I'm seeing a lot of this at the moment; it may be
that there's more of these latter-day hole exploiters than the
original Lovesan/Blaster/Nachi/Welchia and Sasser worms.

You may find TFTPnnnn files, too :-)

The brutal truth is that XP Gold and XP SP1 are unfit for use on the
Internet, if installed in the standard duhfault manner. This will
apply to every "just re-install" (even repair install) that you do
with those versions of XP, or any version of Win2000 before it.

At the very least, you MUST enable the firewall before connecting to
the Internet. Best is to keep the two relevant hotfixes (for RPC and
LSASS) off HD so they can be applied after any "just" reinstall.

This is also a big reason to avoid Win2000, compared to XP SP2. We
still get folks claiming it's safer to stick with Win2000, but etc.





>------------------------ ---- --- -- - - - -
Forget http://cquirke.blogspot.com and check out a
better one at http://topicdrift.blogspot.com instead!
>------------------------ ---- --- -- - - - -

David H. Lipman
07-09-2005, 10:49 PM
From: "cquirke (MVP Windows shell/user)" <cquirkenews@nospam.mvps.org>

| On Sun, 12 Jun 2005 18:24:12 -0400, "David H. Lipman"
|
>> If they are truly Trojans and not Internet worms then you the only way to get a Trojan is
>> to go to a web site that installed it or an emiam was opened that cause one to be
>> installed or a similar process through an Instant Messanger.
|
| Several bots exploit LSASS and RPC, so you can get
| Lovesan/Blaster-style (RPC) or Sasser-style (LSASS) infections by
| SDbot, Rbot, etc. I'm seeing a lot of this at the moment; it may be
| that there's more of these latter-day hole exploiters than the
| original Lovesan/Blaster/Nachi/Welchia and Sasser worms.
|
| You may find TFTPnnnn files, too :-)
|
| The brutal truth is that XP Gold and XP SP1 are unfit for use on the
| Internet, if installed in the standard duhfault manner. This will
| apply to every "just re-install" (even repair install) that you do
| with those versions of XP, or any version of Win2000 before it.
|
| At the very least, you MUST enable the firewall before connecting to
| the Internet. Best is to keep the two relevant hotfixes (for RPC and
| LSASS) off HD so they can be applied after any "just" reinstall.
|
| This is also a big reason to avoid Win2000, compared to XP SP2. We
| still get folks claiming it's safer to stick with Win2000, but etc.
|
>> ------------------------ ---- --- -- - - - -
| Forget http://cquirke.blogspot.com and check out a
| better one at http://topicdrift.blogspot.com instead!
>> ------------------------ ---- --- -- - - - -

And if you connect through a broadband Router those possibilities are greatly reduced and if
you specifically block both TCP and UDP ports 135 ~ 139 and 445 then they are completely
mitigated.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


Trying to find info on virus / trojan attacks