|
|
|
|
 
• Tech Tips • Tech Reviews • Security • Games • G4 video game TV • Postcards • Search • Broadband • Services • Forums
> Subscribe and receive information about Road Runner's products, services and specials via email |
Sobig.a General information on most likely what is/was in your system http://www.lurhq.com/sobig.html The proxy referenced on the page is most likely on your system. Startup Control Panel http://www.mlin.net/StartupCPL.shtml Shows you what runs when you re-boot computer and simplifies the process of stopping things that run when you reboot. Startup Monitor http://www.mlin.net/StartupMonitor.shtml Alerts you when something tries to register itself to run at startup. This one is more for protection once you know the system is clean. If your Anti-Virus finds files it can't remove Most likely, the reason the anti-virus scanners can't remove the problem files that are detected is that they are currently running. When you run Startup Control Panel (link listed above), if you see MMtask (or any other files listed that your antivirus could not remove) listed in your startup, you most likely have a hidden proxy server on your system. De-select it so it will not restart when you re-boot your system and then run anti-virus again. Hopefully, it will then remove the problem files. A properly configured firewall may help keep malicious users out of your system if you are unable to remove the problem files. http://twcminnesota.com/security has many firewall suggestions available. Some free ones that work as good as or better than some of the products you can buy. If you are unable to remove this problem and we keep getting complaints, you will be forced to reformat your hard drive and reinstall your operating system or consult a PC repair shop. This is the only way to make sure your computer and the Time Warner Network is secure. While you may not have installed the application in question, you are responsible for getting it off your system. Use of any "application proxy" software programs, (such as the WinGate product in its default mode), which permit other Internet users open access to your computer system(s), is NOT ALLOWED on the Road Runner network and could result in immediate suspension and possible disconnection of the Road Runner service. Anti-Virus Software Most anti-virus software will detect programs that may allow remote access to your computer (Trojans) or perform activities or functions that may corrupt data on your computer. If you decide to use an anti-virus program, remember to keep it updated so you will be protected from new viruses. Here are just a few of the many anti-virus programs out there:
Time Warner Cable and Road Runner do not endorse or support any of the above products. They are listed for your reference and represent only a portion of those commercially available. So, your anti-virus program and a Trojan cleaner didn't find anything? An easy way to check for a possible trojan that has not been detected in more conventional ways is to start your PC let it run for a few minutes without opening any programs. Then go to start and select run. If running Windows 9x type in command and click on okay. If running Windows NT, 2000, or XP then type in cmd. Thjis wil open a black window. I this type in netstat and hit enter. This will show connections to your PC and will look like this. C:\>netstat Active Connections Proto Local Address Foreign Address State TCP smith:1175 10.182.98.195:400 ESTABLISHED If you are running AIM you wil see this connection listed along with any others connected to your PC. Connections that you are unable to explain are the ones that you want to worry about and indicate the presence of something running that you didn't install There is one more thing we can try to look for -- a hidden IRC client. IRC stands for Internet Relay Chat and in simplest terms, is similar to AOL Instant Messenger. It can do so much more, but this is the easiest way to get a grip on what it is about. If you were to install and use an IRC client yourself, it would not be a problem. When it is installed without your knowledge (running an infected .exe file is one way this can happen), is when the problems begin. This program can give malicious users full access to your computer, and they can use it however they want. It could be used for scanning for other vulnerable computers, Denial of Service attacks, viewing your files or anything else you could do sitting at your keyboard. To see if this is running on your system, press and hold the keys (in order of) Ctrl-Alt-Delete. This will pull up a window that says Close Program. This is a list of the programs that are currently running on your computer. Some of them may be obvious (Internet Explorer, Outlook Express, AIM, etc.) and others may not be because they are running in the background. Look for a program called mIRC or possibly just IRC. If it is present, click on it once to highlight it. After it is highlighted, click the End Task button. This will stop the program from running and allow you to uninstall it. (If you try to uninstall it while it is still running, you will not be able to.) To uninstall the IRC client, click on the 'Start' button, then 'Settings', then 'Control Panel', then 'Add/Remove Programs'. In the window that opens, look for mIRC or IRC and click on it once to highlight it. Click the 'Add/Remove' button and the program should be removed from your system. Any files that come up as "Could not be removed by the uninstall program" should be able to be safely deleted by you with the delete key. Return to Security © Time Warner Cable, 2004. All rights reserved. LOONEY TUNES, characters, names and all related indicia are trademarks of and © Warner Bros. (s03) Terms of use |
Return to Security
|
|||||||||||||||||||||||||||
