how do i know if my notebook infected or attacked ?

dear all
i feel my notebook attacked from somebody outside my control
sometimes the date in notebook changed suddenly also if i use
msconfig command i found many start up and strange  
programs so i need your advices how can i know if my
notebook attacked please advice?
best regards
ashraf2002Asked:
Who is Participating?
 
jfer0x01Connect With a Mentor Commented:
Network Security does not have a magic solution that solves every threat, especially on Networks connected to the Internet

I hope we helped you determine whether or not, you where infected!
0
 
ashraf2002Author Commented:
your quick response in highly appreciated
0
 
Darren SharplesSystems SpecialistCommented:
what sort of things are in your msconfig? have you googled them to see what they are?

have you ran any antivirus or malware programs such as spybot
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
ashraf2002Author Commented:
i used msconfig to disable all start up programs but after my notebook reset i found all of them enabled
yes i am running kaspersky business security edition in my network but i did not use any spy ware programs did you recommend to use spybot program please advice
0
 
Darren SharplesSystems SpecialistCommented:
http://www.safer-networking.org/en/download/index.html

install this and do an update of the definitions, then do a scan and remove everything that it picks up.

should like your kaspersky is preventing any system changes, might be worth disabling it while you make your msconfig changes and then reboot
0
 
jfer0x01Commented:
Hi,

post your open connections by executing cmd.exe

then

netstat -an

post your results so we can at least view all open connections to and from your machine

Jfer
0
 
ashraf2002Author Commented:
please see attached text file
IO-C.txt
0
 
jfer0x01Commented:
ok,

it seems do may have some malware, considering the number of unusual UDP ports you have open.

Although, u had no one connected to your machine via TCP port, its possible you machine has one or more back doors installed accessed via UDP traffic.

Do you have Kaspersky installed by any chance, alot of the TCP port on 1110 were opened, were you running updates when you ran netstat?

Did you install an AV when you got your machine, or after you suspected Viral Activity?

If my machine gave me this netstat, I would simply backup, and reinstall OS and AV software and run OS updates and AV engine before anything else.

Hope this helps.

Jfer


0
 
Darren SharplesSystems SpecialistCommented:
if you need to see which ports are connected. you can install and run tcpview from here:

http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

click [options] [resolve addresses].

Did you run spybot?
0
 
ashraf2002Author Commented:
yes i run spybot
i formated my notebook  and  i insalled new OS as you recommend but i am worry about other PCs in my netwrok may ther are infected what is your recomendation in such case ?
note : we have strange problem with our email accounts we can't recieve emails between us in our domain also with our customers and partners may be this probem because some viruses or spywares i am not sure could you please advice
best regard
0
 
Darren SharplesSystems SpecialistCommented:
you should confirm that your windows firewall is turned on if you think the other pcs on your network are infected.  they should all be running antivirus with updated virus definitions.

your email problem sounds like something else, you may be best logging another question with the relevant details regarding your setup and weather it has worked historically
0
 
jfer0x01Commented:
your email issue is most likely unrelated,

probably mis-configured email server

you should invest in an Enterprise AV Software, that way, you can install AV on all network machines, and centrally manage updates an alerts.


0
 
ashraf2002Author Commented:
i already use kaspersky AV for enterprise  (Kaspersky Buisness Space ) is that enogh?
0
 
jfer0x01Commented:
As long as you run regualr updates to the server, your clients recive and update themselves from the server

and assuming your network users have "least privilege" applied to user profiles, it is a good start!

Jfer
0
 
ashraf2002Author Commented:
thanks for support
0
All Courses

From novice to tech pro — start learning today.