Attack - Helkern

Guest · Oct 7, 2007

Anonymous Bob
(e-mail address removed)
Site Down:
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
Also Tried: http://www.superantispyware.com/

I got the system under control, got one problem remaining - HELKERN WORM
keeps attacking my machine.
Intrusion.Win.MSSQL.worm.Helkern identified by Firewall Defender Pro 5-In-1
It don't remove the problem or change settings so it won't happen it is just
keeping a record log of it for now each time it occurs. I am running it on
High
Security (Stealth Mode).

Here is the log...
[each date/time states Attack - Helkern. The attack has been successfully
repulsed]

9/28/2007 11:51:04 PM - attacked from 202.103.11.41
9/29/2007 2:11:23 AM - attacked from 222.217.240.228
9/29/2007 3:00:10 AM - attacked from 220.168.198.58
9/29/2007 2:29:45 PM - attacked from 220.189.238.42
9/29/2007 2:51:16 PM - attacked from 218.232.95.60
9/29/2007 4:53:47 PM - attacked from 202.98.223.67
9/29/2007 8:22:08 PM - attacked from 221.141.1.33
9/29/2007 9:58:04 PM - attacked from 202.107.228.35
9/30/2007 1:43:27 AM - attacked from 58.20.228.52
9/30/2007 3:57:33 AM - attacked from 219.147.233.30
9/30/2007 4:00:27 AM - attacked from 218.106.91.25
9/30/2007 4:25:01 AM - attacked from 218.108.70.246
9/30/2007 12:33:18 PM - attacked from 220.191.233.132
9/30/2007 12:43:52 PM - attacked from 125.76.238.164
9/30/2007 1:31:54 PM - attacked from 64.22.116.150
9/30/2007 1:47:28 PM - attacked from 59.34.5.87
9/30/2007 4:35:11 PM - attacked from 202.103.11.41
9/30/2007 6:23:11 PM - attacked from 220.168.198.58
9/30/2007 8:25:24 PM - attacked from 203.94.243.191
9/30/2007 11:19:47 PM - attacked from 124.205.138.109
10/1/2007 12:49:42 AM - attacked from 210.72.220.12
10/1/2007 3:10:53 AM - attacked from 222.217.240.228
10/1/2007 10:34:29 AM - attacked from
204.219.131.61.dial.ja.jx.dynamic.163data.com.cn
10/1/2007 1:55:04 PM - attacked from 64.22.116.150
10/1/2007 2:50:13 PM - attacked from 220.189.238.42
10/1/2007 5:50:25 PM - attacked from 218.232.95.60
10/1/2007 7:21:05 PM - attacked from 219.147.233.30
10/2/2007 1:44:33 AM - attacked from 218.106.91.25
10/2/2007 2:39:58 AM - attacked from 202.98.223.67
10/2/2007 3:44:03 AM - attacked from 58.20.228.52
10/2/2007 4:00:57 AM - attacked from 220.191.233.132
10/2/2007 5:10:36 AM - attacked from 59.34.5.87
10/2/2007 7:30:34 AM - attacked from 125.76.238.164
10/2/2007 2:18:44 PM - attacked from 222.217.240.228
10/3/2007 4:08:20 AM - attacked from 219.150.206.94
10/3/2007 10:44:58 AM - attacked from 219.147.233.30
10/3/2007 11:38:31 AM - attacked from 218.93.115.230
10/3/2007 1:38:30 PM - attacked from 189-62-239-77-pool.cable.fcom.ch
10/3/2007 3:06:45 PM - attacked from 220.189.238.42
10/3/2007 3:43:03 PM - attacked from 203.94.243.191
10/3/2007 7:28:48 PM - attacked from 220.191.233.132
10/3/2007 8:34:02 PM - attacked from 59.34.5.87
10/3/2007 9:12:54 PM - attacked from 218.232.95.60
10/3/2007 11:12:32 PM - attacked from 218.106.91.25
10/4/2007 1:09:28 AM - attacked from 220.168.198.58
10/4/2007 2:15:20 AM - attacked from 125.76.238.164
10/4/2007 5:47:34 AM - attacked from 58.20.228.52
10/4/2007 11:24:01 AM - attacked from 222.217.240.228
10/4/2007 12:09:47 PM - attacked from 202.98.223.67
10/4/2007 1:07:31 PM - attacked from
adsl196-126-7-206-196.adsl196-1.iam.net.ma
10/4/2007 2:35:10 PM - attacked from 82.178.22.22
10/4/2007 3:13:16 PM - attacked from 80.231.169.58
10/4/2007 7:22:21 PM - attacked from 219.150.184.141
10/5/2007 1:17:05 AM - attacked from 222.217.240.228
10/5/2007 2:08:28 AM - attacked from 219.147.233.30
10/5/2007 2:52:17 AM - attacked from 218.93.115.230
10/5/2007 5:15:26 AM - attacked from 61.130.112.42
10/5/2007 7:46:13 AM - attacked from 61.175.243.182
10/5/2007 10:56:22 AM - attacked from 220.191.233.132
10/5/2007 11:57:04 AM - attacked from 59.34.5.87
10/5/2007 2:05:31 PM - attacked from 58.20.228.52
10/5/2007 3:13:41 PM - attacked from 220.189.238.42
10/5/2007 7:00:33 PM - attacked from 218.106.91.25
10/5/2007 8:04:14 PM - attacked from 203.94.243.191
10/5/2007 9:02:02 PM - attacked from 125.76.238.164
10/5/2007 9:08:27 PM - attacked from 202.103.11.41
10/6/2007 12:04:55 AM - attacked from 210.72.220.12
10/6/2007 12:50:47 AM - attacked from 218.232.95.60
10/6/2007 3:58:29 AM - attacked from 222.85.126.78
10/6/2007 2:23:24 PM - attacked from 61.236.66.106
10/6/2007 2:56:38 PM - attacked from 222.217.240.228
10/6/2007 5:31:59 PM - attacked from 219.147.233.30

Bill Sanderson · Oct 7, 2007

[not Bob]

I think you don't have a problem. Are you on a fixed IP? If not, try
getting a new one--power cycle the DSL or Cable modem.

The firewall is doing the job and keeping this stuff out--looking at logs
like that is mostly advertising for them--the windows firewall would do the
same thing and not bother you about it.

This stuff is background noise--it isn't aimed at you specfically, it's
mainly infected machines scanning for vulnerable machines to spread an
infection. The firewall is not letting the stuff in which is what you pay
it to do--tell it to keep up the good work, but not bother you about it.

(but I'll be interested in what Bob has to say!)

--

"Michael @ Webwalking.info"

Anonymous Bob
(e-mail address removed)
Site Down:
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
Also Tried: http://www.superantispyware.com/

I got the system under control, got one problem remaining - HELKERN WORM
keeps attacking my machine.
Intrusion.Win.MSSQL.worm.Helkern identified by Firewall Defender Pro
5-In-1
It don't remove the problem or change settings so it won't happen it is
just
keeping a record log of it for now each time it occurs. I am running it on
High
Security (Stealth Mode).

Here is the log...
[each date/time states Attack - Helkern. The attack has been successfully
repulsed]

9/28/2007 11:51:04 PM - attacked from 202.103.11.41
9/29/2007 2:11:23 AM - attacked from 222.217.240.228
9/29/2007 3:00:10 AM - attacked from 220.168.198.58
9/29/2007 2:29:45 PM - attacked from 220.189.238.42
9/29/2007 2:51:16 PM - attacked from 218.232.95.60
9/29/2007 4:53:47 PM - attacked from 202.98.223.67
9/29/2007 8:22:08 PM - attacked from 221.141.1.33
9/29/2007 9:58:04 PM - attacked from 202.107.228.35
9/30/2007 1:43:27 AM - attacked from 58.20.228.52
9/30/2007 3:57:33 AM - attacked from 219.147.233.30
9/30/2007 4:00:27 AM - attacked from 218.106.91.25
9/30/2007 4:25:01 AM - attacked from 218.108.70.246
9/30/2007 12:33:18 PM - attacked from 220.191.233.132
9/30/2007 12:43:52 PM - attacked from 125.76.238.164
9/30/2007 1:31:54 PM - attacked from 64.22.116.150
9/30/2007 1:47:28 PM - attacked from 59.34.5.87
9/30/2007 4:35:11 PM - attacked from 202.103.11.41
9/30/2007 6:23:11 PM - attacked from 220.168.198.58
9/30/2007 8:25:24 PM - attacked from 203.94.243.191
9/30/2007 11:19:47 PM - attacked from 124.205.138.109
10/1/2007 12:49:42 AM - attacked from 210.72.220.12
10/1/2007 3:10:53 AM - attacked from 222.217.240.228
10/1/2007 10:34:29 AM - attacked from
204.219.131.61.dial.ja.jx.dynamic.163data.com.cn
10/1/2007 1:55:04 PM - attacked from 64.22.116.150
10/1/2007 2:50:13 PM - attacked from 220.189.238.42
10/1/2007 5:50:25 PM - attacked from 218.232.95.60
10/1/2007 7:21:05 PM - attacked from 219.147.233.30
10/2/2007 1:44:33 AM - attacked from 218.106.91.25
10/2/2007 2:39:58 AM - attacked from 202.98.223.67
10/2/2007 3:44:03 AM - attacked from 58.20.228.52
10/2/2007 4:00:57 AM - attacked from 220.191.233.132
10/2/2007 5:10:36 AM - attacked from 59.34.5.87
10/2/2007 7:30:34 AM - attacked from 125.76.238.164
10/2/2007 2:18:44 PM - attacked from 222.217.240.228
10/3/2007 4:08:20 AM - attacked from 219.150.206.94
10/3/2007 10:44:58 AM - attacked from 219.147.233.30
10/3/2007 11:38:31 AM - attacked from 218.93.115.230
10/3/2007 1:38:30 PM - attacked from 189-62-239-77-pool.cable.fcom.ch
10/3/2007 3:06:45 PM - attacked from 220.189.238.42
10/3/2007 3:43:03 PM - attacked from 203.94.243.191
10/3/2007 7:28:48 PM - attacked from 220.191.233.132
10/3/2007 8:34:02 PM - attacked from 59.34.5.87
10/3/2007 9:12:54 PM - attacked from 218.232.95.60
10/3/2007 11:12:32 PM - attacked from 218.106.91.25
10/4/2007 1:09:28 AM - attacked from 220.168.198.58
10/4/2007 2:15:20 AM - attacked from 125.76.238.164
10/4/2007 5:47:34 AM - attacked from 58.20.228.52
10/4/2007 11:24:01 AM - attacked from 222.217.240.228
10/4/2007 12:09:47 PM - attacked from 202.98.223.67
10/4/2007 1:07:31 PM - attacked from
adsl196-126-7-206-196.adsl196-1.iam.net.ma
10/4/2007 2:35:10 PM - attacked from 82.178.22.22
10/4/2007 3:13:16 PM - attacked from 80.231.169.58
10/4/2007 7:22:21 PM - attacked from 219.150.184.141
10/5/2007 1:17:05 AM - attacked from 222.217.240.228
10/5/2007 2:08:28 AM - attacked from 219.147.233.30
10/5/2007 2:52:17 AM - attacked from 218.93.115.230
10/5/2007 5:15:26 AM - attacked from 61.130.112.42
10/5/2007 7:46:13 AM - attacked from 61.175.243.182
10/5/2007 10:56:22 AM - attacked from 220.191.233.132
10/5/2007 11:57:04 AM - attacked from 59.34.5.87
10/5/2007 2:05:31 PM - attacked from 58.20.228.52
10/5/2007 3:13:41 PM - attacked from 220.189.238.42
10/5/2007 7:00:33 PM - attacked from 218.106.91.25
10/5/2007 8:04:14 PM - attacked from 203.94.243.191
10/5/2007 9:02:02 PM - attacked from 125.76.238.164
10/5/2007 9:08:27 PM - attacked from 202.103.11.41
10/6/2007 12:04:55 AM - attacked from 210.72.220.12
10/6/2007 12:50:47 AM - attacked from 218.232.95.60
10/6/2007 3:58:29 AM - attacked from 222.85.126.78
10/6/2007 2:23:24 PM - attacked from 61.236.66.106
10/6/2007 2:56:38 PM - attacked from 222.217.240.228
10/6/2007 5:31:59 PM - attacked from 219.147.233.30

