Question about W32.HLLP.DeTroie...

Discussion in 'malware problems & news' started by EvilNewbie, Jul 28, 2002.

Thread Status:
Not open for further replies.
  1. EvilNewbie

    EvilNewbie Registered Member

    Joined:
    Jul 26, 2002
    Posts:
    6
    Hello,

    I was recently infected by the above named virus and reformatted my entire hard drive because I couldn't delete the trojan. I used PestPatrol, Anti-trojan 5.5, and The Cleaner which didn't even detect the trojan but it was detected with Norton Anti-virus 2002. After reformatting my hard drive, I have been attacked around 10-12 times with someone using the backdoor/sub7 port route, but they failed to get past my Norton Personal Firewall (I hope!). Is there any way to stop these attacks? Can I launch my own attack?
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi EvilNewbie
    Welcome aboard. Pity such an experience. Http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.detroie.html
    On this site at symantec i read about the nasty and it's removal instructions.
    They describe it as a virus, although they name it a type trojan as well, which could explain why it is not in the specific trojan databases. But the backdoor capacities make it suspicious as a trojan.
    They say not to reboot if possible but first to get rid of the thing to prevent more infections.
    If i still don't trust it i go for an online scan at the known sites like http://housecall.antivirus.com, www.bitdefender.com, www.pandasoftware.com which all look for both viruses and trojans/worms.

    Now you were attacked by S7? What is for you an attack? A port probe or did you think they were on your system? Probably not, as you write about your firewall.
    The firewall should stop those probers from intruding your system.
    These days many people have lots of probes (holiday time?). The firewall is there to stop those attacks.
    A daily update and scanning with your anti-virus/anti-trojan scanners should make sure there are no trojan backdoor servers on your system, like S7.
    In netstat you can see if there are connections to your system.
    There is software with netstat which enables you to analyse and kill such unwanted connections, to analyse and kill processes, etc.
    Do you mean to launch an attack on your own system by some error or infection, or to a possible intruder?
     
  3. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    NAV2002 is a fine anti-VIRUS program, but like the name says in principal designed for discovering virussen.

    A very good program specially designed for discovering TROJANS is TDS.

    Just take a look at the TDS forum on this board.

    Besides that, you need a good firewall, take a look at the firewall forum on this board to make your personal choice about available firewalls.

    You also need a registry-monitor, who warns you for (important) changes in the registry BEFORE executing so you can stop/avoid in time such changes.

    Launching your own attack is not a good idea, i.m.o. it is illegal.

    Ciao,

    Smokey
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Thanks Smokey for the important additions.

    True, it's good to have several kinds of possibilities to scan your system.
    In the free tools at the DCS site is a registry protection/moniror too ( www.diamondcs.com.au ) which you might like.

    TDS has the functions i described among many others for our security, indeed.
    It is never a good idea to do the same to possible intruders what you are trying to defend yourself for, especially for the legal part and if you don't know your enemy and tools, but within the walls of your own system there are many possibilities of protection with the right tools.
     
  5. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Can someone please give me the actual link to the page where the free server sniper programs are? Going blind here trying to find it! Pete
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    If you mean at the DCS pages. ... don't see them either anymore. Think those are replaced by the services.
     
  7. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Hoi Pete!

    Maybe I can help you.

    I got for you:

    TDS Subseven sniper
    TDS Backorrifice sniper
    TDS Drat sniper
    TDS Wintrinoo sniper

    Total MB's: 1,65

    Please give your email-adress in a personal message to me, and i will send you the whole bunch.
    Do that pls within 1 hour, because after that I am away for 1 week.

    Ciao,

    Smokey
     
  8. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Thanks, just now saw it (your message) - but someone else already provided me with the link!

    http://www.diamondcs.com.au/snipers/snipers.htm

    Have a great vacation! Pete
     
Loading...
Thread Status:
Not open for further replies.