I recently upgraded my antivirus protection from the 2004 to the 2005 version. I spend most my online time browsing these threads so It may have nothing to do with Seti/boinc. I have been seeing a pop up message stating that the program has "Blocked" an intrusion attempt by a NETBUS TROJAN HORSE. THis has happened many times in the last few days. I have also seen a blocked attempt by "Deep throat ??? trojan horse". Is this coming from the web in general or is it related to the Seti/boinc website?

any Ideas?

I have not seen this message prior to my upgrade. Maybe my old program didn't protect against worms? What damage would I be seeing if a worm did "intrude" prior to my upgrade?

---

Any wierd things happening?

Existence of above-mentioned file and/or registry change, unexplained occurrences such as the CD ROM tray opening/closing and other experiences listed above.

Check you Virus provider for mor info, You could have picked it up
of the net, It's been around since 1999. Make sure you Office software
is up to date.

Timmy

---

This is from my Norton Activity log:
default: Block NetBus Trojan horse was detected and blocked.
All communication with 4.152.93.252 will be blocked for 30 min.

Also

Default: Default Block DeepThroat Trojan horse was detected and blocked.
All communication with 206.204.51.133 will be blocked for 30 min.

Also

Details: Default Block Netbus trojan horse was detected and blocked.
All communication with 4.152.93.33 will be blocked for 30 min.

Any Ideas? about 3 weeks ago (prior to upgrade to 2005)my desktop changed from a picture I placed as wallpaper, back to the standard wallpaper and I can't seem to make the picture be the wallpaper again.

???

---

> This is from my Norton Activity log:
> default: Block NetBus Trojan horse was detected and blocked.
> All communication with 4.152.93.252 will be blocked for 30 min.
>
Go to norton or symantics web sit and you will get the info you need

I think you should get a link to do that. I use Mcafee and it offers
the info.

---

> > This is from my Norton Activity log:
> > default: Block NetBus Trojan horse was detected and blocked.
> > All communication with 4.152.93.252 will be blocked for 30 min.
> >
> Go to norton or symantics web sit and you will get the info you need
>
> I think you should get a link to do that. I use Mcafee and it offers
> the info.
>

http://www.polderware.com/highlights/trojan_horses.shtml

---

Thanks Timmy,

I'm currently researching what Norton is telling me. I have a indexing service called Cidaemon.exe with automatically starts at start up. It takes up 96% of my processor. This slows Seti down considerably. So everytime I start I have to go to "Services" and stop it. It stays stopped after that, until I reboot that is. This has also gone on for some time now. I thought it was some windows bug.

My concern was that this intrusion attempt was coming from Seti(or someone here), and that others may want to know about it.

So far I'm not finding any Virus's or Trojans on my puter. I always get the lastest updates and scan my puter.

---

if you are using winxp
goto Search > For files and folders
Change preferences > With indexing services
Select No to indexing services

---

Do you know McAfee Visual Trace?

Get it, learn to use it, and see, where those americans do com from.

> All communication with 4.152.93.252 will be blocked for 30 min.
Atlanta (dynamic IP)

> All communication with 206.204.51.133 will be blocked for 30 min.
near Sunnyvale, Ca., (static IP)

> All communication with 4.152.93.33 will be blocked for 30 min.
Atlanta, also (dynamic IP)

All of them are mostly stealth. This seems to point to hackers, knowing
what they are doing.

Using Visual Trace it should be no problem, to have date and time, to get
registrants address and to ask the registrant to have some hard words with
their dynamic user and the statics. It might be useful, to tell the registrants,
that those words could be spoken also at the police station and in common with
your attorney of law.

read you
Fritz

>
> All of them are mostly stealth. This seems to point to hackers, knowing
> what they are doing.

More likely some just some kid running a port scanner.

The people who 'know what they're doing' connect through other people's computers, whether it's via a wireless link or another compromised PC.

I downloaded a trial version of Mcafee personal firewall. Now I think I'm more confused than ever. I'm now seeing all kinds of "incoming events" that I'm trying to figure out. Seems like most of them are from my ISP and some from Seti, and some from other known places. However, I don't recall knowing anyone in INDIA, China, or Sunnyvale California. I've been Pinged, TCP'ed, and all manner of things. I kind of feel violated. lol I've been hooked to the internet for 15 years and have only once had a virus actually infect me.

Now, I've had Norton antivirus for years, but have never had a firewall program. I can only surmise that all this activity has been happening all along. If so, then I wonder what anyone would want with anything on this puter. And, as far as I know nothing bad has happened.

HMMM Still pondering what all this means

---

Search results for: 4.152.93.252
OrgName: Level 3 Communications, Inc.
OrgID: LVLT
Address: 1025 Eldorado Blvd.
City: Broomfield
StateProv: CO
PostalCode: 80021
Country: US

Search results for: 206.204.51.133
OrgName: ConXioN Corporation
OrgID: CONX
Address: 4201 Burton Drive
City: Santa Clara
StateProv: CA
PostalCode: 95054
Country: US

Search results for: 4.152.93.252
OrgName: Level 3 Communications, Inc.
OrgID: LVLT
Address: 1025 Eldorado Blvd.
City: Broomfield
StateProv: CO
PostalCode: 80021
Country: US

Beside Norton Antivirus and Norton Persinal Firewall Also I have the following FREE antispyware PROGRAMS running

