downloader.clispri.A, trojan.byteverify

wat do u think of this??

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2003-11-15 at 22:54:38

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

5 Ports Open
18 Ports Closed
3 Ports Stealth
---------------------
26 Ports Tested

Ports found to be OPEN were: 22, 23, 25, 80, 443

Ports found to be STEALTH were: 139, 389, 445

Other than what is listed above, all ports are CLOSED.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

but my personal firewall isnt allowin any ICMP watsoever to come in or go out i chked again....

 

the server in the network runs LINUX server and gets connected thru a more secured ISP server
i use cable internet.
i hav been seeing the stealth test and they say port 135 is a cause for much havoc worldwide .... and its still open in my comp.
i dinno a comp with all necessary security softwares still can b so vulnerable... anyway i hav got u guys and i trust and bliv u lot
waitin eagerly for u all to temme my nxt step
thx in advance

 

first of all i must say this site rocks and u guys r awesome really... i appreciate the way u answered my queries thx a lot
nou i am goin step by step i ran netstat again and chked these open ports
135,445,1025,1031,2469,44334 (though 1 thing i must say here when i first ran netstat it also gave 4380-4406 and not again though they r comin back... )
nxt bout the network i am havin is having LINUX server based server. whenever i am goin thru the stealth test the IP trace dun come at all to the network i am havin... but it stops to the ISP server from which my network server is gettin the bandwidth... i hope i was able to make u understand atleast something i hav firewalls and yes the ISP server is the last stop to be scanned in the stealth test as i said... even the IP the test shows isnt mine that i hav on network(which i think is my IP on internet is it??) even i am recognised as some other comp name by trace not by my real comp name
i hope that my comp is.. i repeat i hope as wat i get frm wat u said and stealth reports.. that i hav my comp well configured NOW but thr mayb some in the network thoz r fallin prey to the casualties
and ya... its never bad to learn MORE

 

oops 1 thin i forgot to mention ... my firewall passed the leaktest from grc.com (latest leaktest version)

 

again first of all i must thank u for all the support and attention i got .. from u and every other its a remarkable feedback i ever got i sincerely admire...
i am feeling much better nou that YOU have said i am safe... and more than that i hav been also chkin all these all along i also feel more or less satisfied...
its better to b safe out thr u kno
i will giv u the list of all security softwares i got
NAV 2002 Licensed with latest LiveUpdate Installer and LiveUpdate installed till date
AVG Version 7 Licensed
Zone Alarm Pro Version 4 Licensed
Tiny Personal Firewall
SpyBot SD
SpywareBlaster
Cwshredder
TDS(u were rite i am havin trial version actually i hav been buyin all these security things all along and really spent a lot nou ... and i hav got this TDS new.. i will ofcourse giv a look to buy it its a gr8 software any free good AT u kno??)
TrojanRemover 6
wat else..lol...
hey do i still need adaware
thx though again for all supports and i ofcourse will always look for this forum again and again to learn more and more
i feel safe with u all guys out here... to me i say it from heart... are the best firewall for lots of people thoz are sloly learning security... kudos

 

i hav a question again i hav a old version tiny firewall i kno its already updated but as i did say at the beginnin i had to configure with wat i hav as if and when i release the gate for a sec the TCP IP Kernel Driver comes in... and that forces me to format my comp i wud like to ask if i download the updated version wat wud happen if i go to install... then the old version will get merged ?? and then ?
shud i download updated then unplug my LAN card and then configure as i did earlier??
thx in advance

 

about TCP IP kerner driver... its a ICMP packet constantly circulating in our network. it causes real havoc once u let it enter the computer changing a lot in ur system. Tiny personal warns bout it and says that someone wants to send u Kernel Driver do u want it to enter or not... once it enters then u r gone u bcome the affected part of network also. actually i was suffering this till i configured b4 even allowing the LAN card to plug . i had to format 4 times b4 for this matter.
the version is really old i think 2.0.15A but as its much effective in handling most of the evils and most importantly the kerner driver ICMP packet. i ofcourse can download the latest Tiny 5 version and can update my firewall unpluggin the LAN again..
as u said u also hav 2 firewalls same as mine the TINY and ZA and i did told u the reasons y i am running the two... the two arent clashing wat u say??

 

Subratam TCP/IP Kernel Driver is part is of your TCP/IP stack, and it belongs there. It handles the icmp protocol, and icmp is not anywhere as dangerious as you think, your just being over paranoid, and its a part of normal internet protocols.

FYI, there were vulnerablilities discovered in the old Tiny that were fixed in Kerio 2x, and you can still download Kerio 2x from this link. I don't suggest you even touch Kerio 4x at this time, and the most recent 2x version was 2.15
http://www.kerio.com/dwn/kpf/

Now your rules are the problem, and from your problems it would seem you need to fix more than icmp. This is a power-user program, and does require the user to have knowledge of tcp/ip protocols. Your just being an over paranoid user that doesn't understand what is going on.

If you want help with your Tiny/Kerio 2x configuration that can be done, and you can post a screenshot of your rules for others to review. However you are in quite over your head, and maybe a application based firewall would be better for you?

As far as icmp goes just make sure your not allowing icmp 8 inbound, and I've even attached a example of basic icmp rules.

 

the ICMP that is relayed in my network corrupts my TCP/IP kernel driver and in return it infects my PC.. i hav been getting lot of helps from u guys... actually i am keeping TINY only for that it really gets u safe from harmful packets as i am seein its doin effectively... as for ZA i am keeping this coz it keeps me in stealth form once i configure that so that ICMP dun get to come in i will keep one firewall at one time
i really feel bad Low as u thought that i am not takin ur recommendation... but i hav been listening everything and i will listen always as u all kno much more and i am learning...
hou can i post the firewall rules log??

 

by the way i hav tiny personal version 2.0.15A (221001)

 

"ts nice to kno nothin than knoin somethin wrong" Well besides your horrible spelling, your have fallen under "Knowing something wrong" when it comes to icmp.

ICMP cannot infect your pc, there are no icmp connections like tcp as its a messaging protocol.

If you want people to review you rules you have to take a screenshot of your rules, and make a new post in the Other Firewalls forum. Use alt+printscreen to capture the active window only instead of just pressing the printscreen button, and be sure to save it in a internet friendly format like .gif or .jpg for size. Crop the image where needed, and you might have to take multiple screenshots if you have a huge amount of rules.

Right now by simply renaming one program on your system I could gain access to the internet with Tiny 2x, now do you want to upgrade to Kerio 2x

 

hmmm.... is kerio diff from TFW or it updates the already installed Tiny??
do ZA support system access with renamed programs??
Blitz i am learning so i think it wud b good frm ur part to let me help informatively

 

nxt

 

last alongwith a rule for ZA that is allowed

 

I'm going to quote myself highlighting a few words:
"If you want people to review you rules you have to take a screenshot of your rules, and make a new post in the Other Firewalls forum"

You can be helped better with your firewall configuration in the firewall forum than in this generic security forum.

The rename issue is a bug in Tiny 2x where it can bypass your firewall configuration compeletly, otherwise it wouldn't let it out normally depending on your configuration.

Kerio 2x was built with Tiny 2x code. Kerio became their own company when they separated from Tiny Software. Its 99.% the same, and will import Tiny 2x rules. The interface is the same with many fixes, and udpates to the program itself.

Now your starting to listen more, others were being nice to you, but it wasn't getting through to you so that was a problem. I realized you were still learning from what I read, but I also realized that you already had ideas you believed for some reason that you were not changing after you were told they were wrong.

BTW, stick to one firewall only. Running both will only cause problems.

I'll be back after a while to respond to your posted ruleset, I usually have to write many paragraphs when reviewing others rules so it takes a while.

 

i just nou uninstalled ZA and i am goin to download the kerio 2X version...
as u said.. i just want to b sure... the kerio will import the Tiny Rules rite??
i do understand that its better to use one firewall only... its better for me to listen to u then bein with anythin i am beginner...
the tiny PF i am havin after downloading the kerio 2X wat wud b my next steps its a .exe the kerio and shud i unplug the LAN and then install or i again ask the kerio will install itself with Tiny rules??
i appreciate for ur help

 

Re-Read my last comment about Tiny 2x rules in to Kerio 2x
"Kerio 2x was built with Tiny 2x code. Kerio became their own company when they separated from Tiny Software. Its 99.% the same, and will import Tiny 2x rules. The interface is the same with many fixes, and udpates to the program itself."

Yes, you should make sure you won't connect to other machines, or auto-connect to the internet when you don't have a firewall running.

I was going to do something, but since you say your networked that is another issue. That makes your configuration more complex, so how is your network setup, what ip ranges do you use for your network?

Since your not completely reading what others are saying as I'm having to quote my last comments, I will ask that you read, and re-read this thread. Instead of using your exported rules I want you to start out with the standard rule set, and read the instructions completely. Its a starting template with some rules loose so they work, and you will have to restrict them later.
http://www.broadbandreports.com/forum/remark,8023708~root=kerio~mode=flat#8023745

So download the Kerio 2x, download that standard ruleset, use print preview to print out only the part of the page that contains the instructions, export your Tiny 2x rules, disconnect your machine from the internet/lan, proceed to uninstall Tiny, replace it with Kerio, import the standard ruleset, start customizing the rules, and reconnect to the internet/lan.

--We will discuss your configuration problems in Other Firewalls forum in the thread you have already started.--

 

thxxxxxxx a lot Blitz.... i am gettin it more str8 nou.. wont say much of nou here but in the firewall post
if i do hav any security probz i wud come here back