Am Panda Antivirus 2009 actualizat la zi si de vreo 3 zile din ora in ora imi spune ca fost o tentiva de conectare la calculatorul meu de la IP-ul 192.164.1.64 si a fost blocata.
Am scanat cu cred ca toate programele antivirus care au scaner online gratuit cunoscute de om si probabil cu cateva care inca nu s-au inventat, si nu am gasit nimic.
Ca o masura de precautie am si oprit system restore pentru ca stiu ca unii virusi se baga in system restore pentru a nu fi detectati, si astfel s-ar fi sters daca ar fi fost acolo
Imi poate spune cineva ce se imtampla ? Am vreun troian ? Nu cred ca vreun hacker se poate conecta direct fara ajutorul vreunui program worm instalat pe calculatorul tinta.
Am un troian ?
Moderator: Moderatori
Re: Am un troian ?
Pai banuiesc ca e firewall-ul care-ti spune ca a blocat o tentativa de conectare. E de bine. 
...un fleac...m-au ciuruit...
...asa ca foloseste codul de voucher W33XPSQD in comenzile tale la PC Garage si vei primi discount 1%...
...asa ca foloseste codul de voucher W33XPSQD in comenzile tale la PC Garage si vei primi discount 1%...
Re: Am un troian ?
Bine, bine da' problema e ca eu cred ca inca am mizeria aluia care il ajuta sa se conecteze la calculatorul meu si nu o detecteaza nici un antivirus.
Re: Am un troian ?
192.164.1.64 pare sa fie un ip de Austria.Cel putin asa zice Ripe Database.
Precizeaza despre ce porturi e vorba si protocolul, atat porturile de unde vine inboundul cat si porturile unde vrea sa se conecteze pe calcul tau.
E vorba de firewalul integrat in suita Panda?
N-ar fi rele si niste scanari full cu (in cazul in care astea ti-au scapat din vedere ) MalwareBytes Antimalware ,SpybotSearch & Distroy si DrWeb CureIT(scanere on demand nu incurca antivirusul).
Precizeaza despre ce porturi e vorba si protocolul, atat porturile de unde vine inboundul cat si porturile unde vrea sa se conecteze pe calcul tau.
E vorba de firewalul integrat in suita Panda?
N-ar fi rele si niste scanari full cu (in cazul in care astea ti-au scapat din vedere
) MalwareBytes Antimalware ,SpybotSearch & Distroy si DrWeb CureIT(scanere on demand nu incurca antivirusul).>MSI HQ USB Flash Tool(update BIOS via USB stick)
"Ovine meat is called NABSTER when from younger animals and SKILLED when from older ones"
"Ovine meat is called NABSTER when from younger animals and SKILLED when from older ones"
Re: Am un troian ?
Asta scrie in raportul Panda AV
Panda Internet Security 2008 incident report
Filter selected:Virus detected, Suspicious file, Dangerous file, Script execution, Phone connection, Connection attempt, Port scan attack, Denial of service attack, Spoofing, Attacking IP address blocked, Enabled, Disabled, Update, Scan started, Scan complete, Date: All
INCIDENT NOTIFIED BY DATE-TIME RESULT ADDITIONAL INFORMATION
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Connection attempt Firewall protection 04/24/09 10:50:07 Blocked Source IP address: 192.168.1.64
Connection attempt Firewall protection 04/24/09 10:04:00 Blocked Source IP address: 192.168.1.64
Connection attempt Firewall protection 04/24/09 10:03:55 Blocked Source IP address: 169.254.16.65
Connection attempt Firewall protection 04/24/09 09:54:44 Blocked Source IP address: 192.168.1.64
Suspicious operation: Protection against unknown... 04/24/09 09:49:53 Blocked Program: C:\DOCUMENTS AND SETTINGS\CRISTI\LOCAL SETTINGS\TEMP\04240994909\UD.EXE
Connection attempt Firewall protection 04/24/09 09:49:06 Blocked Source IP address: 192.168.1.64
Connection attempt Firewall protection 04/24/09 09:40:23 Blocked Source IP address: 192.168.1.64
Connection attempt Firewall protection 04/24/09 09:35:24 Blocked Source IP address: 192.168.1.64
