ashraf2002
asked on
how do i know if my notebook infected or attacked ?
dear all
i feel my notebook attacked from somebody outside my control
sometimes the date in notebook changed suddenly also if i use
msconfig command i found many start up and strange
programs so i need your advices how can i know if my
notebook attacked please advice?
best regards
i feel my notebook attacked from somebody outside my control
sometimes the date in notebook changed suddenly also if i use
msconfig command i found many start up and strange
programs so i need your advices how can i know if my
notebook attacked please advice?
best regards
what sort of things are in your msconfig? have you googled them to see what they are?
have you ran any antivirus or malware programs such as spybot
have you ran any antivirus or malware programs such as spybot
ASKER
i used msconfig to disable all start up programs but after my notebook reset i found all of them enabled
yes i am running kaspersky business security edition in my network but i did not use any spy ware programs did you recommend to use spybot program please advice
yes i am running kaspersky business security edition in my network but i did not use any spy ware programs did you recommend to use spybot program please advice
http://www.safer-networking.org/en/download/index.html
install this and do an update of the definitions, then do a scan and remove everything that it picks up.
should like your kaspersky is preventing any system changes, might be worth disabling it while you make your msconfig changes and then reboot
install this and do an update of the definitions, then do a scan and remove everything that it picks up.
should like your kaspersky is preventing any system changes, might be worth disabling it while you make your msconfig changes and then reboot
Hi,
post your open connections by executing cmd.exe
then
netstat -an
post your results so we can at least view all open connections to and from your machine
Jfer
post your open connections by executing cmd.exe
then
netstat -an
post your results so we can at least view all open connections to and from your machine
Jfer
ASKER
please see attached text file
IO-C.txt
IO-C.txt
ok,
it seems do may have some malware, considering the number of unusual UDP ports you have open.
Although, u had no one connected to your machine via TCP port, its possible you machine has one or more back doors installed accessed via UDP traffic.
Do you have Kaspersky installed by any chance, alot of the TCP port on 1110 were opened, were you running updates when you ran netstat?
Did you install an AV when you got your machine, or after you suspected Viral Activity?
If my machine gave me this netstat, I would simply backup, and reinstall OS and AV software and run OS updates and AV engine before anything else.
Hope this helps.
Jfer
it seems do may have some malware, considering the number of unusual UDP ports you have open.
Although, u had no one connected to your machine via TCP port, its possible you machine has one or more back doors installed accessed via UDP traffic.
Do you have Kaspersky installed by any chance, alot of the TCP port on 1110 were opened, were you running updates when you ran netstat?
Did you install an AV when you got your machine, or after you suspected Viral Activity?
If my machine gave me this netstat, I would simply backup, and reinstall OS and AV software and run OS updates and AV engine before anything else.
Hope this helps.
Jfer
if you need to see which ports are connected. you can install and run tcpview from here:
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
click [options] [resolve addresses].
Did you run spybot?
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
click [options] [resolve addresses].
Did you run spybot?
ASKER
yes i run spybot
i formated my notebook and i insalled new OS as you recommend but i am worry about other PCs in my netwrok may ther are infected what is your recomendation in such case ?
note : we have strange problem with our email accounts we can't recieve emails between us in our domain also with our customers and partners may be this probem because some viruses or spywares i am not sure could you please advice
best regard
i formated my notebook and i insalled new OS as you recommend but i am worry about other PCs in my netwrok may ther are infected what is your recomendation in such case ?
note : we have strange problem with our email accounts we can't recieve emails between us in our domain also with our customers and partners may be this probem because some viruses or spywares i am not sure could you please advice
best regard
you should confirm that your windows firewall is turned on if you think the other pcs on your network are infected. they should all be running antivirus with updated virus definitions.
your email problem sounds like something else, you may be best logging another question with the relevant details regarding your setup and weather it has worked historically
your email problem sounds like something else, you may be best logging another question with the relevant details regarding your setup and weather it has worked historically
your email issue is most likely unrelated,
probably mis-configured email server
you should invest in an Enterprise AV Software, that way, you can install AV on all network machines, and centrally manage updates an alerts.
probably mis-configured email server
you should invest in an Enterprise AV Software, that way, you can install AV on all network machines, and centrally manage updates an alerts.
ASKER
i already use kaspersky AV for enterprise (Kaspersky Buisness Space ) is that enogh?
As long as you run regualr updates to the server, your clients recive and update themselves from the server
and assuming your network users have "least privilege" applied to user profiles, it is a good start!
Jfer
and assuming your network users have "least privilege" applied to user profiles, it is a good start!
Jfer
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks for support
ASKER