Wow, the built-in firewall is better? I've always heard it's not because it only blocks inbound traffic but not outbound (whereas ZA blocks both). This is XP Pro, not Vista, if that helps. Thanks.
Wow, the built-in firewall is better? I've always heard it's not because it only blocks inbound traffic but not outbound (whereas ZA blocks both). This is XP Pro, not Vista, if that helps. Thanks.
xp pro has a good firewall [for software], a better firewall would be a router with security setup on it, Norton i would loose, there are better anti virus progs that are free [for personal use], i always do a full system backup with acronis echo ws to a diff HD after a complete rebuild and fully updated system, then incrementals on what i believe to be a clean sys, it seems its always a learning curve though.
Good detective work so far. Kudos to Mech for spotting that exe running from the favorites folder.
On the one hand I'm thinking you won't find a rootkit because this just seems too stupid for a rootkit developer to do. But on the other hand if the rootkit was used for payload delivery then it might be a crappy payload that is giving the game away, and not the rootkit itself.
On the one hand I'm thinking you won't find a rootkit because this just seems too stupid for a rootkit developer to do. But on the other hand if the rootkit was used for payload delivery then it might be a crappy payload that is giving the game away, and not the rootkit itself.
RebateMonger
Elite Member
- Dec 24, 2005
- 11,586
- 0
- 0
mechBgon seems to have done a good catch with netservice.exe. It appears to be a trojan.
Some thoughts:
Hardware router/firewalls and software firewalls don't allow much direct attack of your PC these days. Trojans are almost always installed BY THE USER. Or the User allows other software to be installed, which then installs the trojans on its own.
At this point, I'd start afresh with a new Windows install. And then I'd institute an ongoing backup system, so you can quickly restore your PC if it becomes infected again.
Beyond that, you know the basics: keep your AV software up-to-date, run an active anti-spyware program, and run (at a minimum), the Windows XP SP2 firewall.
mechBgon's suggestion of running under a non-administrator local account is very effective against this kind of thing, as should be the Windows Vista UAC. Software restriction is also very effective. But software restriction and non-administrator accounts (especially in XP) require extra effort to run and maintain.
Finally, keep a close eye on what's being installed on your PC.
Some thoughts:
Hardware router/firewalls and software firewalls don't allow much direct attack of your PC these days. Trojans are almost always installed BY THE USER. Or the User allows other software to be installed, which then installs the trojans on its own.
At this point, I'd start afresh with a new Windows install. And then I'd institute an ongoing backup system, so you can quickly restore your PC if it becomes infected again.
Beyond that, you know the basics: keep your AV software up-to-date, run an active anti-spyware program, and run (at a minimum), the Windows XP SP2 firewall.
mechBgon's suggestion of running under a non-administrator local account is very effective against this kind of thing, as should be the Windows Vista UAC. Software restriction is also very effective. But software restriction and non-administrator accounts (especially in XP) require extra effort to run and maintain.
Finally, keep a close eye on what's being installed on your PC.
How did it enter in the first place?
When was the file C:\Documents and Settings\All Users\Favorites\netservice.exe created?
You can check its properties and maybe relate that date to some event that occurred on that date (or before). Cross-check the date with other software you installed on the same day or websites visited in History.
When was the file C:\Documents and Settings\All Users\Favorites\netservice.exe created?
You can check its properties and maybe relate that date to some event that occurred on that date (or before). Cross-check the date with other software you installed on the same day or websites visited in History.
Well, I just ran three different root kit detectors and nothing was found so that's a bit of good news.
Thanks, yes I've decided I'm going to do a complete reinstall at this point. I'm getting ready to nuke the HD with WipeDrive so I probably won't be back on this board for a good 12 hours or so. I'm going to do everything that mechBgon suggested: full DEP, use a non-Admin account, set-up software restriction policies...I'm also going to find something other than Symantec to use for anti-virus since it didn't even find this file (while 10 of the others from the Virus Total website did). Can anyone suggest a better virus scanner? I know that AVG is free but it didn't report the netservice.exe file as a virus on the Virus Total website scan (see the post above on that).
Anyway, thanks again to everyone for all of this very useful information!!
That's the big mystery. I honestly don't know how this thing installed itself. It had a creation date of 4/28/06 but I completely rebuilt my system from scratch four weeks ago so the 4/28/06 date doesn't make any sense. I've looked at a few videos on YouTube in the past four weeks but I haven't clicked on any email links or attachments. Maybe after I reinstalled everything four weeks ago something got in somehow (before I had installed all of the Windows and Office patches). I did the reinstall and all of the updates in about six hours, though, so it if something got in it was pretty good. During that six hours, the whole time was spent at websites like MS, Symantec, etc...just getting all the updates. I wasn't surfing the web with an unpatched machine and I didn't even configure Outlook until all of the Windows and Office patches were installed, so I don't see how it could've gotten in through email.
