hacker? 3

[fishbait]

I'm connected to the internet with cable so my pc is "on net" all time.

I have one of the free firewalls and it seems to work but I get strange behavior.

I had the W32Klez virus about a week ago in my temporary internet files so my Norton software said. I use Norton 2001 antivirus and keep it updated. Don't know how the virus got past it but I downloaded a removal tool and removed it about a week ago. I was getting email notes back from the server level saying that my email was undeliverable because my machine had a virus. The notes also showed who the mail was sent to. I have never sent email to any of the people showed on any of the notes except for one individual who I know.

My virus scan now shows the machine to be clear of any virus yet I am still getting undeliverable notifications to people that I have not sent emails to.

Could a hacker be using my pc to spread viruses? How can I determine if a hacker has been in my pc?

I appreciate any help or advice offered.

 

[SESaskDFC]

Howdy Fishbait:

You arebn't the one sending the email.. Klez works by "spoofing".. It take an address from the infected systems Contact List and places it in the "From" box of an email.. It then sends itself out.. If the recipient does not accept the email (virus scan rejects it), then it gets sent back to the address in the "From" box as "Undeliverable".. Guess who that is !!

Until the infected system is found and cleaned, be prepared for alot of these !!

Murray

 

[smah]

In addition to the above info, chances are it's someone you know that's infected.

 

[fishbait]

Thanks guys for your help. Just for general knowledge, how could I check to see if a hacker has been in my computer, understanding that the virus is not a hacker issue? Should I look at logs, and if so what should I look for?

Again thanks for any help you could provide.

Fishbait

 

[SESaskDFC]

Howdy:

If you have kept Norton up to date as you said, then it would detect a Trojan on your system and that is what is needed for a hacker to gain access.. No trojan, no access..

Murray

 

[smah]

You won't have many logs to look at with a standard win98 installation. You might want to get a software firewall such as zonealarm. This would let you know if anything suspicious is going on.

http://www.zonelabs.com/store/content/catalog/products/zonealarm/znalm_details.jsp?lid=nav_za

 

[fishbait]

Thanks again guys for making me feel better.

Fish

 

[PalmStrike]

I have had many dealings with Klez, it has been the bane of my life for the past few months, though I think I may have cracked it now.

Be aware that as Klez gets into your comuter, it shuts down Norton Antivirus, and quietly disables it. then all of a sudden, a week or so later, that damn Klez is back.

I have now uninstalled Norton, completely, and deleted all trace of Norton from the computer, and also live update, rebooting if necessary to delete stuborn files that maybe in use residually, then emptied trash folder, rebooted again, then reinstalled Norton correctly from scratch.

I have found this to help. I also found other Klez removal tools to really try to strip it out. Do a search on google for Klez removal, and see what you can find.

I hope this helps you.

 

[TheOriginalSin]

Erm ... hold up - Zone Alarm ... or as I prefer to call - Zone Hahahahahalarm deserves that name becuase i've managed to successfuly bypass it's so-called "protection" a number of times on various systems - going so far as to rename the .EXE such.

In short - it's a waste of system resource !

And - if the strain of Klez is modified - no amount of "norton" updates will save you.

VisNetic is a _GOOD_ firewall that works on a packet-level (it installs itself as a true service on driver-level) and is the only firewall I recommend for filtering the internet - maybe aside of ConSeal.

For diagnostic's - use WinTask4 or my own KillerWall 1337.

But as for solely placing your security square in the laps of a madman like Norton & Zone Labs - I really would advise against it.

 

[Kocky]

Get a dedicated fire-wall.
I use PC-Cillin 2002 and haven't had any problems yet.

 

[Grenage]

While Norton isn't my first choice, I haven't really had a problem with zonealarm - it's security is pretty good for home use (and office in conjuntion with a Proper network firewall).

And TheOriginalSin I'd love to see how you "got around" zonealarms protection by just renaming EXE files, because that simply doesn't work.

 

[PalmStrike]

TheOriginalSin, I'm intrigued, as I would never in a million years have Norton on any computer that I had paid money for, but I work for a control freak who knows best, and if he wants to pay me to go round and clear viruses off computers twice a week, then I will.