Suzanne said:
In scouting around both our computers we have found that both
computers have port 1025 open (which Norton identifies as an Unused
Windows Services Block). It may be possible that in some way we are
sharing the information via this port. Do you think this is possible?
At any rate, Norton identifies this as a security risk (inspite of
having Norton's firewall turned on to maximum settings on my machine).
But I don't know how to close this port. Any ideas?
I have no idea what is going on, but I would do as I originally
suggested:
1. Physically disconnect both machines.
2. Do all the following malware removal steps using updated tools in
Safe Mode. It is a lot of work to make sure both computers are
thoroughly clean, but it is essential in narrowing down the problem.
You simply *must* know that you are working from a clean baseline.
1) Scan in Safe Mode with current version (not earlier than 2003)
antivirus using updated definitions.
2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.
Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).
HijackThis is an excellent tool to discover and disable hijackers, but
it requires expert skill. See below for HijackThis links. A combination
of HijackThis and About:Buster works well in removing the About:Blank
homepage hijacker. Again, this is an expert tool and novices should get
help with it.
3) If you are running Windows ME or XP, you should disable/enable System
Restore because malware will be in the Restore Points. With ME, you
must disable System Restore completely. With XP, you can delete all but
the most recent (presumably clean) System Restore point from the More
Options section of Disk Cleanup (Run>cleanmgr).
4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.
5) Run a firewall.
Links to help with malware:
Software/Methods:
http://www.safer-networking.org - Spybot Search & Destroy
http://www.lavasoftusa.com - Ad-aware
http://www.majorgeeks.com - good download site
http://www.intermute.com/spysubtract/cwshredder_download.html
http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
HijackThis:
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/
http://www.spywareinfo.com/forums/
General:
http://forum.aumha.org/ - look under "Security" for various forums
http://rgharper.mvps.org/cleanit.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://www.spywarewarrior.com/rogue_anti-spyware.htm
After you've done the above to ensure that both computers are 100%
spyware and virus-free, you can bring the network up again. However, do
not bring the network up or go on line without a firewall in place. You
will need to enter your home network IP range as Trusted in the
firewall's Exceptions. How you do this will depend on the firewall
used.
Malke
