Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Constant Intrusion Attempts


  • Please log in to reply

#1
Juror1

Juror1

    New Member

  • Member
  • Pip
  • 1 posts
Need help. Still getting constant intrusion attempts from 213.163.89.105, 213.163.89.106, 213.163.89.107
I have Norton 360 did a scan and it didn't find anything. I also followed the malware removal guide without good results. Is the best thing to do is just reformat?

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4339

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/22/2010 1:58:17 PM
mbam-log-2010-07-22 (13-58-17).txt

Scan type: Quick scan
Objects scanned: 138330
Time elapsed: 5 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-22 12:34:50
Windows 6.0.6002 Service Pack 2
Running: z3wi60q7.exe; Driver: C:\Users\dto5300\AppData\Local\Temp\pfddyfow.sys


---- System - GMER 1.0.15 ----

SSDT 89668BC0 ZwAlertResumeThread
SSDT 89684138 ZwAlertThread
SSDT 89DDD890 ZwAllocateVirtualMemory
SSDT 8947EE30 ZwAlpcConnectPort
SSDT 8964FE60 ZwAssignProcessToJobObject
SSDT 89DE2B30 ZwCreateMutant
SSDT 85546380 ZwCreateProcess
SSDT 85508AF8 ZwCreateProcessEx
SSDT 89679D58 ZwCreateSymbolicLinkObject
SSDT 89693D88 ZwCreateThread
SSDT 8964DE00 ZwDebugActiveProcess
SSDT 89D971A0 ZwDuplicateObject
SSDT 89DE17D0 ZwFreeVirtualMemory
SSDT 896E7108 ZwImpersonateAnonymousToken
SSDT 896DB110 ZwImpersonateThread
SSDT 89560CD0 ZwLoadDriver
SSDT 89DE23F0 ZwMapViewOfSection
SSDT 89D83108 ZwOpenEvent
SSDT 89D97E50 ZwOpenProcess
SSDT 898F74F8 ZwOpenProcessToken
SSDT 8963E068 ZwOpenSection
SSDT 8964CE50 ZwOpenThread
SSDT 89DE9C98 ZwProtectVirtualMemory
SSDT 855086C0 ZwQueueApcThread
SSDT 85508558 ZwReadVirtualMemory
SSDT 896DA020 ZwResumeThread
SSDT 8966A148 ZwSetContextThread
SSDT 89DE3368 ZwSetInformationProcess
SSDT 85508828 ZwSetInformationThread
SSDT 8964D948 ZwSetSystemInformation
SSDT 89D839E8 ZwSuspendProcess
SSDT 8966DC68 ZwSuspendThread
SSDT 897F5210 ZwTerminateProcess
SSDT 8966E068 ZwTerminateThread
SSDT 8960F138 ZwUnmapViewOfSection
SSDT 89DED500 ZwWriteVirtualMemory
SSDT 89DEABB8 ZwCreateThreadEx
SSDT 855084E0 ZwCreateUserProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 81EC9880 8 Bytes [C0, 8B, 66, 89, 38, 41, 68, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 81EC9894 4 Bytes [90, D8, DD, 89]
.text ntkrnlpa.exe!KeSetEvent + 13D 81EC98A0 4 Bytes [30, EE, 47, 89]
.text ntkrnlpa.exe!KeSetEvent + 191 81EC98F4 4 Bytes [60, FE, 64, 89]
.text ntkrnlpa.exe!KeSetEvent + 1F5 81EC9958 4 Bytes [30, 2B, DE, 89]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[172] ntdll.dll!LdrLoadDll 772A9390 5 Bytes JMP 00F8003A
.text C:\Program Files\Mozilla Firefox\firefox.exe[172] ntdll.dll!NtProtectVirtualMemory 772E4D34 5 Bytes JMP 006D000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[172] ntdll.dll!NtWriteVirtualMemory 772E5674 5 Bytes JMP 006E000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[172] ntdll.dll!KiUserExceptionDispatcher 772E5DC8 5 Bytes JMP 006C000A
.text C:\Windows\Explorer.EXE[304] ntdll.dll!NtProtectVirtualMemory 772E4D34 5 Bytes JMP 002A000A
.text C:\Windows\Explorer.EXE[304] ntdll.dll!NtWriteVirtualMemory 772E5674 5 Bytes JMP 002B000A
.text C:\Windows\Explorer.EXE[304] ntdll.dll!KiUserExceptionDispatcher 772E5DC8 5 Bytes JMP 0025000A
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!NtProtectVirtualMemory 772E4D34 5 Bytes JMP 0032000A
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!NtWriteVirtualMemory 772E5674 5 Bytes JMP 003C000A
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!KiUserExceptionDispatcher 772E5DC8 5 Bytes JMP 0030000A
.text C:\Windows\system32\svchost.exe[1228] ole32.dll!CoCreateInstance 76679EA6 5 Bytes JMP 0097000A
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!GetCursorPos 773E0B88 5 Bytes JMP 00F5000A
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[2156] kernel32.dll!CreateThread + 1A 75A2C928 4 Bytes CALL 00450771 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[4612] ntdll.dll!KiUserExceptionDispatcher + A 772E5DD2 5 Bytes JMP 00017DB0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[4612] kernel32.dll!VirtualProtect 759E1DC3 5 Bytes JMP 000169B0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[4612] kernel32.dll!LoadLibraryExW 75A09109 3 Bytes JMP 00016000 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[4612] kernel32.dll!LoadLibraryExW + 4 75A0910D 1 Byte [8A]
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[4612] kernel32.dll!VirtualFree 75A240AA 5 Bytes JMP 00016990 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[4612] kernel32.dll!VirtualAlloc 75A2AD55 5 Bytes JMP 00016960 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[4612] kernel32.dll!CreateFileA 75A2CE5F 5 Bytes JMP 00016000 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Windows\system32\wuauclt.exe[5700] ntdll.dll!NtProtectVirtualMemory 772E4D34 5 Bytes JMP 000F000A
.text C:\Windows\system32\wuauclt.exe[5700] ntdll.dll!NtWriteVirtualMemory 772E5674 5 Bytes JMP 0018000A
.text C:\Windows\system32\wuauclt.exe[5700] ntdll.dll!KiUserExceptionDispatcher 772E5DC8 5 Bytes JMP 000E000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\BTHUSB \Device\00000090 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000092 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfb8cdb86
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d3cc1e3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d3cc1e3@000dfd30dd07 0xC3 0xE6 0xEF 0x96 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001bfb8cdb86 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d3cc1e3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d3cc1e3@000dfd30dd07 0xC3 0xE6 0xEF 0x96 ...

---- EOF - GMER 1.0.15 ----
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,236 posts
  • MVP
An Intrusion Attempt means that something outside your PC is trying to get in. It does not mean your system is infected. The internet is full of infected systems which are trying to find other systems to infect. That's unfortunately the norm these days and is why we have firewalls. What you really should do is tell Norton to stop reporting them.

You can configure NPF not to alert you but continue protecting your system or block such intrusions that triggers the IDS by opening NIS then look for Intrusion detection settings then uncheck the box for "Notify me when Intrusion detection blocks connection".

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP