ii have detected some trojans from korea, israel , and even from here in the US and i wanted to know who to report them to and i do have their IP address and located with addres and such but what do i do with this information.
Hi Shinseraph ... and welcome to Wilders . Is this trojans you are asking about or events in your firewall log? Regards, CrazyM
Which trojans did your find? You can always send copies to submit@diamondcs.com.au for deeper investigation about them. Did you get them by email or in otherways?
Well these are trojans that have been detected AND blocked but i am notified when they are found trying to "attack my computer and thanks for the greet lemme post the details on a couple 1. {\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}} {\*\generator Msftedit 5.41.15.1503;}\viewkind4\uc1\pard\f0\fs20 OrgName: Asia Pacific Network Information Centre \par OrgID: APNIC\par Address: PO Box 2131\par City: Milton\par StateProv: QLD\par PostalCode: 4064\par Country: AU\par \par ReferralServer: whois://whois.apnic.net\par \par NetRange: 220.0.0.0 - 220.255.255.255 \par CIDR: 220.0.0.0/8 \par NetName: APNIC6\par NetHandle: NET-220-0-0-0-1\par Parent: \par NetType: Allocated to APNIC\par NameServer: NS1.APNIC.NET\par NameServer: NS3.APNIC.NET\par NameServer: NS4.APNIC.NET\par NameServer: NS.RIPE.NET\par NameServer: TINNIE.ARIN.NET\par Comment: This IP address range is not registered in the ARIN database.\par Comment: For details, refer to the APNIC Whois Database via\par Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl\par Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry\par Comment: for the Asia Pacific region. APNIC does not operate networks\par Comment: using this IP address range and is not able to investigate\par Comment: spam or abuse reports relating to these addresses. For more\par Comment: help, refer to http://www.apnic.net/info/faq/abuse\par Comment: \par RegDate: \par Updated: 2004-03-30\par \par OrgTechHandle: AWC12-ARIN\par OrgTechName: APNIC Whois Contact \par OrgTechPhone: +61 7 3858 3100\par OrgTechEmail: search-apnic-not-arin@apnic.net\par \par # ARIN WHOIS database, last updated 2004-05-17 19:15\par # Enter ? for additional hints on searching ARIN's WHOIS database.\par \par OrgName: Asia Pacific Network Information Centre\par OrgID: APNIC\par Address: PO Box 2131\par City: Milton\par StateProv: QLD\par PostalCode: 4064\par Country: AU\par Comment: \par RegDate: \par Updated: 2004-03-01\par \par ReferralServer: whois://whois.apnic.net\par \par AdminHandle: AWC12-ARIN\par AdminName: APNIC Whois Contact \par AdminPhone: +61 7 3858 3100\par AdminEmail: search-apnic-not-arin@apnic.net\par \par TechHandle: AWC12-ARIN\par TechName: APNIC Whois Contact \par TechPhone: +61 7 3858 3100\par TechEmail: search-apnic-not-arin@apnic.net\par \par # ARIN WHOIS database, last updated 2004-05-17 19:15\par # Enter ? for additional hints on searching ARIN's WHOIS database.\par } 2. OrgName: America Online OrgID: AOL Address: 22000 AOL Way City: Dulles StateProv: VA PostalCode: 20166 Country: US NetRange: 172.192.0.0 - 172.211.255.255 CIDR: 172.192.0.0/12, 172.208.0.0/14 NetName: AOL-172BLK-2 NetHandle: NET-172-192-0-0-1 Parent: NET-172-0-0-0-0 NetType: Direct Allocation NameServer: DAHA-01.NS.AOL.COM NameServer: DAHA-02.NS.AOL.COM NameServer: DAHA-07.NS.AOL.COM Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 2002-02-13 Updated: 2003-08-08 TechHandle: AOL-NOC-ARIN TechName: America Online, Inc. TechPhone: +1-703-265-4670 TechEmail: domains@aol.net OrgAbuseHandle: AOL382-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-703-265-4670 OrgAbuseEmail: abuse@aol.net OrgNOCHandle: AOL236-ARIN OrgNOCName: NOC OrgNOCPhone: +1-703-265-4670 OrgNOCEmail: noc@aol.net OrgTechHandle: AOL-NOC-ARIN and heres the last and thanks for the help netname: KORNET-INFRA000001-KR\par descr: \tab Korea Telecom\par descr: \tab 206 Jungja-dong, Bundang-gu, Sungnam city, Gyunggi-do, Korea, 463-711\par descr: \tab GYUNGGI\par descr: \tab 463-711\par country: KR\par admin-c: IA32280-KR\par tech-c: IM32126-KR\par remarks: This IP address space has been allocated to KRNIC.\par remarks: For more information, using KRNIC Whois Database\par remarks: whois -h whois.nic.or.kr\par mnt-by: MNT-KRNIC-AP\par remarks: This information has been partially mirrored by APNIC from\par remarks: KRNIC. To obtain more specific information, please use the\par remarks: KRNIC whois server at whois.krnic.net.\par changed: hostmaster@nic.or.kr 20040607\par source: KRNIC\par
Hi Shinseraph, What software product is catching these for you? Based on what you posted, it looks like it's your firewall as CrazyM was mentioning. Can you give us some details and there will be other things to post, detailed logs which show more information then that. How you find that information will vary by application, so let us know what product is alerting you.
well i am currently using norton personal firewall and norton antivirus and this is what i am currently using, but i am planning to gt somethign else any suggestions as to which one i should buy?
Ah, so its NPF giving those alerts. Those may well be default trojan blocking rules that are being triggered, and they may not be all that critical. Let's see what CrazyM or jvmorris have to say on those. (No pressure guys. )
also something starnge is happening because i am currently connecting with AOL but now 4 outta my 5 connections say they are invalid or busy, when i open a website it says that AOL core something is trying to access using an unrecognized module and such what should i do ?
it is apperently saying "aol core application is attempting to access the internet using un regognized modules", im not sure of what this means but what would you guys suggest i do? it seems like every day, my pc is infected more and more
Well, I don't you think you should have traced those trojans attempts. It's almost like returning to the scene of the crime (I think ). Simply tracing the attacker sort of tells him that you're there and will will therefore bring upon more attacks. If your NPF is blocking those attempts, then you should be fine. My suggestion would be to virus scan your computer. Also, post a HiJackThis log so we can see what maybe lurking around in settings. As for AOL, check your program rules and post them here. Also, list the numbers that will not connect and the one's that will. mVPstar
More than likely, tracing will lead to some highjacked computer being used as a platform for remote scanning. Knowledgeable attackers will not expose their IP. Nick
Shinseraph, Let's start with some basic information. What version of norton personal firewall (NPF) are you using? What is your operating system? Now, how is NPF alerting you? Is the Alert Tracker popping out or are you seeing some sort of window appear on your monitor? What does the warning message say? (A screen-shot might come in handy here.) With some additional information, we may be able to tell you if you're seeing something new or simply something very old. At any rate, from what you've said so far, it sounds as if NPF is handling it.
ok well i am using Windows XP, AMD ATHALON XP, about 2.1 gHZ, at the moment i use AOL dial up but on tuesday i will be using QWEST DSL, i am using norton personal firewall(2003) i beleive, notron antivirus 2003 aswell i beleive, and so far it seems to be blocking alot of the viruses and trojans but i get the feeling that some are still getting through because i get on th einternent it gives me a notification such as "Aerica Online is trying to connect to the internet using one or more unrecognized modules" and also with real player and interent explorer i get similar messages, and i would like to get some feed back on this, When i rnm norton the only thing it seems to ever find is adware but i try to remove it using the anti virus, it never does except maybe one or two out of around 12...
Are these Firewall alerts? Do you have Program component monitoring or Program launch monitoring enabled? Are these alerts from those components if enabled? Check the following link for some info/comments on these: http://www.gpick.com/agnisrules/pages/settings/settings_pg17.html Regards, CrazyM