What am i doing wrong???

[Gaz]

Hi, having some problems with a repeat virus infection.

dropper.delf and downloader.agent downloading into c:\temp\ and installing
themselves.

Running XP, SP2, behind a nat router, the router firewall is enabled, but i
have the following ports manually opened on the router:
5631,5632,3333,6881,6882,7777,7787 (all routed through to the laptop getting
the infection)

On my laptop, i have avg free edition, adaware, spybot and spyblaster, i
have the xp firewall on (i ahve tried it on and off it makes no difference
to the infection), system resotre disabled.

I am wondering what it is i am doing wrong. Do i need a fully fledged
firewall on my laptop?

any advice greatly appreciated.

Gaz

--
"Threats of deportation were made by Labour supporters to first generation
migrants if they did not sign postal vote papers to vote Labour. Postal
voters were pressurised by Labour Party candidates and agents into casting
their vote for the Labour slate whilst the Labour Party agents stood over
the voter watching them cast their vote"

 

[Richard S. Westmoreland]

Hi, having some problems with a repeat virus infection.

dropper.delf and downloader.agent downloading into c:\temp\ and installing
themselves.

Running XP, SP2, behind a nat router, the router firewall is enabled, but i
have the following ports manually opened on the router:
5631,5632,3333,6881,6882,7777,7787 (all routed through to the laptop getting
the infection)

On my laptop, i have avg free edition, adaware, spybot and spyblaster, i
have the xp firewall on (i ahve tried it on and off it makes no difference
to the infection), system resotre disabled.

I am wondering what it is i am doing wrong. Do i need a fully fledged
firewall on my laptop?

any advice greatly appreciated.

Use Trend Micro's free online scanner to do a full sweep of your hard drive,
to make sure AVG isn't missing anything.

Get rid of spyblaster, and install Zone Alarm (free edition). If you're
running any P2P programs like Kazaa or iMesh, then the advertisements may be
using unpatched exploits.

 

[Gaz]

Use Trend Micro's free online scanner to do a full sweep of your hard
drive,
to make sure AVG isn't missing anything.

Done. Found nothing.

Get rid of spyblaster, and install Zone Alarm (free edition). If you're
running any P2P programs like Kazaa or iMesh, then the advertisements may
be
using unpatched exploits.

Why get rid of spyblaster?

Gaz

 

[Beauregard T. Shagnasty]

Quoth the raven Gaz:

I am wondering what it is i am doing wrong. Do i need a fully
fledged firewall on my laptop?

Are you connected to the Internet? If yes, then you need a firewall.

 

[Buffalo]

"Gaz
[snip]
Why get rid of spyblaster?

Gaz

If you really mean SpywareBlaster, then don't. It is a great program.

 

[NormanM]

Hi, having some problems with a repeat virus infection.

Hajimemashita...You may need to change your operating habits.

dropper.delf and downloader.agent downloading into c:\temp\ and installing
themselves.

There is no program that I know which can "install itself"; there has to be
an activating agent. The most notorious such agent is Microsoft's own
"ActiveX". You almost certainly need to lock down MSIE's scripting.

Running XP, SP2, behind a nat router, the router firewall is enabled, but i
have the following ports manually opened on the router:
5631,5632,3333,6881,6882,7777,7787 (all routed through to the laptop getting
the infection)

I do hope that you have strong passwords in place on PC Anywhere, and that
you scan every file you download before you do anything else with it.
Especially the P2P downloads; that is an area ripe for exploitation by virus
writers.

On my laptop, i have avg free edition, adaware, spybot and spyblaster, i
have the xp firewall on (i ahve tried it on and off it makes no difference
to the infection), system resotre disabled.

I am wondering what it is i am doing wrong. Do i need a fully fledged
firewall on my laptop?

Such a firewall probably won't be any more helpful than the Windows Firewall
(ICF was renamed in SP2; or so I am told).

any advice greatly appreciated.

First, you might try another free scanner; I'd recommend F-Prot for DOS, but
I don't know if it can scan NTFS sectors on a Windows XP OS. You need a
second opinion; AVG may be coughing up a false positive.

Google doesn't show very much definitive on the dropper.delf; and I am
disinclined to do any more of your work than that. It is past time I should
head for bed; I am still trying to find a job.

As I said at the start, though, lock down MSIE. From watching the groups on
the msnews.microsoft.com servers, it seems that the first thing that people
do after the latest MS patches is to undo all the security settings that
MSFT made.

I know a lot of things are fun. I liked the mouseover trick at the Kodansha
site, where mousing over the manga dialogue boxes changed the dialogue from
Japanese to English; but I had to jump through hoops to enable MSIE to
display the trick. I restored my normal MSIE security settings, then parked
MSIE, and went back to my normal browser; Mozilla 1.x.x (1.7.2 wasn't, yet,
available at the time that I checked out that trick).

You are trading off security for fun. It is your choice.

 

[Gaz]

"Gaz
[snip]
Why get rid of spyblaster?

Gaz

If you really mean SpywareBlaster, then don't. It is a great program.

yes spywareblaster............

Gaz

 

[Richard S. Westmoreland]

"Gaz
[snip]
Why get rid of spyblaster?

Gaz

If you really mean SpywareBlaster, then don't. It is a great program.

yes spywareblaster............

Gaz

Sorry, I was confusing "spyblaster" with another similiarly named product.

Rick