SpywareBlaster 3.2 http://www.javacoolsoftware.com/
Spybot-S&D http://www.spybot.info/en/index.html
Ad-Aware SE Personal Edition http://www.lavasoftusa.com/support/download/

---

Fred
BOINC Alpha, BOINC Beta, LHC Alpha, Einstein Alpha

here's a sample of what mcafee is telling me:
2004/12/19 17:31:29 4.152.108.234:3345 (dialup-4.152.108.234.Dial1.Atlanta1.Level3.net) 4.152.108.214:1025 network blackjack
2004/12/19 17:30:26 4.152.108.234:1874 (dialup-4.152.108.234.Dial1.Atlanta1.Level3.net) 4.152.108.214:1025 network blackjack
2004/12/19 17:25:23 4.152.108.234:2898 (dialup-4.152.108.234.Dial1.Atlanta1.Level3.net) 4.152.108.214:1025 network blackjack
2004/12/19 17:17:43 61.222.7.31:1104 (61-222-7-31.HINET-IP.hinet.net) 4.152.108.214:443 HTTP protocol over TLS/SSL
2004/12/19 15:55:50 4.29.236.53:4077 (wbar25.lax1-4.29.236.53.lax1.dsl-verizon.net) 4.152.105.125:1025 network blackjack
2004/12/19 15:36:35 203.123.36.83:37473 4.152.105.125:21 File Transfer [Control]
2004/12/19 15:34:05 64.136.29.57:80 (my-cdrestrict.lax.netzero.net) 4.152.105.125:1269 Mavericks Matrix
2004/12/19 14:57:59 4.152.111.33:0 (dialup-4.152.111.33.Dial1.Atlanta1.Level3.net) 4.152.105.125:0 ICMP Ping

is everyone else seeing this frequency of events????

And, NO i'm not playing blackjack. lol

---

> is everyone else seeing this frequency of events????

There is someone, or something, that tries to log into my linux boxes every couple of days, comming from a school in asia somewhere. They try about 50 different username/password combinations each time. My web servers get probed serveral times per day, every day.

---

www.onlinetasklist.com

> There is someone, or something, that tries to log into my linux boxes every
> couple of days, comming from a school in asia somewhere. They try about 50
> different username/password combinations each time. My web servers get probed
> serveral times per day, every day.
>
Atleast I'm not alone, and this seems normal.

---

If your firewall is blocking outgoing attempts, it means you are infected with a trojan or some spyware.
If it's blocking incoming attempts then don't worry about it, people/programmes checking to see if they can make a connection to other PCs on the net is just a fact of life on line.

---

Grant
Darwin NT

> Now, I've had Norton antivirus for years, but have never had a firewall
> program. I can only surmise that all this activity has been happening all
> along.

Yes. Happens all day every day.

> If so, then I wonder what anyone would want with anything on this
> puter. And, as far as I know nothing bad has happened.

Script kiddies have MANY uses for your computer. If you have a fast enough connection, they could use it to serve illegal files. Otherwise they could use it to hide behind while they attempt to hack another computer. It would look like YOU were trying to hack the CIA or NSA - and you do NOT want to get a call from THEM :) Another common use for the average home box is to get a bunch of them under your control and then initiate a distributed denial of service attack on ebay (for example) or an IRC network. With many of these activities you may not even notice that it is happening.

The common attitude of "I don't have anything of importance, why do I need to protect myself?" simply does not work out.

This is one of my favorite rants so don't take it personally, I am just using this as an excuse to expose a few more unwitting souls to the truth :)

---

A member of The Knights Who Say NI!
For rankings, history graphs and more, check out:
My BOINC stats site

> This is one of my favorite rants so don't take it personally, I am just using
> this as an excuse to expose a few more unwitting souls to the truth :)

I asked for help in understanding this. You and others have provided some answers. Thanks for everyones input.

by the way Mcafee is only blocking "Inbound Events" so I guess I'm OK.
Norton isn't finding any problems on my puter.

Thanks again

OK, I opened the wallet today and bought (yes, bought) the Mcafee internet security suite. I've installed it on this puter (my old P3 500, win 98). I've been online for hours (3-4) and haven't seen one incoming event.

I haven't used this puter for online stuff (other than sending in Seti-Dial up). Since I haven't had any events, does that mean that the IP address for my other puter (laptop,which is predominately connected to the internet), is out there on some bad guy DB? And this puter unkown to that same DB?

Since I haven't had any events, does that mean that the IP address for
> my other puter (laptop,which is predominately connected to the internet), is
> out there on some bad guy DB? And this puter unkown to that same DB?
>
>
Hi mmciastro,

Open your firewall and click on View firewall summary
you will see anything that is blocked. Double check
to make sure you dont block your ISP. I use the standard
security. Also within McAfee you can test your firewall to
see if McAfee is working.


Timmy

---

> Open your firewall and click on View firewall summary
> you will see anything that is blocked. Double check
> to make sure you dont block your ISP. I use the standard
> security. Also within McAfee you can test your firewall to
> see if McAfee is working.
>
>
> Timmy
>
it says, You firewall is set to Standard Security.
0 no new events have been blocked today
0 application rules have been changed

Is this good??? Does it mean that my laptop IP is out there, and that's why I got dozens of intrusion attempts in a few hours (5 hrs) yesterday, but since this puter hasn't been connected to the internet (except for 20 min every couple days) it's IP isn't known yet to the bad guys?

thanks
tony