Solved

Norton Firewall Security gets disabled?

Posted on 2004-04-30
5
1,455 Views
Last Modified: 2013-12-04
I have MS-XP and am on a small local network, all machines are running Norton AV and Firewall.  Mine is the only one running XP and the other 3 are running WinME.  About every day I am noticing that my Norton Firewall system tray icon shows an exclaimation point.  When I open it, it says that the security feature is disabled.  I can enable it and continue, but I'm concerned since I've been getting some virus, worm, and trojan attacks lately that the WinME machines are not (and their Norton is working flawlessly).  

I have received Netsky, GaoBot.Zx and W32.IRCBot, and Norton seems to catch these and delete any files, but I'm concerned that something else is going on that Norton can't control.  A couple of times it appeared that my machine was under control by a remote user when my printer started printing pages of ascii characters without my control.  I wrote this off the first time as fluke, but after the 3rd time, along with daily-random disabling of my security feature has got me concerned.

A week ago, I ran the Norton security check and it did identify some "open port" vulnerabilities.  I've installed all recommended patches and latest updates from Microsoft Windows update and this closed all of the open ports, so I figured I was good to go. However, just today, I received the W32.IRCBot trojan notice which it said caught and deleted.  I decided to run the Norton Firewall Security check again and guess what, all vulnerabilities are back - open ports!!

How do I keep Norton security from being disabled?

Also, if I've installed all known XP patches, is there anything else I can do to prevent this suspicious activity from continuing?

Thanks,
Joval2003
0
Comment
Question by:joval2003
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 2

Accepted Solution

by:
LeftofCool earned 125 total points
ID: 10963900
From the printing attacks and the program changes you've described, it sounds like you have a trojan horse that is allowing the sender to continue to bombard you with other viruses and trojans. A trojan horse is a program that has the ability to allow complete access to a computer from a remote location without your consent. While NAV is a great AV tool, it will need to be coupled with several other AV and anti-spyware/adware tools in order to get rid of this particular threat. I am going to give you a list of tools originally posted by Sirbounty with some minor modifications.

Check for Spyware/Adware:
  Spybot-S&D -->  http://fileforum.betanews.com/detail.php3?fid=1043809773
  Ad-Aware --> http://www.lavasoftusa.com
  HijackThis -->http://www.spychecker.com/program/hijackthis.html
  Web Shredder -->http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder

Check for Viruses with online scanners:
  Norton/Symantec --> http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym
  Trend Micro --> http://housecall.antivirus.com/housecall/start_corp.asp
  Panda ActiveScan --> http://www.pandasoftware.com/activescan/
  McAfee Security --> http://us.mcafee.com/root/mfs/default.asp
  Individual File Scanner --> http://www.kaspersky.com/remoteviruschk.html

0
 
LVL 2

Expert Comment

by:LeftofCool
ID: 10963908
Also, please post the Hijack This log here after you have downloaded it. Be sure to run NAV and all anti-spyware/adware tools listed above in safe mode as well as in regular mode.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 125 total points
ID: 10964809
Lot's of the latest rash of viri are disableing AV and firewall software... i've found that simply renaming them (be careful, make copies) they will run.
Try McAfee's stinger: http://vil.nai.com/vil/stinger/
http://download.nai.com/products/mcafee-avert/SystemHelpDocs/DisableSysRestore.htm (this is necessary to remove the viri completely... disable, then find them, then reboot, and scan again for good measure)
http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afw.html (this turns off lot's of services and programs- stinger is not listed)
System restore is the main reason XP seems to get reinfected...
-rich

0

Featured Post

Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question