Anonymous Bob · Oct 7, 2007

Bill Sanderson said:
(but I'll be interested in what Bob has to say!)

I don't really have anything to add to Bill's take on it other than to
recommend using a router if you have broadband access.

I've only run across Defender Pro one time and that pc was a mess. It had
been badly infected and the owner had taken it back to the shop were she
bought it. The tech did an "in place install", since the owner didn't want
to lose everything she had on the computer, and gave it back to her. She had
both Defender Pro and Norton Internet Security running and didn't have
internet access. Since networking wasn't set up, there had been no updates
done to the system. It took me two full days to get it running and cleaned
up for her.

I can't say I can blame any weakness in Defender Pro for the original
problem. She had a very poor attitude regarding security . I did my best to
change her habits, but I doubt that my efforts had any lasting affect.

Bob Vanderveen

Robinb · Oct 7, 2007

also i have no problems getting to the superantispyware site at

http://www.superantispyware.com/superantispywarefreevspro.html

I just tried it now and it came in fine
robin

Tom Emmelot · Oct 7, 2007

Hi Robin,

Did you also try the Program, i just did but got the problem that at
scanning my PC temperature is rising very quick and a reboot is the
result, it is consuming all the CPU and memory resources.
Some other conflicts with Trend 2008 pro also.

Never problems with Adaware and Spybot and Windefender scans.
I download and install these programs regular to see that they found
something that Trend let true, after a scan i uninstall them again.

Regards >*< TOM >*<

Robinb schreef:

Robinb · Oct 7, 2007

superantispware?
I have it on 7 computers and installed on 25computers running xp home, pro,
media center and vista and never had a problem with it
I have the pro version on 2 and 7 of the 25 have the pro also and they never
had a problem

robin

Robinb · Oct 7, 2007

oh on my vista home premium I have it as pro and running with trend micro
version 14 security suite and it runs fine together
robin

Tom Emmelot · Oct 7, 2007

Hi Robin,

I think the problem is between Trend 2008 versus Superantispyware.

Thanks for the response.

Regards >*< TOM >*<

Robinb schreef:

Anonymous Bob · Oct 7, 2007

Tom Emmelot said:
Hi Robin,

Did you also try the Program, i just did but got the problem that at
scanning my PC temperature is rising very quick and a reboot is the
result, it is consuming all the CPU and memory resources.
Some other conflicts with Trend 2008 pro also.

If the "Program" refers to superantispyware, I just ran a scan and saw the
cpu temp go from 118 to 126. That's not too bad on my system. I would think
either your high temp shutdown is set too low or your system needs a good
dusting.

Bob Vanderveen

robinb · Oct 8, 2007

Tom Emmelot said:
Hi Robin,

I think the problem is between Trend 2008 versus Superantispyware.

Thanks for the response.

Regards >*< TOM >*<

Robinb schreef:

robinb · Oct 8, 2007

if you think this is the problem you should go over to the superantispyware
and tell them. Nick would like to see this, and he responds pretty fast and
maybe they can figure it out and put an update to the program to work nice
with trend 2008.
you can go there via http://forums.superantispyware.com/
if you do not have an account set one up
for all you know there could be others with similar problems.
robin

robinb · Oct 8, 2007

just in case you all are wondering why AVG antivirus is not on my vista
computer it is only because it came with this computer free for 3yrs and I
decided to keep it and see how it goes. When it expires in 2010 I prolly
will uninstall it and put AVG on it
I still like AVG over it and all new computers running vista that I sell, I
still put AVG free on them.

robin

robinb · Oct 8, 2007

btw nick is wonderful,
I am giving a seminar on Vista and antispyware/antivirus protection on Oct
19 at a local community college computer group and I happened to mention on
the superantispyware forum what i was doing and nick emailed me and told me
he would help me out and sent me broshures and other materials about
superantispyware to give out to the 250 ppl that will be at this seminar and
the one I just held one on Oct 4th for 45 people and that one (50 ere
signed up but only 45 showed) Not only did he do just that but he paid for
the shipping too.
I spent hours on the phone with microsoft asking for free promotional
material about Vista and after begging they sent me 100 cd's called Tips and
Tricks. I had asked for 250 so everyone could get one but they claim that
they had a quote and could not send me anymore. Now mind you I must have
spent over 10hrs over a week trying to get this and one post in
superantispyware fourm and nick said -no problem.

Besides if you ask a question on that newsgroup you get an answer almost
immediately.
robin

Guest · Oct 9, 2007

OK Bill it has been doing OK, Defender Pro 5-In-1 so far.
10/6/2007 5:31:59 PM was the last entry on what I posted.

Heres what has occurred sine then....

