Repeated attacks from trojan

Hello

In the past three weeks I've been getting a message from my Norton Antivirus almost every day, informing me that it has blocked an attack by a trojan called netbus. I've run CCleaner, Ad-Aware, Spybot - Search & Destroy, and a few other programs, and as far as I can tell it has not managed to infect my system, but the repeated attacks has left me concerned that some day it will succeed. I find it unlikely that it's merely random sweeps, since it's occuring so often. My only guess is that someone has got a hold of my IP. What can I do to stop these attacks? Any help is greatly appreciated.

 

Try these online scans.......

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://us.mcafee.com/root/mfs/default.asp?cid=9913
http://www.bitdefender.com/scan/licence.php

if it still returns run this in 'Scan Only' mode
http://www.majorgeeks.com/download3155.html

If you want to read about the program>>
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42

Best to ask here for people / URL that will look at your scan........remove NOTHING until you know for sure what your doing...
HTH

 

As long as norton av blocked the attack you should be fine. If it did get on your comp norton would still detect it since it detected the attack by that malware in the first place. What firewall are you running??

 

Blackspear had a post concerning what to do and when to do it if you are infected. But i cannot locate it.

 

I don't believe that he is infected he is just getting notice that his av is blocking it. he needs to find out where it is coming from and block it with his firewall.

bigc

 

Is it coming up while you are browsing a certain site?

 

If it's the old netbus, you can remove it with netbuster and also have some fun with the guy who's trying to access your pc

 

I'm using the firewall that comes with Norton.

No, it's coming up completely random.

If you could show me how to do that I'd be a happy man The problem is that there's a new IP every time I trace the attack...

 

Would he benefit from a router in this instance?

 

with out a doubt you would benefit from a router, that with the norton firewall should really filterout the crap.

 

I've had the same thing happening as well; seemingly random. What I want to know is, where can I find this:
Quote:
Originally Posted by NetBuster
NetBuster can be used in TWO ways.
Either as a NetBus removal tool which
recognises the most usual NetBus trojans,
OR as a 'fool-the-one-trying-to-netbus-you'
tool.

I've tried searching using keywords and posts by "NetBuster" to no avail. Having a little fun with my attacker is devilishly attractive (as long as it's safe, of course).

The most recent Norton notice of a NetBus block came an hour or so ago while I was in the middle of a Trend Micro scan. I was doing Blackspear's cleanup procedure.

 

DCS TDS-3 has two plugins, Netbus Server Emulator and Netbus Host Hunter. I've never used these and I don't know if they can be used with the "free" version of TDS-3. Since TDS-3 has been discontinued, the "free" version may not be available but perhaps you could contact DCS and ask.

 

NETBUS is a widely use trojan. What is net bus capable of doing:


Open/Close CD-ROM
Show optional BMP/JPG image.
Swap mouse buttons.
Start optional application.
Play a wav file.
Control mouse.
Show different kind's of messages.
Shut down Windows.
Download/Upload/Delete files
Go to an optional URL.
Send keystrokes and disable keys.
Listen for and send keystrokes.
Take a screendump.
Increase and decrease the sound-volume.
Record sounds from the microphone.
Upload optional file.
Make click sounds every time a key is pressed.

This utility also has the ability to scan "Class C" addresses by adding "+Number of ports" to the end of the target address. Example: 255.255.255.1+254 will scan 255.255.255.1 through 255.



NETBUSTER

Depending on which version the User is using....can be hacked very easily so its NOT a good idea to use it. Payback may come at a very expensive price.

### NEVER PLAY WITH A HACKER>>>SHUT DOWN INSTEAD

its common to be scanned by the netbus trojan but hardly ever a reason to be alarmed if you have a firewall installed.
Hackers, even Script kiddies, have tools that the average computer user has never even heard of. So, if you want to go outside an play with a Hacker its strongly suggested that you carry a roll of tissue paper cause you surely will need it.

 

I use blackIce and im stealth on all my ports. some may dissagree but Im hacker free.... Id throw norton out the window. but it probably will trash your Pc so that might fly out the window together LOL blackIce is a good way to go.
WWW.ISS.net check out the demo.

 

----


I'm in full agreement with ya about norton; I hate it. It has, however, stopped a few attacks and I've been 99.9% pop-up free since I bought it just less than a year ago, only two total that I can think of. Not bad in that regard, I guess. As money allows I'm going to do away with just about everything I have onboard now, including the OS (ME), browser (IE) and the hard drive (wimpy little 6-gig).

In doing the Blackspear cleanup routine I noticed when using TrojanHunter the results had an error message saying "PortChecker wasn't initialized" or something to that effect. Since a lot of the attacks listed in my norton statistics have been port attempts I wonder if this is of any concern and if so what exactly is PortChecker and how does one initialize it?