Cable Modem/virus blues....long

[Brenda1231]

Okay about a month ago I got a cable modem.
The speed is great..the headaches not so great. First, I had set up a LAN between 2 PC's(My PC and Hubby's) with a switch. Well the cable modem worked off it...most of the time. Occassionally one or both PC's lost internet service. (Have since bought a router and haven't had a problem with losing internet).
About a week after getting the cable, my PC starts acting up. Well my PC is running ME(another big mistake) and all my antivirus(Norton and Mcaffee) that I have on disk is uncompatible. I seldom D?L anything so wasn't really worried. I am a computer programming student and that is mainly what my pc is used ofr, although I take several classes online, so I do use the internet.
Well anyway..I acess one of the files on my PC thru Hubby's PC one morning (march 6th) and his Pc goes haywire saying it won't open the file because it is infected with CIH. (The file I was trying to access was a program that I wrote).
After a week long battle and losing all my schoolwork(I know to back up now!) I had to format. Now my PC is comepletely unstable...I am hoping this is due to ME..maybe I just got lucky the first time, as I ran ME for a year with few probs other than uncampatability with several programs that I have. Also my PC is showing moe than 10 gigs of hard drive used and I know I probably have 4 at most 5 used as I haven't re-installed half the PG's I had on it.
Okay then one day I went to shut down my PC and a message came up that there were 5 other PC's hooked to mine...do I still want to shut down?
The descriptions of the other pc's came up as // and my hubby's then wierd things like // THE BOYS ROOM and and another was //Denise's and I think one even said living room. None of which are on my LAN.
So Is it possible that I have been hacked...if so why???
I mean I am just a nobody? I immediately installed Norton firewall(which has been really buggy with ME) and got over 150 attempts to access my PC that were blocked by Norton.
And back to the point...I love the cable modem..but am getting kinda scared after accessign the internet for 5+ years with no probs and now having viruses on botht he Pc's we have, and possibly being hacked as well.???

What can I do!?

[Philip1952]

When you were on dial up. There wan't much interest in your computer. Now on cable you need to harden up your securities a lot. The crackers want high speed zombies. Yours was a ripe target. No fire wall and default securities on windows.
I wonder why you had problems with norton antivirus on ME? I have used ME and had no problems with norton at all.
Have you used norton rescue disks and run them from a boot disk. Most virus don't work in dos. Running norton from a boot disk will find any virus if you still have one.
My self when I get a computer with a virus. If I have any doughts on the removal. I will do a low level format on the drive. This will remove everything on it. Windows format doesn't. It just removes the address's but leaves the data (or virus) there.
You said you bought a switch for connecting two computer. Does it have a built in fire wall? If not I would upgrade to a Linksys or a D-link cable/router firewall box setup. This will hide your computers from the internet.

[Philip1952]

Also go Here then down load the program called the cleaner. it is under shareware>securities/privacy>antivirus\ specialized
Then see if it finds anything else.
You can find this program at Cnet also. But I get faster downloads from the site I gave.
You might also want to go to www.grc.com and do some reading. This site deals with internet securities. Good reading there.

[Brenda1231]

Philip..
okay I haven't went to the window washer site yet, but the router I bought was a linksys and says it has a built in firewall. I had a linksys switch, but was having connection problems. I tried to put the Norton firewall on top of it and I cannot sign on to aol, which is my default email.(I would give up aol, but hubby loves it??). So I had to unistall firewall to reinstall aol. For some reason they will not both work with ME. BUT I put the firewall on hubbys Pc a few hours ago and seems to be working fine on his 98Se .
I also use Microsoft Developer to write programs in C++ and Java and they are buggy with ME, but not with 98SE.
But anyway that is beside the point..more directly..since the firewall..when I had it on(oh the cable comapany asked me to unistall it last week..I was having connection problems and they said it was the firewall..not convincd it was..****...another story).
it came up with alerts every fifteen minutes..and told me it was blocking the addess??
By low leverl format you mean an fdisk thru dos??
Because that is what I did on my PC...I formatted from dos and reinstalled from scratch.

[Philip1952]

What was the ip that ZA was blocking. If it was 192.168.1.1 that is your router address. That is normal for ZA to block you router. It just sees it as another computer trying to connect. You can go into ZA on the securities page. Click the advanced button. Then add your router IP address. Then it won't jump up any more alarms on it. Same way with your hubby's computer add it there also. If you do get scaned it will show then from your static IP address.
I have the same router box with zone alarm on my computer also. That is the way I have it setup.
Now another tip. Go into what ever address book you use. Make a false name and address up. Make it something you know will bounce back if something sends to people in your address book. That way if you get a virus that mails out. You will get a return fail e-mail and know you have something infesting your computer.
On zone alrm you need to learn what is doing the scanning. If it says. DNS in the line. That is just a Domain Name Server sending a trace back to you from your last quirey. Look at the port numbers that zone alarm shows. Here is a site that lists the ports used by most programs and trojans. These will tell you if a hit on the fire wall is something to worry about also.
Open a dos prompt box from windows. Type in netstat/a this lists all ports open and listening on line. Turn off all programs wanting internet access before you do this. If you see a trojan port open and listening. Then you have some more work ahead.
I just reread you had norton fire wall. I have never used it. I use Zone Alarm.

[SPEEDO]

Hello

Usually you can find the low level format utility on the disk that came with your hard drive.
I know Maxtor and Western Digital have this on their disks.
Depending on the size of the drive it will be a little time consuming.
My 30 gig Maxtor takes two hours to low level format, But it sure does clean it out like brand new second hand...

SPEEDO

[vendal]

More than likley the reason you see other computers on your network is because you and a neighbor have used the same workgroup names.

Just rename the workgroup on both of your computers and that should take care of the problem.

[Fatal_Exception]

With CIH virus you should clear NVRAM (it can reside in BIOS) and zero your drives. Only way to prevent instability and reinfection. This is based on corporate experience with 600 computers.

[shark_megabyte]

Originally posted by Brenda1231

Now my PC is comepletely unstable...I am hoping this is due to ME..maybe I just got lucky the first time, as I ran ME for a year with few probs other than uncampatability with several programs that I have. Also my PC is showing moe than 10 gigs of hard drive used and I know I probably have 4 at most 5 used as I haven't re-installed half the PG's I had on it.

This space is probably being hogged by Windows ME's System Restore feature, which my brother was kind enough to warn me about when I installed ME on my machine. Go into the System Control Panel, to the Performance tab, and click the File System button. The option to disable System Restore should be in there. You'll need to reboot. If you don't see more free space right away after that, then go into View - Folder Options, make sure all hidden files are displayed, and then go hunting for the System Restore folder to kill it.

Once System Restore has been laid to rest, go into the System Tools in the Start Menu and let those babies go to town. Especially do a scandisk followed by a defragmentation on your hard drive.

After this you should see a definite improvement. Might not get rid of all the instability but you should be running smoother than before.

[Fatal_Exception]

Originally posted by Brenda1231
....Okay then one day I went to shut down my PC and a message came up that there were 5 other PC's hooked to mine...do I still want to shut down?
The descriptions of the other pc's came up as // and my hubby's then wierd things like // THE BOYS ROOM and and another was //Denise's and I think one even said living room. None of which are on my LAN. What can I do!?

Your computer has probably been enlisted in a DOS attack on some server. Or, if you have a web cam, connections may still be active on video chats or the entertainment at pay-per-view. (how are you dressed?)

[Tor]

What model of Linksys router do you have? Have you gotten the latest firmware updates? I have read that some of the Linksys routers will leak Netbios information. This will let hackers know what computers you have running on your network. The firmware updates should correct this problem, if you have it. Also, even if you are "secure" you may want to trust, or make sure that nothing you're downloading has a trojan horse in it. These programs run from your computer, and can get out to the internet through the router firewall. A couple of good security sites are,

Shieds up, by gibson research. https://grc.com/x/ne.dll?bh0bkyd2

Port Scan, DSL Reports. http://www.dslreports.com/tools

Sygate Online http://scan.sygatetech.com/

I normally run these scans of myself bout once a month. As for ME, Windows XP is well worth the upgrade. Hope this helps a little.

[Brenda1231]

What was the ip that ZA was blocking. If it was 192.168.1.1 that is your router address. That is normal for ZA to block you router. It just sees it as another computer trying to connect. You can go into ZA on the securities page. Click the advanced button. Then add your router IP address. Then it won't jump up any more alarms on it. Same way with your hubby's computer add it there also. If you do get scaned it will show then from your static IP address.


This is the message from Norton FW.

Date: 3/27/02 Time: 22:06:01
Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (172.134.197.49,http(80))

A security alert also came up that said something about Backdoor Sub7???????

[Fatal_Exception]

Originally posted by Brenda1231
A security alert also came up that said something about Backdoor Sub7???????

Backdoor Sub7 is a particularly nasty trojan that is regularly updated by its author to stay ahead of virus protection.... It allows an outsider to download files into your system and run them. All data on your system is available via this trojan. It usually enters a system disguised as a bmp or jpg (often pornographic)...

[Philip1952]

How are you doing with your computer? Have you ran The cleaner yet?

[Brenda1231]

Hi Philip..
in reply to your question about the windows cleaner,
Nope.
The problem with the trojan was on Hubby's PC and I have learned not to mess with his too much cuz if something goes wrong...well it is like driving a car...if it breaks while I am driving it....
LOL but I sent him that info and he just told me his is about ot D/L it now.
I will probably try it on my PC as well, but first I am trying to figure out why 9 Gigs of hard drive are being used when I should have maybe 3 or 4 gigs used(and that is stretching since I recently formatted due to CIH virus and have not reinstalled all Programs.

Also we have the Norton System works 200 installed will that interfer with the window washer thing?

Thanks,

Brenda