safe firewall settings?

C

Chris Berry

Just got a nasty surprise when configuring my firewall.
I thought I'd be bright and enable the multi-DMZ settings and give my main
PC a WAN IP address.
Lo and behold, seconds later there was and IRC backdoor trojan file
(msgfix.exe) created on my PC duly detected by NOD32.
I abandoned the WAN IP address thoughts I had.
before I could change the settings back, internet access was disrupted.
Next thing, I find a winbasic32 process running - killing this restored
internet connectivity.
i've scanned those files and didn't find anything.
How can I be sure that there's no longer an infection?
Thanks.
cb
 
N

null

Just got a nasty surprise when configuring my firewall.
I thought I'd be bright and enable the multi-DMZ settings and give my main
PC a WAN IP address.
Lo and behold, seconds later there was and IRC backdoor trojan file
(msgfix.exe) created on my PC duly detected by NOD32.
I abandoned the WAN IP address thoughts I had.
before I could change the settings back, internet access was disrupted.
Next thing, I find a winbasic32 process running - killing this restored
internet connectivity.
i've scanned those files and didn't find anything.
How can I be sure that there's no longer an infection?
Click to expand...

Probably by cleaning up the registry and deleting files according to
one of these descriptions which are easily Googled up:

http://uk.trendmicro-europe.com/ent...tail.php?id=59622&VName=WORM_SDBOT.TW&VSect=T
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName= WORM_SDBOT.SM&VSect=T
http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sn.html
http://es.trendmicro-europe.com/ent...tail.php?id=58547&VName=WORM_SDBOT.SN&VSect=T
http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.GE


Art
http://www.epix.net/~artnpeg
 
C

Chris Berry

Probably by cleaning up the registry and deleting files according to
one of these descriptions which are easily Googled up:

http://uk.trendmicro-europe.com/ent...tail.php?id=59622&VName=WORM_SDBOT.TW&VSect=T
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName= WORM_SDBOT.SM&VSect=T
http://es.trendmicro-europe.com/ent...tail.php?id=58547&VName=WORM_SDBOT.SN&VSect=T
http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.GE
Click to expand...

Cleaned up the registry. I thought that NOD32 was supposed to provide me
with good protection against this sort of thing.
I'd really like to know what else was touched by the back door attacker.
cb
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

PC Tools Firewall experience 1
PC Tools Firewall experience 2
ciscor router forwarden to usr 8200 1
XP SP2 Firewall Settings 2
IE and only IE wont connect 24
XP networking : wifi / domain & workgroup 1
Adv. TCP/IP settings - DNS tab - Register this connection's addres 4
Local ping problem 1

Top