Tracing viruses - help needed

breadman

Established member
526 25
i have been having problems with my computer for the last couple of days. on thursday i was attacked about 250 times by a trojan horse sockets de trois v1 trojan horse. my most persistant attacker was 217.43.182.35, this was blocked by norton, the computer was also slow. thursday night norton recognised two infected files which were quarantined and then deleted.i also have spyware and adware. friday morning was fine the attacks stoped, friday afternoon when changing between web pages the computer was very slow and the mouse was hard to move. i have broadband so rang bt who have informed me that the connection is fine and suggested i might have a virus. i am still not been attacked, does anyone know how i might go about detecting a virus if norton ,spyware or adware are unable to trace anything. the computer is only slow when on the internet when on word or excel it is fine.
 

adrianallen99

Established member
630 4
Check how much data is being sent/received, if this is going up quite quickly and you are not doing anything, this could signify you have a virus/trojan horse.
 

Sirlosealot

Member
63 4
Breadman

The address you quote is registered to BT. You could try reporting it to abuse@btbroadband.com.

To see if a virus or trojan is running:

If you have XP try Ctr Alt Del to bring up Windows Task Manager. Look in Processes and see if any odd processes are running. The problem is that if you arent conversant with what normally runs then a lot of the processes look odd! A quick search in google will often answer whether a process is an intregral part of the operating system or a rouge trojan. But beware many virus processes have identical names to core bits of the operating system but are placed in a different folder.

Using the DOS prompt window run "netstat -ano" and see what ports are open. Read off the PID number and marry this up with a process in the Task Manager. This will show you which programmes are actually connected to the internet and which are listening. Dont wory about any addresses starting 127.etc. These are internal connections not internet connections. I dont really understand it but thats what I've read!.

As a final thing you could download a packet sniffer and actually see exactly whats comming in and going out of your computer. NGSniff is free and very easy to use but you need to download a separate driver.

These measures although they wont stop you catching a virus or trajan should let you see if any are actually running although I believe there are ways to hide processes from normal sniffers and netstat etc -but I dont think most virus writers are actually that sophisticated.

You're probably much more expert at this than me but if you want more help in this PM me as I dont want to clog up the BB with a load of rubbish that nobody's interested in.

Cheers

Gerard

BTW if your computer gets slow again the Task Manager will show you which process is hogging the CPU resources.

L
 

oatman

Senior member
2,879 22
Suggest you get rid of your spyware etc. first. Download update and run Ad-aware and Spybot. Fix all that adaware finds, but only prechecked red in Spybot.
http://www.snapfiles.com/get/adaware.html
http://www.majorgeeks.com/download2471.html
Clear out your temp files etc http://users3.ev1.net/~stevengould/cleanup/download.html
and defrag http://www.webattack.com/get/dkeeperlite.shtml
Turn off System Restore then run these online scans
http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.spywareinfo.com/xscan.php
http://www.ravantivirus.com/scan/indexie.php

You're running better already ;)
 
AdBlock Detected

We get it, advertisements are annoying!

But it's thanks to our sponsors that access to Trade2Win remains free for all. By viewing our ads you help us pay our bills, so please support the site and disable your AdBlocker.

I've Disabled AdBlock