Increase in Virus Activity

  • Thread starter Thread starter vebk
  • Start date Start date
  • Replies Replies 14
  • Views Views 3,908
vebk

vebk

Mr. Advocate
Messages
2,203
Location
New Delhi
ISP
Airtel 8 Mbps 'Unlimited'
I'm using Avast Antivirus Home Edition 4.6, and seeing hell of a lot of DCOM exploit and LSASS exploit attacks (From IP addresses belonging to Airtel). Luckily, Avast's networks shield is blocking them, but I am getting these alerts every few seconds or so.... kind of worrying.... anyone else seeing this activity?p.s. I also seem to have been infected by some process-injecting trojan - anyone have any clues on how to deal with that?
 
most airtel IPs are already in spam databases so i send a mail through pop it lands as a spam at my client's mailboxes. 🙁being good means people have misused their airtel connections to spam getting the ips blacklisted.
 
Lsass and Dcom are quite old now but still thousands of pc's vulnerable out there .. And worms use vulnerable machines to infect even more :angry: .. B4r sify's started secure synergy ... about 8/10 pc's were infected with w32.gaobot.gen variants on our local sify lan . Though sify av is shit but still it forced users to atleast using some av ...... Now few pc's have virus over here .....
 
I sent Airtel Customer Care an e-mail about it, and asked them to implement some kind of mandatory Anti-virus policy. Let's see if anything happens of it, other than them sending me an e-mail back saying, "It is our privilege to have you as our valued customer & would like to thank you for your continued patronage. We look forward to a long and fruitful association with you" and nothing much else beyond that.I used to work Tech Support at my college, and we would shut off the network connection of any computer that would show virus like activity, and would refuse to help anyone who didn't have up-to-date antivirus (we would help them on how to get it of course)... pretty good policy.. held well, but the college decided that it was way cooler and secure to just get Norton AV for every student and push virus definitions and forcibly update their AV software.Anyway, ignorance and laziness is the only reason people don't have AV these days.... Avast, for example, is an amazing AV program, and it's free! It outperformed Norton as well as McAffee IMHO, and the only program I found better was Pc-cillin.
 
TRy Nod32 ........................... small and best
 

vebmetal,
some of the other airtel clients sharing the bandwidth from airtel has been affected by viruses, trojans, worms etc. so when you connect, worms on those pcs on airtel network intercept your ip and initiate transfer of trojan,backdoor or downloaders which finally infects ur pc.
what you can do is to get hold of a good AV package with firewall.
one such is Bitdefender 8 professional plus. in the mentime, download mcafee stinger and scan ur system. install ms kb835732 patch. if you need bitdefender key, mail to agnivo.roy@gmail.com
 
Last edited by a moderator:
Just checked myfirewall logs 😱



900 attacks in 1 day,
and 90 attacks in previous hour.

That is nuts. :blink:
 
Whooa thats a FUD !Thats serious stuff over there,anyways have to reported to the Technical people at Airtel?Are they from the same IP or different?Either ways it would be a good idea to email the logs to the technical ppl.You will be doing a wolrd of good for yourself & other users.Anyways which firewall are you using? that screenie seems unfamiliar.Also care to post a few entries from the log here?
 
Well I reported the problem to Airtel when i started this thread, and well..... no reply... and it doesn't seem like they have done anything about it either... Sygate, thankfully, is blocking the sh*t out of these attacks....p.s. Airtel customer service people are morons, and I hate them.
 
Ahha typical from the ISP breed !
Anyways could you send me a copy of the logs if possible?

Also in your first post of this thread,
p.s. I also seem to have been infected by some process-injecting trojan - anyone have any clues on how to deal with that?[/b]
Has your problem been solved yet? What process are you exactly referring to?
 
Well, it's not exactly been solved as such, but I have started using a firewall (Sygate) and that lets me keep it very much in check... Basically the main process that has been infected has to do with the NT Kernel, which I have blocked in Sygate from accessing the net... so exactly what has been infected I am not sure - but ntoskrnl.exe and smss.exe have been acting suspiciously. (I was also getting a lot of DCOM and LSASS exploit attacks, which Avast antivirus was able to block, and Sygate now seems to keep that in check as well).
 
Sorry for pushing this too much but I do care about insecure systems so I'll push my bit even more.Incase you arent too sure about how things are it would be wiser to analayse each & every process that loads,disable un-necessary services,close open ports.This is pretty much it,also find which apps/process get loaded at start-up.Incase you feel the need to "forensic" your system let me know,maybe I can contribute my 2 cents 😉
 
I am using Kerio personal Firewall (KPF)all entery are not from airtel ip but I can say most of them are from Airtel and this is the most common description provided. BACKDOAR trojan active *I am happy with my KPF not many problem faced 🙂but I am sure if u dont install a good firewall Ur system is gonna face wired things and after reinstall first thing I do is install my firewall and antispyware 😉
 

Top