Repeated attacks from trojan

Discussion in 'malware problems & news' started by Marko Ramius, Aug 7, 2005.

Thread Status:
Not open for further replies.
  1. Marko Ramius

    Marko Ramius Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    2
    Hello

    In the past three weeks I've been getting a message from my Norton Antivirus almost every day, informing me that it has blocked an attack by a trojan called netbus. I've run CCleaner, Ad-Aware, Spybot - Search & Destroy, and a few other programs, and as far as I can tell it has not managed to infect my system, but the repeated attacks has left me concerned that some day it will succeed. I find it unlikely that it's merely random sweeps, since it's occuring so often. My only guess is that someone has got a hold of my IP. What can I do to stop these attacks? Any help is greatly appreciated.
     
  2. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Try these online scans.......

    http://www.kaspersky.com/scanforvirus.html
    http://housecall.trendmicro.com/
    http://www.pandasoftware.com/active...n_principal.htm
    http://www.ravantivirus.com/scan/
    http://us.mcafee.com/root/mfs/default.asp?cid=9913
    http://www.bitdefender.com/scan/licence.php

    if it still returns run this in 'Scan Only' mode
    http://www.majorgeeks.com/download3155.html

    If you want to read about the program>>
    http://www.bleepingcomputer.com/forums/index.php?showtutorial=42

    Best to ask here for people / URL that will look at your scan........remove NOTHING until you know for sure what your doing...
    HTH
     
  3. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    As long as norton av blocked the attack you should be fine. If it did get on your comp norton would still detect it since it detected the attack by that malware in the first place. What firewall are you running??
     
  4. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Blackspear had a post concerning what to do and when to do it if you are infected. But i cannot locate it.
     
  5. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I don't believe that he is infected he is just getting notice that his av is blocking it. he needs to find out where it is coming from and block it with his firewall. ;)

    bigc
     
  6. AnthonyG

    AnthonyG Registered Member

    Joined:
    Aug 3, 2004
    Posts:
    614
    Is it coming up while you are browsing a certain site?
     
  7. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    If it's the old netbus, you can remove it with netbuster and also have some fun with the guy who's trying to access your pc ;)

     
  8. Marko Ramius

    Marko Ramius Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    2
    I'm using the firewall that comes with Norton.

    No, it's coming up completely random.

    If you could show me how to do that I'd be a happy man :) The problem is that there's a new IP every time I trace the attack...
     
  9. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Would he benefit from a router in this instance?
     
  10. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    with out a doubt you would benefit from a router, that with the norton firewall should really filterout the crap. ;)
     
  11. dulynotid

    dulynotid Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    2
    I've had the same thing happening as well; seemingly random. What I want to know is, where can I find this:
    Quote:
    Originally Posted by NetBuster
    NetBuster can be used in TWO ways.
    Either as a NetBus removal tool which
    recognises the most usual NetBus trojans,
    OR as a 'fool-the-one-trying-to-netbus-you'
    tool.

    I've tried searching using keywords and posts by "NetBuster" to no avail. Having a little fun with my attacker is devilishly attractive (as long as it's safe, of course).

    The most recent Norton notice of a NetBus block came an hour or so ago while I was in the middle of a Trend Micro scan. :eek: I was doing Blackspear's cleanup procedure.
     
  12. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    720
    Location:
    Toronto
    DCS TDS-3 has two plugins, Netbus Server Emulator and Netbus Host Hunter. I've never used these and I don't know if they can be used with the "free" version of TDS-3. Since TDS-3 has been discontinued, the "free" version may not be available but perhaps you could contact DCS and ask.
     
  13. WhereTheBeef

    WhereTheBeef Guest

    NETBUS is a widely use trojan. What is net bus capable of doing:


    Open/Close CD-ROM
    Show optional BMP/JPG image.
    Swap mouse buttons.
    Start optional application.
    Play a wav file.
    Control mouse.
    Show different kind's of messages.
    Shut down Windows.
    Download/Upload/Delete files
    Go to an optional URL.
    Send keystrokes and disable keys.
    Listen for and send keystrokes.
    Take a screendump.
    Increase and decrease the sound-volume.
    Record sounds from the microphone.
    Upload optional file.
    Make click sounds every time a key is pressed.

    This utility also has the ability to scan "Class C" addresses by adding "+Number of ports" to the end of the target address. Example: 255.255.255.1+254 will scan 255.255.255.1 through 255.



    NETBUSTER

    Depending on which version the User is using....can be hacked very easily so its NOT a good idea to use it. Payback may come at a very expensive price.

    ### NEVER PLAY WITH A HACKER>>>SHUT DOWN INSTEAD

    its common to be scanned by the netbus trojan but hardly ever a reason to be alarmed if you have a firewall installed.
    Hackers, even Script kiddies, have tools that the average computer user has never even heard of. So, if you want to go outside an play with a Hacker its strongly suggested that you carry a roll of tissue paper cause you surely will need it.
     
  14. Beefcarver

    Beefcarver Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    263
    Location:
    michigan
    I use blackIce and im stealth on all my ports. some may dissagree but Im hacker free.... Id throw norton out the window. but it probably will trash your Pc so that might fly out the window together LOL blackIce is a good way to go.
    WWW.ISS.net check out the demo.
     
  15. dulynotid

    dulynotid Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    2
    ----


    I'm in full agreement with ya about norton; I hate it. It has, however, stopped a few attacks and I've been 99.9% pop-up free since I bought it just less than a year ago, only two total that I can think of. Not bad in that regard, I guess. As money allows I'm going to do away with just about everything I have onboard now, including the OS (ME), browser (IE) and the hard drive (wimpy little 6-gig).

    In doing the Blackspear cleanup routine I noticed when using TrojanHunter the results had an error message saying "PortChecker wasn't initialized" or something to that effect. Since a lot of the attacks listed in my norton statistics have been port attempts I wonder if this is of any concern and if so what exactly is PortChecker and how does one initialize it?
     
Loading...
Thread Status:
Not open for further replies.