close

Privacy guaranteed - Your email is not shared with anyone.

Question about Norton Antivirus Security Alert blocking intrusions

Discussion in 'Tech Talk' started by sjfrellc, Mar 1, 2006.

  1. sjfrellc

    sjfrellc CLM

    Messages:
    720
    Likes Received:
    0
    Joined:
    Dec 26, 2004
    Location:
    Novi, Michigan
    When Norton Internet Alerts me every couple minutes that Norton Internet Worm protection has detected and blocked an intrusion attempt with the following details

    Security rule: Default Block Blade Runner Trojan horse
    Path: N/A
    File name: N/A
    Local address: xx2.16x.1.101
    local port:5402
    remote address 81.169.229.242
    remote port: 2098
    protocol:TCP


    I run a complete scan with NAV and have two adware things noted that norton antivirus doesn' delete.

    The alert comes ever couple minutes.
    Do you think I have a worm on my computer?
    should I just not show this alert?
     
  2. Blitzer

    Blitzer Cool Cat

    Messages:
    12,111
    Likes Received:
    2
    Joined:
    Jan 15, 2004
    Location:
    The communist's play ground of OHIO
    In my experience Norton has fallen from grace and is no longer rated as the top in it's the field. Actually their web-focused package has never been rated as all that impressive. You can check this on the web by looking at reviews on Goggle.

    Zone Labs markets Zone Alarm Pro now offers a complete Web focused package for $69.95. A friend just upgraded to Zone Alarm Internet Security Suite and is pleased as his old assortment of various products would not clear his PC of several issues. His old Anti Spam/malware kept telling him of issues but would not remove the problems. I will add he did need to update his JAVA software to clear a vulnerability.

    You can get free trial versions of their software to include a Firewall, antiviral and antispam/malware solution. Do something quick befiore you get tagged as s source of problems from a major company or an ISP.

    Check out the site and click "Zone Alarm product selector"!

    http://www.zonelabs.com/store/content/home.jsp

    :cool: ;)
     

  3. sjfrellc

    sjfrellc CLM

    Messages:
    720
    Likes Received:
    0
    Joined:
    Dec 26, 2004
    Location:
    Novi, Michigan
    You mean, I might have a trojan that Norton Antivirus can't detect and my conmputer might be sending malicious stuff to others?

    I tried zone alarm once on a new computer and too many warnings were popping up when I was installing new software.

    I was thinking of getting that new Microsoft Beta "complete" care thing. I'm worried about Microsoft having a "bloated" program that takes up too many resources.

    I've had good luck with Microsoft Antispyware for Spy/malware.
     
  4. fastvfr

    fastvfr Ancient Tech

    Messages:
    2,344
    Likes Received:
    0
    Joined:
    Mar 28, 2001
    Location:
    SW Oregon
    That is possible, though this sounds more like a 'bot that keeps pinging your machine.

    A very reasonable concern, given their track record.

    Are you sure about that? What other malware scanners have you used to check the M$ scanner with, may I ask?

    Unlike virus scanners or firewalls, you SHOULD have more than one spyware/adware scanner installed. Not one of them can find all the glitch your PC picks up while online.

    Get Spybot S&B 1.4 and Ad-Aware 1.6 Personal, update both, and then scan with them. You might be surprised.

    You might also be surprised to find that your NAV isn't as good a scanner as the price tag(s) may have led you to believe.

    Use Trend's online 'Housecall' virus scanner to verify that NAV isn't just sitting there with it's proverbial thumb up its arse.

    Lots of my tech calls involve ripping out all Norton products and installing a free antivirus scanner, such as Avast or AVG, for my poor client.

    My advice is, next time NAV starts with the "PAY ME NOW" popups, you jsut tell it to F off, and go with a better, and free, scanner.

    BTW, if you connect to the web via Ethernet, just get a hardware firewall/router and enable Stateful Packet Filtering. That works exponentially better than does any software firewall ever made.

    So, in other words, use Trend's AV scanner to see if the crap's on your end, and then get a different firewall solution if it isn't.

    Good luck!
     
  5. sjfrellc

    sjfrellc CLM

    Messages:
    720
    Likes Received:
    0
    Joined:
    Dec 26, 2004
    Location:
    Novi, Michigan
    Thanks,Great advice!
    I have used Ad-aware and Spybot but when they would get some malware, I moved on to Webroot and then Microsoft antispyware. But I never went back to the originals.

    I'm using a Linksys Wrt54GS router.

    Thanks for the Trend online recommendation.
     
  6. fastvfr

    fastvfr Ancient Tech

    Messages:
    2,344
    Likes Received:
    0
    Joined:
    Mar 28, 2001
    Location:
    SW Oregon
    The Linksys Wrt54GS router isn't bad, and it has an SPI (Stateful Packet Inspection) hardware firewall, doesn't it?

    Still, that's worlds better than NIS's software 'solution'. Enable the firewall and lose the Norton version (disable it from starting).

    Did Trend find any rotten apples?
     
  7. sjfrellc

    sjfrellc CLM

    Messages:
    720
    Likes Received:
    0
    Joined:
    Dec 26, 2004
    Location:
    Novi, Michigan
    Didn't have time to run a scan because I had to fly to San Francisco for a conference.

    The blocked attempts seemed to diminish. I ran Norton a couple more times including in safe mode and nada on detected viruses. Also no spyware with Microsoft antispyware.

    I'm not really familiar with the SPI firewall on The Linksys router. Is this enabled by default? I believe I have Windows XP and Norton internet security both running. The computers also running fine. I believe the info that Norton was reporting was an attack on one of my ports. What I'm not sure about if its originating on my computer.

    I won't be back to my desktop for a week I'll get back with the Trend scan.

    I am slightly amazed that as I sit high above San Fran, I'm getting free wireless. They aren't even blocking out Glocktalk. ;+
     
  8. sjfrellc

    sjfrellc CLM

    Messages:
    720
    Likes Received:
    0
    Joined:
    Dec 26, 2004
    Location:
    Novi, Michigan
    Ok had time to run the scan. Took forever and crashed a couple times. Had to update Java.

    Good news though, it found a Troj_dloader.ws trojan and eliminated it. Thanks Fastvfr! ^c