10/6/2007 9:40:27 PM Your computer has been attacked from 202.98.223.67.
Attack - Helkern. The attack has been successfully repulsed.
10/7/2007 12:54:26 AM Your computer has been attacked from 24.187.92.56.
Attack - Helkern. The attack has been successfully repulsed.
10/7/2007 2:24:27 AM Your computer has been attacked from 220.191.233.132.
Attack - Helkern. The attack has been successfully repulsed.
10/7/2007 3:20:07 AM Your computer has been attacked from 59.34.5.87.
Attack - Helkern. The attack has been successfully repulsed.
10/7/2007 5:04:55 AM Your computer has been attacked from 210.73.87.66.
Attack - Helkern. The attack has been successfully repulsed.
10/7/2007 11:18:00 AM Your computer has been attacked from 58.20.228.52.
Attack - Helkern. The attack has been successfully repulsed.
10/7/2007 2:31:23 PM Your computer has been attacked from 218.106.91.25.
Attack - Helkern. The attack has been successfully repulsed.
10/7/2007 3:15:36 PM Your computer has been attacked from 220.189.238.42.
Attack - Helkern. The attack has been successfully repulsed.
10/7/2007 3:42:07 PM Your computer has been attacked from 125.76.238.164.
Attack - Helkern. The attack has been successfully repulsed.
10/7/2007 8:16:28 PM Your computer has been attacked from 82.178.22.22.
Attack - Helkern. The attack has been successfully repulsed.
10/7/2007 8:23:27 PM Your computer has been attacked from 222.85.126.95.
Attack - Helkern. The attack has been successfully repulsed.
10/8/2007 12:30:04 AM Your computer has been attacked from 203.94.243.191.
Attack - Helkern. The attack has been successfully repulsed.
10/8/2007 4:15:43 AM Your computer has been attacked from 218.232.95.60.
Attack - Helkern. The attack has been successfully repulsed.
10/8/2007 8:55:28 AM Your computer has been attacked from 219.147.233.30.
Attack - Helkern. The attack has been successfully repulsed.
10/8/2007 10:00:13 AM Your computer has been attacked from 220.168.198.58.
Attack - Helkern. The attack has been successfully repulsed.
10/8/2007 11:46:36 AM Your computer has been attacked from 222.217.240.228.
Attack - Helkern. The attack has been successfully repulsed.
10/8/2007 2:38:54 PM Your computer has been attacked from 61.175.243.182.
Attack - Helkern. The attack has been successfully repulsed.
10/8/2007 3:01:38 PM Your computer has been attacked from 61.161.118.182.
Attack - Helkern. The attack has been successfully repulsed.
10/8/2007 4:57:25 PM Your computer has been attacked from 203.94.243.191.
Attack - Helkern. The attack has been successfully repulsed.
10/8/2007 5:51:38 PM Your computer has been attacked from 220.191.233.132.
Attack - Helkern. The attack has been successfully repulsed.
10/8/2007 6:43:09 PM Your computer has been attacked from 59.34.5.87.
Attack - Helkern. The attack has been successfully repulsed.
10/9/2007 1:01:59 AM Your computer has been attacked from 217.219.230.112.
Attack - Helkern. The attack has been successfully repulsed.

Bill Sanderson said:
[not Bob]

I think you don't have a problem. Are you on a fixed IP? If not, try
getting a new one--power cycle the DSL or Cable modem.

The firewall is doing the job and keeping this stuff out--looking at logs
like that is mostly advertising for them--the windows firewall would do the
same thing and not bother you about it.

This stuff is background noise--it isn't aimed at you specfically, it's
mainly infected machines scanning for vulnerable machines to spread an
infection. The firewall is not letting the stuff in which is what you pay
it to do--tell it to keep up the good work, but not bother you about it.

(but I'll be interested in what Bob has to say!)

--

"Michael @ Webwalking.info"

Anonymous Bob
(e-mail address removed)
Site Down:
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
Also Tried: http://www.superantispyware.com/

I got the system under control, got one problem remaining - HELKERN WORM
keeps attacking my machine.
Intrusion.Win.MSSQL.worm.Helkern identified by Firewall Defender Pro
5-In-1
It don't remove the problem or change settings so it won't happen it is
just
keeping a record log of it for now each time it occurs. I am running it on
High
Security (Stealth Mode).

Here is the log...
[each date/time states Attack - Helkern. The attack has been successfully
repulsed]

