Solved

Norton Firewall Security gets disabled?

Posted on 2004-04-30
5
1,445 Views
Last Modified: 2013-12-04
I have MS-XP and am on a small local network, all machines are running Norton AV and Firewall.  Mine is the only one running XP and the other 3 are running WinME.  About every day I am noticing that my Norton Firewall system tray icon shows an exclaimation point.  When I open it, it says that the security feature is disabled.  I can enable it and continue, but I'm concerned since I've been getting some virus, worm, and trojan attacks lately that the WinME machines are not (and their Norton is working flawlessly).  

I have received Netsky, GaoBot.Zx and W32.IRCBot, and Norton seems to catch these and delete any files, but I'm concerned that something else is going on that Norton can't control.  A couple of times it appeared that my machine was under control by a remote user when my printer started printing pages of ascii characters without my control.  I wrote this off the first time as fluke, but after the 3rd time, along with daily-random disabling of my security feature has got me concerned.

A week ago, I ran the Norton security check and it did identify some "open port" vulnerabilities.  I've installed all recommended patches and latest updates from Microsoft Windows update and this closed all of the open ports, so I figured I was good to go. However, just today, I received the W32.IRCBot trojan notice which it said caught and deleted.  I decided to run the Norton Firewall Security check again and guess what, all vulnerabilities are back - open ports!!

How do I keep Norton security from being disabled?

Also, if I've installed all known XP patches, is there anything else I can do to prevent this suspicious activity from continuing?

Thanks,
Joval2003
0
Comment
Question by:joval2003
  • 2
5 Comments
 
LVL 2

Accepted Solution

by:
LeftofCool earned 125 total points
ID: 10963900
From the printing attacks and the program changes you've described, it sounds like you have a trojan horse that is allowing the sender to continue to bombard you with other viruses and trojans. A trojan horse is a program that has the ability to allow complete access to a computer from a remote location without your consent. While NAV is a great AV tool, it will need to be coupled with several other AV and anti-spyware/adware tools in order to get rid of this particular threat. I am going to give you a list of tools originally posted by Sirbounty with some minor modifications.

Check for Spyware/Adware:
  Spybot-S&D -->  http://fileforum.betanews.com/detail.php3?fid=1043809773
  Ad-Aware --> http://www.lavasoftusa.com
  HijackThis -->http://www.spychecker.com/program/hijackthis.html
  Web Shredder -->http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder

Check for Viruses with online scanners:
  Norton/Symantec --> http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym
  Trend Micro --> http://housecall.antivirus.com/housecall/start_corp.asp
  Panda ActiveScan --> http://www.pandasoftware.com/activescan/
  McAfee Security --> http://us.mcafee.com/root/mfs/default.asp
  Individual File Scanner --> http://www.kaspersky.com/remoteviruschk.html

0
 
LVL 2

Expert Comment

by:LeftofCool
ID: 10963908
Also, please post the Hijack This log here after you have downloaded it. Be sure to run NAV and all anti-spyware/adware tools listed above in safe mode as well as in regular mode.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 125 total points
ID: 10964809
Lot's of the latest rash of viri are disableing AV and firewall software... i've found that simply renaming them (be careful, make copies) they will run.
Try McAfee's stinger: http://vil.nai.com/vil/stinger/
http://download.nai.com/products/mcafee-avert/SystemHelpDocs/DisableSysRestore.htm (this is necessary to remove the viri completely... disable, then find them, then reboot, and scan again for good measure)
http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afw.html (this turns off lot's of services and programs- stinger is not listed)
System restore is the main reason XP seems to get reinfected...
-rich

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now