Scan complete On-demand antivirus scan 04/24/09 09:21:11 Scan:
Scan started On-demand antivirus scan 04/24/09 09:20:59 Scan:
Update Update system 04/24/09 09:20:55 Correct Total threat signatures: 1848297
Connection attempt Firewall protection 04/24/09 09:15:20 Blocked Source IP address: 192.168.1.64
Connection attempt Firewall protection 04/23/09 23:50:42 Blocked Source IP address: 192.168.1.64
Connection attempt Firewall protection 04/23/09 22:49:41 Blocked Source IP address: 192.168.1.64
Connection attempt Firewall protection 04/23/09 22:38:51 Blocked Source IP address: 192.168.1.64
Connection attempt Firewall protection 04/23/09 21:39:04 Blocked Source IP address: 192.168.1.64
Connection attempt Firewall protection 04/23/09 20:39:04 Blocked Source IP address: 192.168.1.64
Connection attempt Firewall protection 04/23/09 19:39:04 Blocked Source IP address: 192.168.1.64
Scan complete On-demand antivirus scan 04/23/09 19:06:36 Scan: Scanning C:\WINDOWS\ERUNT
Scan started On-demand antivirus scan 04/23/09 19:06:36 Scan: Scanning C:\WINDOWS\ERUNT
Connection attempt Firewall protection 04/23/09 18:37:01 Blocked Source IP address: 192.168.1.64
Scan complete On-demand antivirus scan 04/23/09 18:32:48 Scan: Scanning C:\Documents and Settings\Cristi\Desktop\Ad-AwareAE.ex
Scan started On-demand antivirus scan 04/23/09 18:32:48 Scan: Scanning C:\Documents and Settings\Cristi\Desktop\Ad-AwareAE.ex
Scan complete On-demand antivirus scan 04/23/09 18:24:40 Scan: Scanning D:\Music\new\lady gaga - poker face.mp
Scan started On-demand antivirus scan 04/23/09 18:24:40 Scan: Scanning D:\Music\new\lady gaga - poker face.mp
Update Update system 04/23/09 18:10:52 Correct Threat signatures
Connection attempt Firewall protection 04/23/09 17:39:58 Blocked Source IP address: 192.168.1.64
Connection attempt Firewall protection 04/23/09 16:38:57 Blocked Source IP address: 192.168.1.64
UD.exe a aparut recent si l-am si sters fara nicio problema.
Altceva nu pot spune. Oricum cred ca o sa reinstalez sistemul pentru ca sunt convins ca este un troian pe undeva care ii da acces aluia, si nici un antivirus nu il gaseste.
Panda Internet Security 2008 incident report
Filter selected:Virus detected, Suspicious file, Dangerous file, Script execution, Phone connection, Connection attempt, Port scan attack, Denial of service attack, Spoofing, Attacking IP address blocked, Enabled, Disabled, Update, Scan started, Scan complete, Date: All
INCIDENT NOTIFIED BY DATE-TIME RESULT ADDITIONAL INFORMATION
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Connection attempt Firewall protection 04/24/09 10:50:07 Blocked Source IP address: 192.168.1.64
Connection attempt Firewall protection 04/24/09 10:04:00 Blocked Source IP address: 192.168.1.64
Connection attempt Firewall protection 04/24/09 10:03:55 Blocked Source IP address: 169.254.16.65
Connection attempt Firewall protection 04/24/09 09:54:44 Blocked Source IP address: 192.168.1.64
Suspicious operation: Protection against unknown... 04/24/09 09:49:53 Blocked Program: C:\DOCUMENTS AND SETTINGS\CRISTI\LOCAL SETTINGS\TEMP\04240994909\UD.EXE
Connection attempt Firewall protection 04/24/09 09:49:06 Blocked Source IP address: 192.168.1.64
Connection attempt Firewall protection 04/24/09 09:40:23 Blocked Source IP address: 192.168.1.64
Connection attempt Firewall protection 04/24/09 09:35:24 Blocked Source IP address: 192.168.1.64
Scan complete On-demand antivirus scan 04/24/09 09:21:11 Scan:
Scan started On-demand antivirus scan 04/24/09 09:20:59 Scan:
Update Update system 04/24/09 09:20:55 Correct Total threat signatures: 1848297
Connection attempt Firewall protection 04/24/09 09:15:20 Blocked Source IP address: 192.168.1.64
