Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Persistent Worm.VBS.Solow.a

  1. #1
    rbmcn Guest

    Default Persistent Worm.VBS.Solow.a

    I need some help here. Not sure if this is the correct forum. I run XP home,avast! antivirus, Zone alarm (free), Spyware Doctor and a-Squared Free anti-malware. Never had a security problem since 1996 and most ports were stealth, others closed. I moved from Hong Kong last month (having used PCCW broadband in HK) to Bangkok where I am living long-term in a hotel using "MagiNet", through cable. As soon as I plugged in I was infected by "Worm.VBS.Solow.a". It appears to do nothing in my system and it is readily deleted. But each time I use the net it reappears. Virtually all my ports are now "closed", not stealth, and ports 0,21,23,80 are wide open. I cannot "re-stealth" them. ZA firewall is on High, Windows security is on High and all my security programs are up to date but somehow this worm gets in. Is this a threat? How can I stealth my system again. Grateful for advice.

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm (Free)

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Persistent Worm.VBS.Solow.a

    The Remote Acces and Remote user should have been disabled. Secondly the Windows File and Printer sharing should have been disabled.

    Ok about the open ports. How was this determined? By an online scan? The online scan should be actually testing the server from the hotel, not your machine. The open ports maybe the server ports and not your laptop.

    The way to find out if the server is being scanned and not your machine is when the online port scan is started, the IP tested will be shown. If it matches the machine's IP, then the test is for your machine. If the IP shwon is different, then the machine being tested is not your machine.

    Hotels and some public servers will leave these ports open by default. It make connecting easier for some ujsers and other servers.

    Worm.VBS.Solow.a propogates through removable storage devices. I had guessed it would be an email worm or network worm, nut no it turns out it starts from risky media disk or USB flash.

    Did the Avast boot time scan?
    Did some online scans for extra measure/

    http://www.bitdefender.com/scan8/ie.html

    http://www.ewido.net/en/onlinescan/

    Oldsod
    Best regards.
    oldsod

  3. #3
    rbmcn Guest

    Default Re: Persistent Worm.VBS.Solow.a

    Oldsod, if you are still there- grateful for further assistance If my own PC is still secure (and I now beleive it is) and the hotel internet connections are not, is it unsafe to conduct any confidential transactions through the system? I presume that no matter how secure my PC is, once the transmission goes out thro' the hotel connection, it is at risk? Is that logical or paranoid? Any thoughts? Thanks.
    Bruce

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Persistent Worm.VBS.Solow.a

    If the hotel is using a cable internet for you to use, not so bad. But is risky.

    If the hotel has a wireless connection with the cable internet , then that is not safe at all. Anybody can park the car just down the street, sit behind the steering-wheel, power a laptop and hook up to the hotel's network and see the other users.

    All transmission, unless encrypted, are unsecured and open to anyone to see along it's path. The return from the other server/PC is just as open. each transmission has the packets openly showing and the header with the sender's address and the address of the last replier for that transmission.

    Secure http ( or the https and secured email are outside of this rule. But if they are intercepted and recorded and relayed on to the next server, the actual message(s) can be deciphered by an expert.

    Just remember that the internet is completely open. The DNS and providers and the hop servers all saw your message and where you are and where it went. They have recorded this- some temporarily and some in brief detail for several years. The server of yourhotel has probabaly recorded all connections and connection attempts made. Even google can tell what you looked at for the last few years- by recording your google searches and the links/sites used from their pages.

    Any sites visited all saw your address and saw what OS, version of OS, browser, security settings, connection info, your DNS and your server involved, pings involved, trace route and even what town and country.

    http://www.dnsstuff.com/tools/aboutyou.ch


    Secure Sockets Layer (SSL) creates a secure connection between a client and a server, over which any amount of data can be sent securely. Preferred over the https or Secure HTTP. Much safer.

    http://www.w3.org/Security/Faq/wwwsf5.html#CON-Q9



    Transport Layer Security (TLP) was the next step after SSL.


    http://en.wikipedia.org/wiki/Secure_Sockets_Layer


    http://translate.google.com/translat...%3Den%26sa%3DG


    One of more widely used encryption for email is pretty Good Privacy (PGP).

    http://www.pgpi.org/

    Index for PGP

    http://www.spywarewarrior.com/uiuc/ss/pgp/pgp-idx.htm


    So for your answer, it is unsafe to do confidential transactions or financial transactions at a hotel.

    Oldsod
    Best regards.
    oldsod

  5. #5
    rbmcn Guest

    Default Re: Persistent Worm.VBS.Solow.a

    Thanks again Oldsod, I am obliged. I will trot down to the bank and do the business in person.

  6. #6
    beswaminathan Guest

    Default Re: Persistent Worm.VBS.Solow.a

    I have the same issue, i have the same problem. but i noticed this only when i upgrade to zone alarm 7 from 6.5, ver6.5 doesn't detects it. apart from this. now im unable to open any drives by double click, but only by right click.

    can some one help me in this.