I was able to delete the netservice.exe file and it doesn't seem to have reinstalled itself even after I've rebooted several times. But, if it really is a virus or trojan, it could just be reinstalling itself under a different name in a different location. So, I guess nuking the HD is probably the safest option at this point. I just hope this doesn't happen again. I'm going to be so vigilant in the future about stuff like this. I thought all you needed was good anti-virus and anti-spyware software but obviously I was wrong.
Thanks again for all of the replies. Everyone's advice here has been very helpful and it far exceeded what I thought I was going to receive.
Well, it looks like my HD is now going to self-destruct in five, four, three, two, one...
VirtualLarry
No Lifer
- Aug 25, 2001
- 56,587
- 10,225
- 126
Does anyone have access to your machine that you might not have considered? Friends coming over and using your machine? Kids?
This is probably what you have:
W32/Silly-F
You can read up on it in that link, read the advanced section and look for those files.
W32/Silly-F
You can read up on it in that link, read the advanced section and look for those files.
On a different side of the topic, are there people in here who DO NOT TRUST SYMANTEC ANYMORE like me? Personally, I gave up on Symantec more than 3 years ago. Nowadays, I just use free AV, Anti-Spyware and ZA Firewall. I used to have the paid version of Webroot but even that I dumped.
I have a hardware firewall, and run Windows Defender each evening. Other than that I no longer use antivirus software. I got sick of the necessarily invasive nature of the programs, and decided to test my theory that if you aren't an idiot, and don't visit certain kinds of sites, you don't have a problem. So far 18 months and counting.
Nope...I'm single and live alone. I don't have anyone coming over when I'm not around (unless someone is really out to get me and is sneaking into my house when I'm not here)...let's hope that's not happening!
I just wanted to say thanks again to everyone for all of the great suggestions and help. I'm up and running again. Got everything reinstalled and updated. In addition to Spyware Doctor, I'm also running Ad Aware, Spybot and Windows Defender. Now I just have to decide on a virus scanner (not using Symantec anymore since it didn't even find the netservice.exe file). Avast is free and got very good reviews but F-Prot also looks pretty good (at $29). I decided to stick with Zone Alarm for the firewall.
I've also fully enabled Data Execution Prevention, created a Limited User account, and will start learning more about software restriction policies so I can implement some of them. I even reinstalled an older version of PGP (encryption) that I plan to use. Oh, and a boot-up password as well has been created.
If anyone has any other suggestions for security type stuff and choosing an anti-virus program, that would be great. Thanks again for everyone's help!
I've also fully enabled Data Execution Prevention, created a Limited User account, and will start learning more about software restriction policies so I can implement some of them. I even reinstalled an older version of PGP (encryption) that I plan to use. Oh, and a boot-up password as well has been created.
If anyone has any other suggestions for security type stuff and choosing an anti-virus program, that would be great. Thanks again for everyone's help!
mechBgon
Super Moderator<br>Elite Member
- Oct 31, 1999
- 30,699
- 1
- 0
If you're looking for a free antivirus, AntiVir gets way better detection rates than Avast. If you're willing to spend $29, the paid version of AntiVir deserves a look, adding email protection, spyware/adware detection and the ability to autonomously nuke threats that the real-time protection detects (as opposed to asking you each time).
If you decide on AntiVir, go to Configuration, enable Expert Mode, and methodically go down the settings tree and max out the detection options (particularly the heuristics), and set it to automagically quarantine bad stuff instead of asking what to do. If you pick a different AV, same story: don't just install it with default settings, check the configuration options.
If you decide on AntiVir, go to Configuration, enable Expert Mode, and methodically go down the settings tree and max out the detection options (particularly the heuristics), and set it to automagically quarantine bad stuff instead of asking what to do. If you pick a different AV, same story: don't just install it with default settings, check the configuration options.
Great, thanks alot mechBgon. The $29 version of AntiVir looks pretty good and I may go with that. Thanks again for all of your other posts. The info you provided was very helpful. :thumbsup:
Just one final question...assuming I wanted to spend the $59 for Kaspersky...is it really worth that much money? The hourly updates would be nice. They seem to get pretty high marks from everyone...just not sure if it's worth that much money though.
Well, I just found an online coupon for Kaspersky for only $39 so I'm going to go with that...thanks again for everyone's advice and support!
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter