Multiple infections - help needed

Discussion in 'malware problems & news' started by myslewis, Apr 24, 2005.

Thread Status:
Not open for further replies.
  1. myslewis

    myslewis Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    3
    Hello

    Recently my sygate firewall repeatedly requests permission for
    messenger,
    ntoskrnl.exe and ntkernel which have recently changed to access the net.
    the message is:

    "The executable has changed since the last time you used:
    C:\WINDOWS\System32\ntoskrnl.exe"

    I have visited Trend Micro and fixed
    Netsky.p worm
    Inservice.I trojan

    My AVG virus checker has since found the following
    1ST BAR Trojan
    ClassLder.c.Java Trojan
    Drop.Small.JA
    SpyK.Staff trojan

    BitDefender online scan found yet ANOTHER virus
    Exploit.Html.Codebase.Exec.Gen
    and had to delete it as it could not disinfect

    Panda on line scan proved to have a virus found during download

    I am going nuts here....... how did these get in through the firewall and
    virus checkero_O

    Have also done an analysis with Highjack This and removed some suspicious looking items -
    however I am still getting the above messages from Sygate.

    I want to add that my system is NOT exhibiting any strangeness in performance I was only concerned about the Sygate warnings, nothing else seems to be amiss... is this normal?
    Panda on line scan proved to have a virus
    found during download - I am losing perspective now after working at this
    all day - perhaps I should give up and call in the experts to do it for me

    Thank you all in advance
    Eugenia
     
    Last edited by a moderator: Apr 24, 2005
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    U might just want to run through the General Cleaning Instructions here,

    https://www.wilderssecurity.com/showthread.php?t=50662

    just to make sure all is clean.

    Also, i have it from a very informed person here who also runs Sygate that u can have Sygate block ntoskrnl.exe( the base of your O/S), as it doesn't need to access the net.

    Post back and let us know how it all went.



    snowbound
     
  3. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi, i would suggest a review of your settings and downloads/sites visited, see if you can recognise any risks.

    As for the infections, AVG is not quite up to the task esspecially with some of the current bots, I highly recommend Nod32 antivirus they have a beta out at the moment that is worth giving a try. see HERE
     
  4. myslewis

    myslewis Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    3
    Hi Snowbound and Sweetie

    Completed all the clean up tasks as suggested and it looks like the system is clean phewww

    *However* I still get the warning from Sygate that NTKernel has changed and it asks me for permission to access the iternet. I already have it blocked in Sygate so I don't know why its still coming up - I have the Sygate log/details if they are of any use. Any other suggestions would be most welcome.

    Also, I have an external HD which I use for backup - none of the clean up programs seemed to recognize it for scanning - is this a problem?

    Sweetie - I did change to Nod32 -thanks for the tip

    Many thanks to you both for helping
    Eugenia
     
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Did you do any updates to Windows when you started getting the prompt? When doing any updates to the OS or any application you can expect to see prompts like this. In this case it would be OK to allow the change and the prompts should stop.

    If you have not done any updates just prior to the prompts you may need to do a little more checking.

    Regards,

    CrazyM
     
  6. myslewis

    myslewis Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    3
    Thanks CrazyM - it was indeed a Microsoft update last week that caused the warnings.

    And thank you too Snowbound and Sweetie for all your help too I feel my system is sqeeky clean now and I really like Nod32!

    Kind regards Eugenia
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.