Is your computer clean? Is it really?

noel · Post by **noel** » June 11, 2004, 5:55 pm

I can say with some certainty that if you have a high-speed Internet connection and your PC is connected directly to the Internet with no hardware or software firewall, you are very likely infected with a virus. I would highly recommend purchasing a hardware firewall, and if you're really concerned, getting a software firewall. Generally speaking the hardware firewalls require minimum configuration on your part, and will protect you from most attacks.

A few of the newer viruses, specifically Phatbot, Agobot, and Gaobot (though I'm sure others do this as well) will actually disable your antivirus software, personal firewall (not a hardware one), regedit, and several other pieces of software on your computer. Since a lot of times when a virus first comes out, the definitions aren't yet in the antivirus software, you can be completely up to date on your virus definitions, and still be infected with whatever the newest virus is.

These viruses spread by sending out frames from your computer to other computers. Basically they scan remote IP addresses looking for machines that are vulnerable, and if they find one, they infect the remote machine and further spread.

So the question is, if your virus software can't detect a virus, how do you know if your PC is TRULY clean? The answer my friends is a network packet sniffer. A network sniffer will allow you to see the frames being sent out from your computer. If you're sending out traffic you can't explain, chances are you have a virus.

Anyway, let me cut to the chase.... There's a free network sniffer available for download at http://www.ethereal.com. It works with all 5 NICs, 2 of which are wireless, that I have on my different computers, and it will show the output of a sniffer capture in realtime, so you can see frames as they go out. It has a whole shitload of filters you can apply, as well as color coding the frame etc. I use it daily at my job, but given the free cost, it's a good way to see what traffic your computer is sending out. If you're computer has no web applications running, it should be relatively quiet on the network except for the occasional NETBIOS frames. If anyone's interested in help setting this up, or advice on how to use it to see if their PC is really clean, let me know and I'll do my best.

masteen · Post by **masteen** » June 12, 2004, 1:53 pm

Who the fuck are you, and how many times did you blow Xou to get your post count bumped?

Nilaman · Post by **Nilaman** » June 12, 2004, 2:21 pm

Aranuil I think...

Ransure · Post by **Ransure** » June 12, 2004, 2:25 pm

and why the hell did you change your name?

But yea, Noel = Aranuil...

Aslanna · Post by **Aslanna** » June 12, 2004, 3:55 pm

It's the kinder, gentler Aranuil.

noel · Post by **noel** » June 12, 2004, 4:05 pm

Masteen, it is I... the artist formerly known as Aranuil.

Edit: Aslanna, you obviously have me confused with Atokal... I'm still as cute and cuddly as I've always been.

Winnow · Post by **Winnow** » June 12, 2004, 6:05 pm

You can run but you can't hide!

Fallanthas · Post by **Fallanthas** » June 15, 2004, 3:03 am

First twenty minutes of every day.....

1. Virus scan

2. Adware/spyware scan

3. Startup mechanic

4. Reboot

5. Regclean

6. Reboot

7. Get to work

Little bastards. Between the viruses, adware and the spam, the 'Net is gonna be completely unusable in a few years.

Siji · Post by **Siji** » June 16, 2004, 4:39 am

Having never had a virus on any of my PC's since oh, the early 90's, I can only shake my head at all the troubles people seem to have with this subject.

Winnow · Post by **Winnow** » June 16, 2004, 12:50 pm

Siji wrote:Having never had a virus on any of my PC's since oh, the early 90's, I can only shake my head at all the troubles people seem to have with this subject.

Same. I'm as bad as they come for downloading hacked, cracked, whatever stuff off the www, ftps, irc, and newgroups. I never had a virus, worm or hemorrhoids.

The first thing I got was that nasty whatever that was shutting down WinXP OS randomly while connected to the net. That took all of 10 minutes to search and find the problem.

With the lame way browsers work these days I do have search and destroy running to take care of the search crap, page redirecting, gator type stuff you can't help but get.

For peace of mind, I also run Pest Patrol Corporate edition in the background as well. If you can find a cracked copy i'd recommend Pest Patrol. It finds the most problems.

You can do a free Online Pest Scan here:

http://www.pestscan.com/

It will actually tell you how to remove the problem the hard way but won't do it for you unless you buy it.

Kilmoll the Sexy · Post by **Kilmoll the Sexy** » June 16, 2004, 4:13 pm

I run Ad-Aware and Spybot on occasion....and about once a month I run Hijack This.

Hijack this will show you anything the other 2 miss. Have to be carefull using it if you do not know what you are doing....it shows Windows files as well as malware files.

Zeep · Post by **Zeep** » June 18, 2004, 1:59 pm

http://www.packetyzer.com

Based on ethereal (and uses winpcap) but much much better.

Zeep

Mplor · Post by **Mplor** » June 19, 2004, 4:03 am

I use or have tried nearly every app like these, and I must confess I feel a twinge of disappointment each time one confirms my system is 100% clean. Is that silly of me? I may have discovered a new sort of hypochondria!

noel · Post by **noel** » June 21, 2004, 3:57 pm

My computer is fully firewalled and up to date on patches, but unfortunately, I work in a pretty bad environment. A residential student network is like the wild-wild-west of networks, and students are routinely quarantined from the network for being infected with all kinds of stuff. Even though I'm up to date, I run Ethereal fairly often as a sanity check.

Zeep, I'm curious why you think packetyzer is better than Ethereal when it runs on Ethereal. I'm downloading it now to have a look, but curious to hear your thoughts.

Winnow · Post by **Winnow** » June 21, 2004, 4:14 pm

noel wrote:My computer is fully firewalled and up to date on patches, but unfortunately, I work in a pretty bad environment. A residential student network is like the wild-wild-west of networks, and students are routinely quarantined from the network for being infected with all kinds of stuff. Even though I'm up to date, I run Ethereal fairly often as a sanity check.

Zeep, I'm curious why you think packetyzer is better than Ethereal when it runs on Ethereal. I'm downloading it now to have a look, but curious to hear your thoughts.

Zeep is not to be questioned! He is the god of networking! I don't think he frequents these boards everyday but i'll send him this way next time I see him.

Neost · Post by **Neost** » June 21, 2004, 6:44 pm

packetyzer has some enhancements over ethereal, particularly protocol decodes.

It does run on the ethereal core but the UI is much better in packetyzer.

Hesten · Post by **Hesten** » July 1, 2004, 7:59 am

Siji wrote:Having never had a virus on any of my PC's since oh, the early 90's, I can only shake my head at all the troubles people seem to have with this subject.

I had major virus problems on my old Amiga, due to the way you got games, discs got infected a lot. Think i had the Saddam virus on half my disks (hey, cant virus be counted as WMD, then a Saddam virus might be a war reason .)), but on my PC i had a total of 2 vira the last 8 years, 1 i had on a disk that never got into my system (got the disk from a friend), and 1 bothersome one i infected myself with by accident, althought i knew it right away.
Downloading pictures from newgroups then using ACDSee to browse without first deleting all the non-image files = bad). Took me 12 hours to get rid of the ugly thing.

But apart from that i havent had any vira, didnt even get hit by Blaster or Sasser, only had the "pleasure" of dealing with them at work.