lost my internet

Discussion in 'other firewalls' started by rich24681357, Nov 13, 2003.

Thread Status:
Not open for further replies.
  1. rich24681357

    rich24681357 Guest

    Here goes again. I am on Comcast high-speed cable internet. I have McAfee Personal Firewall. I have wilderssecurity programs: Spybot, SpywareBlaster, and SpywareGuard.

    For the last 2 weeks McAfee reported (it displays a long list) it was blocking many more virus attack attempts than usual. The most frequent was Sub 7 Trojan. Then for a couple of days I kept losing my internet connection. Then it was permanent. I can't communicate out, but as soon as I turn on my computer, McAfee reports a virus attack attempt.

    The internet access loss could have been caused by a virus that McAfee misses. Or by one of the wilderssecurity programs hijacking my browser from the other. Could redundancy have caused the problem? Should I uninstall one or more? Thank you.

    I am at the public library. The limit is 1 hour, so I may have to read any answer later. (I plan to return tonight and use my son's card and get a second hour in the same day. Gotta sneak out of here now and not be seen.) Thanks for any answer I can get, and I'll read it about 2-3 hours from now.
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Hi Rich,

    Hopefully there will be a few replies here by the time you get back...

    A quick question first... your McAfee alerts are all from the firewall component right? None are from the McAfee Anti-Virus product?

    That sounds simply like the normal Internet probing we all see. Yes, it may be more than you are used to seeing, but external probes against your system does not mean that you have any malware on your system. Even a huge volume of probes on ports commonly used by Sub7 and other malware still does not indicate any problem on your system, just a lot of Internet traffic.

    Yes, you could have a virus but most likely not because of the probes. As you said, the probes were alerted to you. It's not likely that "one sneaked through" unless you routinely disable your protections or do other risky operations like opening unsolicited emails that may have a virus in them, downloading dangerous programs, or run unprotected file sharing.

    Recommendation 1: However regardless of the cause, have you done a full system scan with your Anti-Virus product? (At this point other background info from you is also needed. What is your Windows version? Are you running McAfee Anti-Virus or any other AV product? Was it active and running resident all along? Can you scan with it when you get home?)

    This is highly unlikely. Spybot, SpywareBlaster, and SpywareGuard run together on countless thousands of systems and are not likely to cause ISP connection problems. (Please note that Spybot S&D is not from WildersSecurity or JavacoolSoftware. It is a separate product from a different source, but its author recommends using SpywareBlaster along side Spybot.)

    Recommendation 2: You could disable all three tools to see if that restores your connection. To disable SpywareGuard > right click the tray icon, select Options button > clear the three protection options > click Save Settings button > click OK > then exit SpywareGuard from File menu.

    Click this link to see image on disabling SpywareGuard.

    SpywareBlaster's protections are disabled by opening the program, hitting the "Deselect All" button then "Remove Protection for Unchecked items" then OK. Exit SpywareBlaster.

    Click this link to see image on disabling SpywareBlaster

    Spybot's active protections are in its Immunize screen. You can "Undo" the immunity and "Uninstall" the download blocker from that screen.

    If disabling these products restores your connection, then you'll have your answer and can come back here and tell us which one did it and then we can move forward from there.

    Recommendation 3: You may want to attempt to disable your firewall temporarily to see if it is simply that which is blocking your ISP connection. (Here's where knowing your Windows version, software levels and configuration would be helpful.) If your system is fully current on patches, is not running any server processes as would be exploitable on an unpatched Win2000 or WinXP, then you can probably run a short time safely without the firewall to see if that is the problem.

    If none of the above helps, then the next thing to do would be to post a HijackThis log here and let the experts take a look at what's shown there...

    Recommendation 4: HijackThis is a tool that displays startup and configuration information from your system. It is a very good way to determine what spyware is present and it also allows it to be fixed.

    Now all of this is more difficult since your only access is at the library, and that is highly restricted, so it may not be easy to communicate on all of this.

    Try to copy out all the recommendations everyone makes here, answer as many questions as you can so that the replies back next time will be more specific to your configuration. And the more you tell us about what exactly your are seeing on that system, exact error messages and conditions involved, would be extremely helpful in getting an answer.
     
  3. rich24681357

    rich24681357 Guest

    I'll answer your queries, then go home and try recommendations 2-4. My only McAfee product is McAfee Personal Firewall, because 1 year of it comes free with Comcast cable internet. If the 3 wilderssecurity programs (oops, 2 + Spybot) aren't anti-virus, then I don't have an anti-virus program. I have Windows Me, with up-to-date patches, on a standalone PC.

    The reason I described the enormous increase in virus probes (they became the majority of all contacts) is because I feel that I'm under attack. I can't get out, but they're still coming in. I'll return to the library tomorrow with new info and check for any reply. Thank you for all your help.
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    I hope one of those suggestions above helped, but if they didn't there are still a few things you can do.

    There might be good news because you are running Windows ME. Windows ME (and Windows XP) each have a utility called System Restore. If it has been running on your system, it could be possible to use it to reset your system back in time to a point when it was working fine.

    Take a look at this Microsoft page:

    http://www.microsoft.com/windowsME/using/computerhealth/articles/systemrestore.asp

    The lower half of that page shows you how to tell System Restore to move your system back to a previously good point in time. If this problem with your system started 3 or 4 days ago (when it started losing the connection) and if System Restore has been active then you can tell it to Restore my computer to an earlier time via the Start menu > Programs > Accessories > System Tools > System Restore function.

    If that's available, it may get you back online right away.

    You will need to get an anti-virus application though, no matter what happens. There are many AVs that you can trial for free for 30 days and there are also some totally free ones. Generally speaking the pay products are better, but some free products aren't bad either. Of course, to get one you'll either have to buy one at the store and load it by CD, or get your connection working first so you can download one. If System Restore works out, then you really should come back here and we'll talk about Anti-Virus packages.
     
  5. rich24681357

    rich24681357 Guest

    I had already restored to a couple of times in the past and it didn't help. Last night, I turned off the 3 programs, then McAfee, and got the Comcast entrance to the internet! I quickly turned back on the McAfee. Of the 5 security levels, it only works when I totally turn it off. Trouble is, Sub 7 Trojan hit me 3 times in the first half hour. I had McAfee turned on, so it didn't hurt. I dare turn it off for only as few seconds as it takes to get where I want. So it appears that McAfee, not your programs, were the cause. But I still can't navigate the internet in a leisurely way, so I'm back here in the library. Now I need to communicate with McAfee, right? If I buy an anti-virus program, I'll do it here in gratitude for your time spent advising me. I'll check back in case you reply. Thanks a lot.
     
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Well, this is good news. (Identifying the primary cause of a problem is essential to being able to resolve it, so it really is good news.)

    Your concerns about Sub7 hits against your system are unnecessary provided you are not infected by the Sub7 Trojan. (If you don't have the Sub7 server running on your PC, incoming attempts to get to it are absolutely harmless and you need not worry about them.)

    One way to determine if Sub7 is there is to first check for open ports on your system. If you open up a DOS window via Start menu > Run... > type in "command" (without the quotes) > in the DOS box type "netstat -an" (again without the quotes) this will show you the open / listening ports on your system. You are looking to see if the default Sub7 port (the one McAfee is alert you about - 27374) is open on your system.

    If would appear something like this:

    [pre]C:\>netstat -an

    Active Connections

    Proto Local Address Foreign Address State
    TCP 0.0.0.0:27374 0.0.0.0:0 LISTENING
    [/pre]
    The key is the 27374 on the left side, regardless of the Local Address itself. If that port is not there at all, you don't have to worry about attempts from Sub7 probes.

    Now, you may be able to save yourself trips to the library while trying to get support from McAfee by deinstalling the McAfee firewall entirely, and using another software firewall temporarily. A free product like Zone Alarm could be downloaded and installed from here:

    http://www.zonelabs.com/

    Once you have that installed, you can easily work from home without worry. There are many other firewalls available, as well... Most any of the brand names will do, it's just I think it is important to get you online from home so you can save yourself some major effort.

    Once up at home on the system itself, the next steps would be to download an anti-virus product (just a free trial) to scan your system. Also, we can take a look at what all ports are open / listening on your system and see if you have any issues there. And there are several others steps to verify everything we could do once you are online.
     
Loading...
Thread Status:
Not open for further replies.