    In my pc, remote access, system restore & file sharing are alread disabled and ZA is updated automatically every instant and full system scan is done.

    I have to enable the boot scan in BIOS. i think it may do some harm to my HDD also.


    some one can help me.....

    apart from this, now my IE home page & title is changed, i manually edited the registry(main) after some time the home page again gets changed. i ran a deep inspection scan and everyday the temp folder in my PC is washed out thoroughly in safe mode and start up programs are monitored.

    thank you
    Swaminathan

  7. #7
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Persistent Worm.VBS.Solow.a

    Software cannot wreck a harddrive. It is physically impossible.

    Your IE title page and homepage got changed by malware.

    Opening drives by clicks is under the windows settings.

    Help places>

    Computer viruses - What are they>

    http://www.virus.gr/english/fullxml/...asp?id=2&mnu=2

    Virus tutorial>

    http://www.cknow.com/vtutor/index.html

    Viris/Worm Removal tools>

    http://windowsxp.mvps.org/Tools.htm

    Spyware Warior Self Help>

    http://spywarewarrior.com/sww-help.htm

    Anti-virus and safe computing introduction >

    http://claymania.com/nav-map.html

    How to remove a Trojan, Virus, Worm, or other Malware>

    http://www.bleepingcomputer.com/tuto...torial101.html

    Good Self Help from HJT forum ( very good self help guide for all users- from new to experienced users- in good step by step guide formats)

    http://forums.majorgeeks.com/showthread.php?t=35407

    http://www.dslreports.com/faq/13616

    http://www.spywarewarrior.com/viewtopic.php?t=272

    *(read and do this one before cleaningup)*

    Also good>

    http://www.spywarewarrior.com/viewtopic.php?t=6914

    Oldsod
    Best regards.
    oldsod

  8. #8
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Persistent Worm.VBS.Solow.a

    You could do some online scans- they are free and do require the IE since they use Active X components>

    http://www.bitdefender.com/scan8/ie.html

    http://www.ewido.net/en/onlinescan/

    These both detect and remove infections.

    Freeware to use to help>

    http://www.emsisoft.com/en/software/free/

    http://www.superantispyware.com/

    Oldsod
    Best regards.
    oldsod

  9. #9
    beswaminathan Guest

    Default Re: Persistent Worm.VBS.Solow.a

    I will try the web links and get back to you.


    bye
    SAM

  10. #10
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Persistent Worm.VBS.Solow.a

    Hi Swaminathan

    You got some sort of spyware installed on the PC. Actually the term malware is more appropiate for the label of this issue. Malware stands for "malicious software". It is very much like spyware- it does not destroy the PC like the hardrive killer viruses (actually called viri). It just harasses the uses to no end, or is sending out spam or denial of service attacks to a very selective server or is reporting info about you to somewhere.

    Usually for these type of infections, just do this-

    Do not bank or shop on-line or use any personal info
    Change the signins and passwords for banks or financial companies
    Remember to always backup your files, data and personal things

    If it seems to much work to actually repair or remove the nasty infections, the HDD can be wiped by an eraser disk, the drive can be reformatted to NTFS, the windows can be reinstalled, drivers installed and updated, security and files replaced again and all updates from windows installed. Although it does take a couple days of time, the actual time invested is about a day or so.

    Erase disk are recommended for several reasons:
    reformats do no kill rootkits and some types of trojans.
    erasing the disk makes it absolutely clean with no leftovers underneath the new install, and hence the actual windows reinstall runs a little better.

    Eraser disks are commercial or freeware.


    http://dban.sourceforge.net/

    http://www.iolo.com/ds/3/

    http://www.download.com/Eraser/3000-...-10231813.html

    Even with a complete erase of a HDD, rootkits have been known to survive in the BIOS and the actual memory and the boot partition. Wiping the drive completely from end to end will erase the boot partition. Re-installing the BIOS or flashing the BIOS will clean the BIOS. Killing anything in the memory is done by pulling the power cord out of the wall and instantly killng the PC, when the erase is just finished. A little extra work and if the HDD is failing or very old, it may actually be ruined from the immediate power loss- a new drive or one in good condition should be okay from that torture.

    Some users in the effort to remove rootkits have actually killed the power, pulled the harddrive out and then just replaced it with a brand new drive, reinstalled, and never touched any recent files for the reinstall of the OS. There was a chance some of the more recent backed-up files could have been infected and they are not willing to risk a re-infection.


    I usually back-up files and things to a seperate USB HDD. It is physical seperate. Plus I have two machines and each one has info from the other, for a just-in-case the other PC and the USB HDD both go wrong. Lots of thing can be backed-up on CD or DVD. Very handy. Or just some flashdrives-plus they are very portable.

    Oldsod

    Message Edited by Oldsod on 03-02-2007 10:29 AM
    Best regards.
    oldsod

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •