Oh B...er Have I left myself vulnerable !

Discussion in 'privacy general' started by Old Monk, Nov 29, 2005.

Thread Status:
Not open for further replies.
  1. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi there

    Completely my fault, but dealing with an issue in another thread, I realised I've been on-line for about 15 mins with no protection at all - no firewall, no A/V nothing:oops: What is my possible risk factor here ?

    Should I take any particular action ?

    Cheers

    Jon
     
  2. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Are you behind a router? If so, you're probably fine. If not, I would head over to Kaspersky to do an online scan.
     
  3. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,515
    Location:
    USA - Back in a real State in time for a real Pres
    Scan, scan, scan.
     
  4. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Possibly - the current survival time (average time before attack/infection) at DShield is 21 minutes. It depends on what (if any) filtering your ISP applies to incoming traffic and your Windows setup.

    Hoping for the best but preparing for the worst, starting with a full scan with an updated anti-virus scanner would be the most prudent option. Installing a trial version of a specialised anti-trojan like Ewido or TrojanHunter may be worth doing also.
     
  5. spearchucker

    spearchucker Guest

    Re: Oh ?B...er Have I left myself vulnerable !

    Ya, I would do tons of scans with a wide variety of scanners if that happened to me. Like others posted I would scan first with my fully updated AV. Then I would scan with anti-trojans like Ewido, A2 etc...

    Also Try Security Task Manager free trial and Unhackme, together they will both find a ton of malware. Also I would run RootkitRevealer, Blacklight beta, SpySweeper free trial and a few more like Spybot and Ad-aware, just to be sure.

    I would also do a Hijackthis log and post it at http://www.spywareinfoforum.com or one of the other many sites that read HJT logs just to be sure there is nothing else.
     
  6. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Thanks all for your super quick help !

    Scanned straight away with my resident A/V Nod 32 and back up Bit Defender. So far nothing. Scanning now with Ad Aware. Can't run Kaspersky yet as I need to change my IE settings.

    I'm on dial up so will try A2 tomorrow (previously trialled Ewido so probably can't use that)

    Sorry (panicking a bit now) where do I go for a HijackThisLog ? I know where To get Security Task Manager and other recommendations and I'll run those before I do anything significant on this machine

    Thanks again. All views most welcome.

    Cheers

    Jon
     
  7. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Just running a couple of scanners should suffice. Going overboard with more specialist tools may turn up issues that were present on your system beforehand (e.g. having some AVs installed will result in Rootkit Revealer reporting entries).

    Now though might be a good time to consider some process control software if you have not already (e.g. Process Guard, SSM, Online Armor, AppDefend) since this would provide an extra level of defence.
     
  8. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi there Paranoid2000

    Thanks for that advice. Do have PG paid but again in that was disabled in this instance :oops:

    Know theres no guarantee, but it seems I might be okay on this occassion ?

    Since enabling LooknStop again my log shows numerous PC to Internet entries for pride.flexi-surf.co.uk. This hasn't appeared in previous logs. Significant do you think ?

    Cheers

    Jon
     
  9. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    That depends on what application is making those connections - the page redirects to v21.co.uk which is a UK-based ISP so if you are using them for network access and have their software installed (e.g. a branded version of IE) then this is the most likely cause. Network monitoring software may also try connecting to a specific site in order to check your connection.
     
  10. spearchucker

    spearchucker Guest

    Sorry Old Monk, didn't mean to scare you. I was just trying to be cover as many areas as possible. But it is true you could probably use just one or two scanners to check for malware and be ok, but why not use a few extra scanners? It can't really do any harm because the scanners I recommended are very unlikely to find any false positives and they will cover some areas the AVs and ATs may miss.

    If I went online unprotected as you did, I would run a full scan with my AV and then any ATs I had. I would also then do a check with STM and Unhackme and few of the more common anti-spyware programs like Ad-aware and Spybot at least. And finally follow it up with a Hijackthis check. I can read my own Hijackthis log but you may want to have the experts check yours for you at a site like spywareinfo or dslreports. I guess they don't allow Hijackthis log postings at this site anymore. *Warning* Don't delete anything with Hijackthis unless you know exactly what your doing! Better to let the experts at spywareinfo or dslreports guide you in what to delete, if anything.

    Here's where you can get Hijackthis by the way. http://www.merijn.org/files/hijackthis.zip or http://www.spywareinfoforum.com/~merijn/downloads.html

    Good luck.
     
  11. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi there

    Thanks Paranoid2000 and spearchucker for the extra info.

    Just to be on the safe side I thought I'd try some of those scans you suggested Spearchucker. If I cause any conflict I can always reformat if needs be and it might prove a useful excercise in learning a bit more.

    So far Nod32, Bitdefender, Adaware and now Ewido have found nothing.

    Tried Rootkit Revealer and all looks okay - researched their forums after a couple of scans and any discrepancies found seemed to be false positives - seems like a great prog and the forums have lots of useful info.

    Blacklight Beta didn't reveal anything at all but didn't seem to scan very much or for very long so not sure how in-depth it went.

    Unhackme was a bit odd - the scan took about 1/2 second and just said no trojans found - how can it scan that quickly ? Any thoughts on this prog ? - is that normal ?

    Haven't tried anything else yet but will run the Hijackthis log and your other suggestions (in for a penny in for a pound :D) just to be on the safe side, but so far so good.

    Paranoid2000, I'm still unsure about my fireawall logs but will investigate further and post in the LnS forum if I still have worries.

    Thanks again for suggestions and help.

    Cheers

    Jon
     
  12. LookingGlass

    LookingGlass Guest

    Blacklight beta is good, it just does a quick scan, but longer is not always better. ;)
    UnHackme does do a very fast scan, probably one of the fastest I've yet to see, but believe me it will find many rootkits and other malware. I think it's better than Blacklight. UnHackme is well worth having, even if only for an occasional quick manual check.

    LG
     
  13. whatdoiknow

    whatdoiknow Guest

    I think you are likely to be okay, if you were fully patched to begin with.

    People talk about getting hacked in 8 minutes or what not are all based on unpatched systems.

    I suppose you could still be hacked assuming some super hacker happened to be specificly targetting you, using some super unknown exploit, but that's unlikey to happen in merely 15 minutes.

    But if you are truly afraid, just reformat and start over.

    But what do I know?
     
  14. redhunter

    redhunter Guest

    Heh..

    Good advice , but....

    What where you doing going out without protection and where were you going??
     
  15. f3x

    f3x Guest

    OMG this is scarry
    You realy went 15 min wihtout protection !!
    j/K !
    --------

    Actually it's scary the other way. I've read that some ppl at wilders where paranoid, but is the internet such an hostile place that no one can survive witout active protection ? Having a completly patched os and carefull surf habit isn't enougth now ?

    I've been early infected one time when i reisntall xp and by the time i download sound driver and update windows i got a Dcom rpc attack i think. However i was lucky as it was not a "real" virus. It sort of was a good virus that automaticly download micorsoft update to patch the vulnerability.
     
Loading...
Thread Status:
Not open for further replies.