9/28/2007 11:51:04 PM - attacked from 202.103.11.41
9/29/2007 2:11:23 AM - attacked from 222.217.240.228
9/29/2007 3:00:10 AM - attacked from 220.168.198.58
9/29/2007 2:29:45 PM - attacked from 220.189.238.42
9/29/2007 2:51:16 PM - attacked from 218.232.95.60
9/29/2007 4:53:47 PM - attacked from 202.98.223.67
9/29/2007 8:22:08 PM - attacked from 221.141.1.33
9/29/2007 9:58:04 PM - attacked from 202.107.228.35
9/30/2007 1:43:27 AM - attacked from 58.20.228.52
9/30/2007 3:57:33 AM - attacked from 219.147.233.30
9/30/2007 4:00:27 AM - attacked from 218.106.91.25
9/30/2007 4:25:01 AM - attacked from 218.108.70.246
9/30/2007 12:33:18 PM - attacked from 220.191.233.132
9/30/2007 12:43:52 PM - attacked from 125.76.238.164
9/30/2007 1:31:54 PM - attacked from 64.22.116.150
9/30/2007 1:47:28 PM - attacked from 59.34.5.87
9/30/2007 4:35:11 PM - attacked from 202.103.11.41
9/30/2007 6:23:11 PM - attacked from 220.168.198.58
9/30/2007 8:25:24 PM - attacked from 203.94.243.191
9/30/2007 11:19:47 PM - attacked from 124.205.138.109
10/1/2007 12:49:42 AM - attacked from 210.72.220.12
10/1/2007 3:10:53 AM - attacked from 222.217.240.228
10/1/2007 10:34:29 AM - attacked from
204.219.131.61.dial.ja.jx.dynamic.163data.com.cn
10/1/2007 1:55:04 PM - attacked from 64.22.116.150
10/1/2007 2:50:13 PM - attacked from 220.189.238.42
10/1/2007 5:50:25 PM - attacked from 218.232.95.60
10/1/2007 7:21:05 PM - attacked from 219.147.233.30
10/2/2007 1:44:33 AM - attacked from 218.106.91.25
10/2/2007 2:39:58 AM - attacked from 202.98.223.67
10/2/2007 3:44:03 AM - attacked from 58.20.228.52
10/2/2007 4:00:57 AM - attacked from 220.191.233.132
10/2/2007 5:10:36 AM - attacked from 59.34.5.87
10/2/2007 7:30:34 AM - attacked from 125.76.238.164
10/2/2007 2:18:44 PM - attacked from 222.217.240.228
10/3/2007 4:08:20 AM - attacked from 219.150.206.94
10/3/2007 10:44:58 AM - attacked from 219.147.233.30
10/3/2007 11:38:31 AM - attacked from 218.93.115.230
10/3/2007 1:38:30 PM - attacked from 189-62-239-77-pool.cable.fcom.ch
10/3/2007 3:06:45 PM - attacked from 220.189.238.42
10/3/2007 3:43:03 PM - attacked from 203.94.243.191
10/3/2007 7:28:48 PM - attacked from 220.191.233.132
10/3/2007 8:34:02 PM - attacked from 59.34.5.87
10/3/2007 9:12:54 PM - attacked from 218.232.95.60
10/3/2007 11:12:32 PM - attacked from 218.106.91.25
10/4/2007 1:09:28 AM - attacked from 220.168.198.58
10/4/2007 2:15:20 AM - attacked from 125.76.238.164
10/4/2007 5:47:34 AM - attacked from 58.20.228.52
10/4/2007 11:24:01 AM - attacked from 222.217.240.228
10/4/2007 12:09:47 PM - attacked from 202.98.223.67
10/4/2007 1:07:31 PM - attacked from
adsl196-126-7-206-196.adsl196-1.iam.net.ma
10/4/2007 2:35:10 PM - attacked from 82.178.22.22
10/4/2007 3:13:16 PM - attacked from 80.231.169.58
10/4/2007 7:22:21 PM - attacked from 219.150.184.141
10/5/2007 1:17:05 AM - attacked from 222.217.240.228
10/5/2007 2:08:28 AM - attacked from 219.147.233.30
10/5/2007 2:52:17 AM - attacked from 218.93.115.230
10/5/2007 5:15:26 AM - attacked from 61.130.112.42
10/5/2007 7:46:13 AM - attacked from 61.175.243.182
10/5/2007 10:56:22 AM - attacked from 220.191.233.132
10/5/2007 11:57:04 AM - attacked from 59.34.5.87
10/5/2007 2:05:31 PM - attacked from 58.20.228.52
10/5/2007 3:13:41 PM - attacked from 220.189.238.42
10/5/2007 7:00:33 PM - attacked from 218.106.91.25
10/5/2007 8:04:14 PM - attacked from 203.94.243.191
10/5/2007 9:02:02 PM - attacked from 125.76.238.164
10/5/2007 9:08:27 PM - attacked from 202.103.11.41
10/6/2007 12:04:55 AM - attacked from 210.72.220.12
10/6/2007 12:50:47 AM - attacked from 218.232.95.60
10/6/2007 3:58:29 AM - attacked from 222.85.126.78
10/6/2007 2:23:24 PM - attacked from 61.236.66.106
10/6/2007 2:56:38 PM - attacked from 222.217.240.228
10/6/2007 5:31:59 PM - attacked from 219.147.233.30

Click to expand...

Guest · Oct 9, 2007

I am now Michael @ Hotmail
Thanks Bill.

--
Super Tinkering Makes The Water Flow Across The Border and gets the Air
Generating Power Effectively. Change Illegal Alien Traffic Into Labor Force.
The Drought Is Upon Us All!
Michael @ Hotmail

Michael @ Webwalking.info said:
OK Bill it has been doing OK, Defender Pro 5-In-1 so far.
10/6/2007 5:31:59 PM was the last entry on what I posted.

Heres what has occurred sine then....

10/6/2007 9:40:27 PM Your computer has been attacked from 202.98.223.67.
Attack - Helkern. The attack has been successfully repulsed.
10/7/2007 12:54:26 AM Your computer has been attacked from 24.187.92.56.
Attack - Helkern. The attack has been successfully repulsed.
10/7/2007 2:24:27 AM Your computer has been attacked from 220.191.233.132.
Attack - Helkern. The attack has been successfully repulsed.
10/7/2007 3:20:07 AM Your computer has been attacked from 59.34.5.87.
Attack - Helkern. The attack has been successfully repulsed.
10/7/2007 5:04:55 AM Your computer has been attacked from 210.73.87.66.
Attack - Helkern. The attack has been successfully repulsed.
10/7/2007 11:18:00 AM Your computer has been attacked from 58.20.228.52.
Attack - Helkern. The attack has been successfully repulsed.
10/7/2007 2:31:23 PM Your computer has been attacked from 218.106.91.25.
Attack - Helkern. The attack has been successfully repulsed.
10/7/2007 3:15:36 PM Your computer has been attacked from 220.189.238.42.
Attack - Helkern. The attack has been successfully repulsed.
10/7/2007 3:42:07 PM Your computer has been attacked from 125.76.238.164.
Attack - Helkern. The attack has been successfully repulsed.
10/7/2007 8:16:28 PM Your computer has been attacked from 82.178.22.22.
Attack - Helkern. The attack has been successfully repulsed.
10/7/2007 8:23:27 PM Your computer has been attacked from 222.85.126.95.
Attack - Helkern. The attack has been successfully repulsed.
10/8/2007 12:30:04 AM Your computer has been attacked from 203.94.243.191.
Attack - Helkern. The attack has been successfully repulsed.
10/8/2007 4:15:43 AM Your computer has been attacked from 218.232.95.60.
Attack - Helkern. The attack has been successfully repulsed.
10/8/2007 8:55:28 AM Your computer has been attacked from 219.147.233.30.
Attack - Helkern. The attack has been successfully repulsed.
10/8/2007 10:00:13 AM Your computer has been attacked from 220.168.198.58.
Attack - Helkern. The attack has been successfully repulsed.
10/8/2007 11:46:36 AM Your computer has been attacked from 222.217.240.228.
Attack - Helkern. The attack has been successfully repulsed.
10/8/2007 2:38:54 PM Your computer has been attacked from 61.175.243.182.
Attack - Helkern. The attack has been successfully repulsed.
10/8/2007 3:01:38 PM Your computer has been attacked from 61.161.118.182.
Attack - Helkern. The attack has been successfully repulsed.
10/8/2007 4:57:25 PM Your computer has been attacked from 203.94.243.191.
Attack - Helkern. The attack has been successfully repulsed.
10/8/2007 5:51:38 PM Your computer has been attacked from 220.191.233.132.
Attack - Helkern. The attack has been successfully repulsed.
10/8/2007 6:43:09 PM Your computer has been attacked from 59.34.5.87.
Attack - Helkern. The attack has been successfully repulsed.
10/9/2007 1:01:59 AM Your computer has been attacked from 217.219.230.112.
Attack - Helkern. The attack has been successfully repulsed.

