Welcome to WebmasterWorld, Stuperfied. Are your anti-virus signatures up to date? You could also try one of the online virus checkers around, which always hae the latest files. Also, are you running any file-sharing programs such as Kazaa?

Try running hijack this. Just be careful with that one. I have had good luck with Trendmicro [housecall.trendmicro.com] it has picked up a few viruses the others have missed.

Thankyou all for replying so fast. I have blocked all transfers except for specific ip's which I have manually enabled, such as this one. I have also shut down all non essential processes, except for outlook express, norton and my firewall.

All my files are upto date as this is a fresh install, only 2 days old. I scanned my comp with norton again and also ran spybot over it. Spybot picked up 6 problems but norton got none.

I noticed that one of the incoming connections attempted to access port 445 which suggests that my initial suspicions are incorrect. I believe now that these may be worms, though I am amazed with the frequency of hits.

I do not know if I should be fooling around with hijack this but I will give it a look if you can post the ip of the site. I will try trend micro's housecall now.

Thankyou all again for the warm welcome and if you have any other ideas, they would be most appreciated.

Hijack this could leave you posting all over here "how do I get it back " in 2 days time ... : )...

Consider DiamondCS ... free trial .. install ..run it ..do what it says to do ... sleep sound ... check the rest of the site you will also love registry prot ..available in free trial ....

I have no connection at all with diamondcs ..I do do security ...what they make works and is easy to use ..and even in the paid for versions is cheap at 10 times the price ( I don't think the TOS lets me say ..but it's less than norton ) ...

I recommend it to my clients and friends
..it reduces radically the call outs I get ..nothing is 100% but some are 99% .....: )

[edited by: lawman at 5:48 pm (utc) on May 15, 2004]

Thankyou for suggesting DiamondCS, I have tried it but was largely dissatisfied with the program, it told me that all known ports used by trojans, worms and viruses were open including port 445 (known to be employed by the new sasser worm). I have tried to put this as nicely as possible and I mean no offence by the following statement. I am uninstalling it, as I find no practical use for it except to add to the list of useless programs installed on my computer and I would not be supprised if I was infected by yet another trojan or worm through the use of this program.

I can see now that trying to prevent infection is pointless, is there a better way of controling access to and from a computer?

Stuperfied -- Assuming your internet connection employs your computer's Ethernet port, why not consider replacing your software firewall with a router/firewall box?

They're cheap enough these days (under $100) and work well.

And off-loading the firewall tasks would lighten and simplify the load on your computer.

Snowman has an idea that I know works.

I usually use a router/box firewall, but on a recent move, but during a recent move I needed to quickly check some stuff online, so I just quickly connected up one of the machines directly to the broadband modem. Big Mistake. Within seconds my software firewall was filling the screen with warnings.

I shut down the machine and spent an extra half hour figuring out which unlabeled brown packing box had the router and cables in it. Hooked it up, and lo and behold, the warnings ceased to happen.

And that router was about 90$ Cdn, which means it should be about 50cents US, err, whatever the conversion is nowadays. (Prolly 60$ Us, actually, I think).

Best $$ I have EVER spent on security.

I assume, if your machine is this new, that you have gone to windowsupdate.com and downloaded all security patches? If you have a brand new machine, it is likely that you will have to download and install several sets of patches to be fully updated.

When I bought a new laptop in February I think the first two hours were spent downloading updates for windows, Office and antivirus.

>>I can see now that trying to prevent infection is pointless, is there a better way of controling access to and from a computer?

Funny, I bought a computer so it can compute for me, and it does.

Having such a hard time trying to have a computer to compute seems to be the favorite hobby for Windows users. Interesting...

Cant afford a router and its an old computer, 56k AMD Duron 995MHz with a combo board. I did a format and re-install of my windows partition, I have had nothing but hell.

The amount of updates were rediculous and some I had to find out about when I went to install a game. My computer began dumping and restarting, at random intervals but seems fine now and I still havent been able to get internet banking to work.

I have a dynamic IP, I keep getting random outgoing requests from an unknown source which are followed by incoming requests from unknown sources. This form of activity tells me that my IP is being broadcast every time I connect to my ISP but all programs are closed.

I have never used Red Hat Linux but i do have a copy here and I am seriously concidering switching. The problem is that I will vertually have to start from scratch and with this new polladium coming up I dont know if it is going to be worth it.

be careful with hijack this, unless you know what you doping you can seriously bugger your system

If you have given someone admin access you really should consider a full reinstall.

Then do the following: (i hear your troubles by the way)

[webmasterworld.com...]

My computer began dumping and restarting, at random intervals but seems fine now

Congratulations, your computer is infected!

Sounds like Sasser, no?

Doesnt the Sasser cause your computer to reboot on startup? My computer was restarting at random intervals but seems fine now, I think it has something to do with Adware 6.0.

Thanks, I will check out that link when I get time but for now I think I should goto bed because I have work for the dole webpage design tomorrow.

grelmar -- I hear you.

I installed Norton Firewall for Mac on my newly installed DSL connection when my ISP (Sympatico) complained that spam was being routed through it! YIKES!

All went well for about 2 years. Then I started getting the ping of death, even if I used dialup.

The firewall was deflecting the attacks, and all worked well on dialup. But the proprietary Sympatico software for my connection wasn't written to handle errors very well and would behave very badly during a forced disconnect, freezing the machine and forcing a reboot.

All of this I learned only through the process of elimination - including reinstalling the OS thinking something was corrupted. But it made no difference. It was the attacks and the proprietary software for the connection.

I found a local Mac dealer who had a D-Link DI-604 router for about $70 Canadian. Learned how to set it up (it's a piece of cake) and apply firmware upgrades, removed Norton firewall (because it might block communication to the box) and all has been as smooth as silk.

I'd highly recommend a firewall/router box to anyone :)

Too bad they don't make one that also allows an analog modem connection as well.

Internet Vulnerability Profiling [grc.com]

The above is a great tool for checking the vulnerability of your Internet connection. I've been using a software firewall for years and have no problems whatsoever. I run tests periodically just to make sure that all is fine.

Thanks for all the great ideas, your input is much appreciated. Ive got some really good feedback about zone alarm from multiple unrelated sources so I think I will try that too.

I used the online shields up website by Steve Gibson, to test my computer and it passed all the tests the other day.

Last month I visited a friend's business, recently connected on ADSL Broadband, and their new XP machine was running very slow. After installing Noton Internet Security, for them, we found that there was a program in there sending copies of itself to random email addresses several times per second, and had been active day and night for several weeks.

This stuff is rife.