Connection attempt Firewall protection 04/23/09 23:50:42 Blocked Source IP address: 192.168.1.64
Connection attempt Firewall protection 04/23/09 22:49:41 Blocked Source IP address: 192.168.1.64
Connection attempt Firewall protection 04/23/09 22:38:51 Blocked Source IP address: 192.168.1.64
Connection attempt Firewall protection 04/23/09 21:39:04 Blocked Source IP address: 192.168.1.64
Connection attempt Firewall protection 04/23/09 20:39:04 Blocked Source IP address: 192.168.1.64
Connection attempt Firewall protection 04/23/09 19:39:04 Blocked Source IP address: 192.168.1.64
Scan complete On-demand antivirus scan 04/23/09 19:06:36 Scan: Scanning C:\WINDOWS\ERUNT
Scan started On-demand antivirus scan 04/23/09 19:06:36 Scan: Scanning C:\WINDOWS\ERUNT
Connection attempt Firewall protection 04/23/09 18:37:01 Blocked Source IP address: 192.168.1.64
Scan complete On-demand antivirus scan 04/23/09 18:32:48 Scan: Scanning C:\Documents and Settings\Cristi\Desktop\Ad-AwareAE.ex
Scan started On-demand antivirus scan 04/23/09 18:32:48 Scan: Scanning C:\Documents and Settings\Cristi\Desktop\Ad-AwareAE.ex
Scan complete On-demand antivirus scan 04/23/09 18:24:40 Scan: Scanning D:\Music\new\lady gaga - poker face.mp
Scan started On-demand antivirus scan 04/23/09 18:24:40 Scan: Scanning D:\Music\new\lady gaga - poker face.mp
Update Update system 04/23/09 18:10:52 Correct Threat signatures
Connection attempt Firewall protection 04/23/09 17:39:58 Blocked Source IP address: 192.168.1.64
Connection attempt Firewall protection 04/23/09 16:38:57 Blocked Source IP address: 192.168.1.64
UD.exe a aparut recent si l-am si sters fara nicio problema.
Altceva nu pot spune. Oricum cred ca o sa reinstalez sistemul pentru ca sunt convins ca este un troian pe undeva care ii da acces aluia, si nici un antivirus nu il gaseste.
Re: Am un troian ?
Logul nu ajuta cu nimic suplimentar 
.Nu avem date nici despre protocol nici despre porturile pe care se face atacul/scanarea (daca e atac).
Daca te va mai deranaja acelasi ip si dupa reinstalare Windows iti recomand sa bagi un firewal mai rasarit ,cu loging calumea, macar un trial de Jetico2 sau Outpost.Pana si Comodo si PC Tools Firewall ar face o logare buna cu setarile de rigoare.
Oricum Panda antivirus nu e cine stie ce soft state of the art .
.Nu avem date nici despre protocol nici despre porturile pe care se face atacul/scanarea (daca e atac).Daca te va mai deranaja acelasi ip si dupa reinstalare Windows iti recomand sa bagi un firewal mai rasarit ,cu loging calumea, macar un trial de Jetico2 sau Outpost.Pana si Comodo si PC Tools Firewall ar face o logare buna cu setarile de rigoare.
Oricum Panda antivirus nu e cine stie ce soft state of the art .
>MSI HQ USB Flash Tool(update BIOS via USB stick)
"Ovine meat is called NABSTER when from younger animals and SKILLED when from older ones"
"Ovine meat is called NABSTER when from younger animals and SKILLED when from older ones"
Re: Am un troian ?
Am reinstalat sistemul, insa log-ul Panda a fost din nou spamat cu incercari de conectare blocate, prin urmare nu a fost vorba de vreun tool, iar cineva pur si simplu incearca sa se conecteze la mine prin internet "de-a moaca", daca este posibil asa ceva.
Oricum am trecut la Panda Global Protection si vad ca acuma nu mai apar in log aceste incercari.
Oricum am trecut la Panda Global Protection si vad ca acuma nu mai apar in log aceste incercari.
-
chrisTopher
- Posts: 703
- Joined: Sat Jan 04, 2003 9:56 am
Re: Am un troian ?
Incearca SDFix sa vezi ce zace prin calculatorul tau.
Mai sunt si alte produse soft bune pe site-ul ala. Poti sa te scanezi cu mai multe dintre ele.
Mai sunt si alte produse soft bune pe site-ul ala. Poti sa te scanezi cu mai multe dintre ele.
dark as night