Bill Sanderson said:

[not Bob]

I think you don't have a problem. Are you on a fixed IP? If not, try
getting a new one--power cycle the DSL or Cable modem.

The firewall is doing the job and keeping this stuff out--looking at logs
like that is mostly advertising for them--the windows firewall would do the
same thing and not bother you about it.

This stuff is background noise--it isn't aimed at you specfically, it's
mainly infected machines scanning for vulnerable machines to spread an
infection. The firewall is not letting the stuff in which is what you pay
it to do--tell it to keep up the good work, but not bother you about it.

(but I'll be interested in what Bob has to say!)

--

"Michael @ Webwalking.info"

Anonymous Bob
(e-mail address removed)
Site Down:
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
Also Tried: http://www.superantispyware.com/

I got the system under control, got one problem remaining - HELKERN WORM
keeps attacking my machine.
Intrusion.Win.MSSQL.worm.Helkern identified by Firewall Defender Pro
5-In-1
It don't remove the problem or change settings so it won't happen it is
just
keeping a record log of it for now each time it occurs. I am running it on
High
Security (Stealth Mode).

Here is the log...
[each date/time states Attack - Helkern. The attack has been successfully
repulsed]

9/28/2007 11:51:04 PM - attacked from 202.103.11.41
9/29/2007 2:11:23 AM - attacked from 222.217.240.228
9/29/2007 3:00:10 AM - attacked from 220.168.198.58
9/29/2007 2:29:45 PM - attacked from 220.189.238.42
9/29/2007 2:51:16 PM - attacked from 218.232.95.60
9/29/2007 4:53:47 PM - attacked from 202.98.223.67
9/29/2007 8:22:08 PM - attacked from 221.141.1.33
9/29/2007 9:58:04 PM - attacked from 202.107.228.35
9/30/2007 1:43:27 AM - attacked from 58.20.228.52
9/30/2007 3:57:33 AM - attacked from 219.147.233.30
9/30/2007 4:00:27 AM - attacked from 218.106.91.25
9/30/2007 4:25:01 AM - attacked from 218.108.70.246
9/30/2007 12:33:18 PM - attacked from 220.191.233.132
9/30/2007 12:43:52 PM - attacked from 125.76.238.164
9/30/2007 1:31:54 PM - attacked from 64.22.116.150
9/30/2007 1:47:28 PM - attacked from 59.34.5.87
9/30/2007 4:35:11 PM - attacked from 202.103.11.41
9/30/2007 6:23:11 PM - attacked from 220.168.198.58
9/30/2007 8:25:24 PM - attacked from 203.94.243.191
9/30/2007 11:19:47 PM - attacked from 124.205.138.109
10/1/2007 12:49:42 AM - attacked from 210.72.220.12
10/1/2007 3:10:53 AM - attacked from 222.217.240.228
10/1/2007 10:34:29 AM - attacked from
204.219.131.61.dial.ja.jx.dynamic.163data.com.cn
10/1/2007 1:55:04 PM - attacked from 64.22.116.150
10/1/2007 2:50:13 PM - attacked from 220.189.238.42
10/1/2007 5:50:25 PM - attacked from 218.232.95.60
10/1/2007 7:21:05 PM - attacked from 219.147.233.30
10/2/2007 1:44:33 AM - attacked from 218.106.91.25
10/2/2007 2:39:58 AM - attacked from 202.98.223.67
10/2/2007 3:44:03 AM - attacked from 58.20.228.52
10/2/2007 4:00:57 AM - attacked from 220.191.233.132
10/2/2007 5:10:36 AM - attacked from 59.34.5.87
10/2/2007 7:30:34 AM - attacked from 125.76.238.164
10/2/2007 2:18:44 PM - attacked from 222.217.240.228
10/3/2007 4:08:20 AM - attacked from 219.150.206.94
10/3/2007 10:44:58 AM - attacked from 219.147.233.30
10/3/2007 11:38:31 AM - attacked from 218.93.115.230
10/3/2007 1:38:30 PM - attacked from 189-62-239-77-pool.cable.fcom.ch
10/3/2007 3:06:45 PM - attacked from 220.189.238.42
10/3/2007 3:43:03 PM - attacked from 203.94.243.191
10/3/2007 7:28:48 PM - attacked from 220.191.233.132
10/3/2007 8:34:02 PM - attacked from 59.34.5.87
10/3/2007 9:12:54 PM - attacked from 218.232.95.60
10/3/2007 11:12:32 PM - attacked from 218.106.91.25
10/4/2007 1:09:28 AM - attacked from 220.168.198.58
10/4/2007 2:15:20 AM - attacked from 125.76.238.164
10/4/2007 5:47:34 AM - attacked from 58.20.228.52
10/4/2007 11:24:01 AM - attacked from 222.217.240.228
10/4/2007 12:09:47 PM - attacked from 202.98.223.67
10/4/2007 1:07:31 PM - attacked from
adsl196-126-7-206-196.adsl196-1.iam.net.ma
10/4/2007 2:35:10 PM - attacked from 82.178.22.22
10/4/2007 3:13:16 PM - attacked from 80.231.169.58
10/4/2007 7:22:21 PM - attacked from 219.150.184.141
10/5/2007 1:17:05 AM - attacked from 222.217.240.228
10/5/2007 2:08:28 AM - attacked from 219.147.233.30
10/5/2007 2:52:17 AM - attacked from 218.93.115.230
10/5/2007 5:15:26 AM - attacked from 61.130.112.42
10/5/2007 7:46:13 AM - attacked from 61.175.243.182
10/5/2007 10:56:22 AM - attacked from 220.191.233.132
10/5/2007 11:57:04 AM - attacked from 59.34.5.87
10/5/2007 2:05:31 PM - attacked from 58.20.228.52
10/5/2007 3:13:41 PM - attacked from 220.189.238.42
10/5/2007 7:00:33 PM - attacked from 218.106.91.25
10/5/2007 8:04:14 PM - attacked from 203.94.243.191
10/5/2007 9:02:02 PM - attacked from 125.76.238.164
10/5/2007 9:08:27 PM - attacked from 202.103.11.41
10/6/2007 12:04:55 AM - attacked from 210.72.220.12
10/6/2007 12:50:47 AM - attacked from 218.232.95.60
10/6/2007 3:58:29 AM - attacked from 222.85.126.78
10/6/2007 2:23:24 PM - attacked from 61.236.66.106
10/6/2007 2:56:38 PM - attacked from 222.217.240.228
10/6/2007 5:31:59 PM - attacked from 219.147.233.30

