Question about W32.HLLP.DeTroie...

[EvilNewbie]

Hello,

I was recently infected by the above named virus and reformatted my entire hard drive because I couldn't delete the trojan. I used PestPatrol, Anti-trojan 5.5, and The Cleaner which didn't even detect the trojan but it was detected with Norton Anti-virus 2002. After reformatting my hard drive, I have been attacked around 10-12 times with someone using the backdoor/sub7 port route, but they failed to get past my Norton Personal Firewall (I hope!). Is there any way to stop these attacks? Can I launch my own attack?

[Jooske]

Hi EvilNewbie
Welcome aboard. Pity such an experience. Http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.detroie.html
On this site at symantec i read about the nasty and it's removal instructions.
They describe it as a virus, although they name it a type trojan as well, which could explain why it is not in the specific trojan databases. But the backdoor capacities make it suspicious as a trojan.
They say not to reboot if possible but first to get rid of the thing to prevent more infections.
If i still don't trust it i go for an online scan at the known sites like http://housecall.antivirus.com, www.bitdefender.com, www.pandasoftware.com which all look for both viruses and trojans/worms.

Now you were attacked by S7? What is for you an attack? A port probe or did you think they were on your system? Probably not, as you write about your firewall.
The firewall should stop those probers from intruding your system.
These days many people have lots of probes (holiday time?). The firewall is there to stop those attacks.
A daily update and scanning with your anti-virus/anti-trojan scanners should make sure there are no trojan backdoor servers on your system, like S7.
In netstat you can see if there are connections to your system.
There is software with netstat which enables you to analyse and kill such unwanted connections, to analyse and kill processes, etc.
Do you mean to launch an attack on your own system by some error or infection, or to a possible intruder?

[Smokey]

Quote:

quoting: EvilNewbie link=board=30;threadid=2667;start=0#18137 date=1027868592]
I was recently infected by the above named virus and reformatted my entire hard drive because I couldn't delete the trojan. I used PestPatrol, Anti-trojan 5.5, and The Cleaner which didn't even detect the trojan but it was detected with Norton Anti-virus 2002. After reformatting my hard drive, I have been attacked around 10-12 times with someone using the backdoor/sub7 port route, but they failed to get past my Norton Personal Firewall (I hope!). Is there any way to stop these attacks? Can I launch my own attack?

NAV2002 is a fine anti-VIRUS program, but like the name says in principal designed for discovering virussen.

A very good program specially designed for discovering TROJANS is TDS.

Just take a look at the TDS forum on this board.

Besides that, you need a good firewall, take a look at the firewall forum on this board to make your personal choice about available firewalls.

You also need a registry-monitor, who warns you for (important) changes in the registry BEFORE executing so you can stop/avoid in time such changes.

Launching your own attack is not a good idea, i.m.o. it is illegal.

Ciao,

Smokey

[Jooske]

Thanks Smokey for the important additions.

True, it's good to have several kinds of possibilities to scan your system.
In the free tools at the DCS site is a registry protection/moniror too ( www.diamondcs.com.au ) which you might like.

TDS has the functions i described among many others for our security, indeed.
It is never a good idea to do the same to possible intruders what you are trying to defend yourself for, especially for the legal part and if you don't know your enemy and tools, but within the walls of your own system there are many possibilities of protection with the right tools.

[spy1]

Can someone please give me the actual link to the page where the free server sniper programs are? Going blind here trying to find it! Pete

[Jooske]

If you mean at the DCS pages. ... don't see them either anymore. Think those are replaced by the services.

[Smokey]

Quote:

quoting: spy1 link=board=30;threadid=2667;start=0#18151 date=1027879477]
Can someone please give me the actual link to the page where the free server sniper programs are? Going blind here trying to find it! Pete

Hoi Pete!

Maybe I can help you.

I got for you:

TDS Subseven sniper
TDS Backorrifice sniper
TDS Drat sniper
TDS Wintrinoo sniper

Total MB's: 1,65

Please give your email-adress in a personal message to me, and i will send you the whole bunch.
Do that pls within 1 hour, because after that I am away for 1 week.

Ciao,

Smokey

[spy1]

Thanks, just now saw it (your message) - but someone else already provided me with the link!

http://www.diamondcs.com.au/snipers/snipers.htm

Have a great vacation! Pete