Click to expand...

Click to expand...

Guest · Oct 9, 2007

SUPERAntiSpyware links are dead.
http://www.superantispyware.com/prerelease/SUPERAntiSpyware.exe
http://www.superantispyware.com/prerelease/SUPERAntiSpywarePro.exe

At the Forum Announcement thread:
http://forums.superantispyware.com/viewtopic.php?t=652

Posted: Wed Apr 25, 2007 12:05 am
Post subject: SUPERAntiSpyware 3.7 Pre-Release Notes and Changes

I tried the home page earlier and it is dead.

Guest · Oct 9, 2007

I have recycled the Cable Modem at 2:40 AM OCT 09th and set the Firewall to
Scan TCP Ports added 600 minutes to blocking or attacker IPs and chosen to
run silent, restarted the program after that till I reboot so now it will not
interfere getting in front of my mouse when it happens. Thanks for all. Just
saw a program on cable TV about the Russians attacking countries computer
systems very viciously almost every service they had was attacked even
schools and hospitals, all on purpose to prove a point and they sent out
images telling them they had been attacked and that was so easy to attack
them, Russia plans to continue the attacks. America is a bit large for them
to attack but if they are infecting machines internationally I think that is
bad politics, like setting up a highway for access by terrorists to
communicate should they find a way to tunnel through the Russian Invasion
attacks. Whats your opinion on Russia technologist doing this.

--
Super Tinkering Makes The Water Flow Across The Border and gets the Air
Generating Power Effectively. Change Illegal Alien Traffic Into Labor Force.
The Drought Is Upon Us All!
Michael @ Hotmail

Bill Sanderson said:
[not Bob]

I think you don't have a problem. Are you on a fixed IP? If not, try
getting a new one--power cycle the DSL or Cable modem.

The firewall is doing the job and keeping this stuff out--looking at logs
like that is mostly advertising for them--the windows firewall would do the
same thing and not bother you about it.

This stuff is background noise--it isn't aimed at you specfically, it's
mainly infected machines scanning for vulnerable machines to spread an
infection. The firewall is not letting the stuff in which is what you pay
it to do--tell it to keep up the good work, but not bother you about it.

(but I'll be interested in what Bob has to say!)

--

"Michael @ Webwalking.info"

Anonymous Bob
(e-mail address removed)
Site Down:
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
Also Tried: http://www.superantispyware.com/

I got the system under control, got one problem remaining - HELKERN WORM
keeps attacking my machine.
Intrusion.Win.MSSQL.worm.Helkern identified by Firewall Defender Pro
5-In-1
It don't remove the problem or change settings so it won't happen it is
just
keeping a record log of it for now each time it occurs. I am running it on
High
Security (Stealth Mode).

Here is the log...
[each date/time states Attack - Helkern. The attack has been successfully
repulsed]

9/28/2007 11:51:04 PM - attacked from 202.103.11.41
9/29/2007 2:11:23 AM - attacked from 222.217.240.228
9/29/2007 3:00:10 AM - attacked from 220.168.198.58
9/29/2007 2:29:45 PM - attacked from 220.189.238.42
9/29/2007 2:51:16 PM - attacked from 218.232.95.60
9/29/2007 4:53:47 PM - attacked from 202.98.223.67
9/29/2007 8:22:08 PM - attacked from 221.141.1.33
9/29/2007 9:58:04 PM - attacked from 202.107.228.35
9/30/2007 1:43:27 AM - attacked from 58.20.228.52
9/30/2007 3:57:33 AM - attacked from 219.147.233.30
9/30/2007 4:00:27 AM - attacked from 218.106.91.25
9/30/2007 4:25:01 AM - attacked from 218.108.70.246
9/30/2007 12:33:18 PM - attacked from 220.191.233.132
9/30/2007 12:43:52 PM - attacked from 125.76.238.164
9/30/2007 1:31:54 PM - attacked from 64.22.116.150
9/30/2007 1:47:28 PM - attacked from 59.34.5.87
9/30/2007 4:35:11 PM - attacked from 202.103.11.41
9/30/2007 6:23:11 PM - attacked from 220.168.198.58
9/30/2007 8:25:24 PM - attacked from 203.94.243.191
9/30/2007 11:19:47 PM - attacked from 124.205.138.109
10/1/2007 12:49:42 AM - attacked from 210.72.220.12
10/1/2007 3:10:53 AM - attacked from 222.217.240.228
10/1/2007 10:34:29 AM - attacked from
204.219.131.61.dial.ja.jx.dynamic.163data.com.cn
10/1/2007 1:55:04 PM - attacked from 64.22.116.150
10/1/2007 2:50:13 PM - attacked from 220.189.238.42
10/1/2007 5:50:25 PM - attacked from 218.232.95.60
10/1/2007 7:21:05 PM - attacked from 219.147.233.30
10/2/2007 1:44:33 AM - attacked from 218.106.91.25
10/2/2007 2:39:58 AM - attacked from 202.98.223.67
10/2/2007 3:44:03 AM - attacked from 58.20.228.52
10/2/2007 4:00:57 AM - attacked from 220.191.233.132
10/2/2007 5:10:36 AM - attacked from 59.34.5.87
10/2/2007 7:30:34 AM - attacked from 125.76.238.164
10/2/2007 2:18:44 PM - attacked from 222.217.240.228
10/3/2007 4:08:20 AM - attacked from 219.150.206.94
10/3/2007 10:44:58 AM - attacked from 219.147.233.30
10/3/2007 11:38:31 AM - attacked from 218.93.115.230
10/3/2007 1:38:30 PM - attacked from 189-62-239-77-pool.cable.fcom.ch
10/3/2007 3:06:45 PM - attacked from 220.189.238.42
10/3/2007 3:43:03 PM - attacked from 203.94.243.191
10/3/2007 7:28:48 PM - attacked from 220.191.233.132
10/3/2007 8:34:02 PM - attacked from 59.34.5.87
10/3/2007 9:12:54 PM - attacked from 218.232.95.60
10/3/2007 11:12:32 PM - attacked from 218.106.91.25
10/4/2007 1:09:28 AM - attacked from 220.168.198.58
10/4/2007 2:15:20 AM - attacked from 125.76.238.164
10/4/2007 5:47:34 AM - attacked from 58.20.228.52
10/4/2007 11:24:01 AM - attacked from 222.217.240.228
10/4/2007 12:09:47 PM - attacked from 202.98.223.67
10/4/2007 1:07:31 PM - attacked from
adsl196-126-7-206-196.adsl196-1.iam.net.ma
10/4/2007 2:35:10 PM - attacked from 82.178.22.22
10/4/2007 3:13:16 PM - attacked from 80.231.169.58
10/4/2007 7:22:21 PM - attacked from 219.150.184.141
10/5/2007 1:17:05 AM - attacked from 222.217.240.228
10/5/2007 2:08:28 AM - attacked from 219.147.233.30
10/5/2007 2:52:17 AM - attacked from 218.93.115.230
10/5/2007 5:15:26 AM - attacked from 61.130.112.42
10/5/2007 7:46:13 AM - attacked from 61.175.243.182
10/5/2007 10:56:22 AM - attacked from 220.191.233.132
10/5/2007 11:57:04 AM - attacked from 59.34.5.87
10/5/2007 2:05:31 PM - attacked from 58.20.228.52
10/5/2007 3:13:41 PM - attacked from 220.189.238.42
10/5/2007 7:00:33 PM - attacked from 218.106.91.25
10/5/2007 8:04:14 PM - attacked from 203.94.243.191
10/5/2007 9:02:02 PM - attacked from 125.76.238.164
10/5/2007 9:08:27 PM - attacked from 202.103.11.41
10/6/2007 12:04:55 AM - attacked from 210.72.220.12
10/6/2007 12:50:47 AM - attacked from 218.232.95.60
10/6/2007 3:58:29 AM - attacked from 222.85.126.78
10/6/2007 2:23:24 PM - attacked from 61.236.66.106
10/6/2007 2:56:38 PM - attacked from 222.217.240.228
10/6/2007 5:31:59 PM - attacked from 219.147.233.30

Click to expand...

Guest · Oct 9, 2007

My XP must have setup blocking for that site, I checked Security and the site
is not listed so something is blocking access on XP (SP2) as my laptop linked
readily to the site when I typed in the URL and can now download it using the
laptop. Thanks.

Robinb · Oct 9, 2007

something has to be wrong with your computer because i was just able to
download the exe on 3 computers and 2 of my clients computers remotely
you should be going here to pick it up

http://www.superantispyware.com/superantispywarefreevspro.html

empty your cache on your browser because it is picking up a real old site

robin

WCG Stats Wednesday 06 September 2023	3	Sep 6, 2023
WCG Stats Saturday 19 August 2023	3	Aug 19, 2023
WCG Stats Sunday 20 August 2023	3	Aug 20, 2023
WCG Stats Thursday 21 September 2023	3	Sep 21, 2023
WCG Stats Tuesday 26 September 2023	3	Sep 26, 2023
WCG Stats Sunday 13 August 2023	1	Aug 13, 2023
WCG Stats Saturday 30 September 2023	3	Sep 30, 2023
WCG Stats Wednesday 27 September 2023	3	Sep 27, 2023

Attack - Helkern

Guest

Bill Sanderson

Anonymous Bob

Robinb

Tom Emmelot

Robinb

Robinb

Tom Emmelot

Anonymous Bob

robinb

robinb

robinb

robinb

Guest

Guest

Guest

Guest

Guest

Robinb

Ask a Question

Similar Threads