Guest yoos Posted April 30, 2005 Report Posted April 30, 2005 (edited) So I was browsing the net the other day and received 4 viruses very quickly. I immediately ran Norton and got rid of the 4 viruses, but the Norton security alert now keeps on saying "Inbound UDP service: bootps" every 20-50 seconds?!?! I rebooted several times, reran virus scan several times, ran 4 different spyware programs (some of them several times and all definitions were up to date), took off all the strange looking startup items in msconfig and I STILL get these security alerts every 20-50 seconds! I searched the net too and couldn't find anything that made sense to me. Anyone have any input/advice on how to fix this and what this is???? Here's the log in Norton (I really don't even understand what this is saying): Rule "Inbound UDP service: bootps" blocked (169.254.76.155,bootps(67)). Details: Inbound UDP packet Local address,service is (255.255.255.255,bootps(67)) Remote address,service is (169.254.76.155,bootpc(68)) Process name is "N/A"Here are the original viruses I had (and I don't recall seeing any of these alerts until I received this): Date: 4/28/2005, Time: 19:19:50, mike on XXXPC The file C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\ULJ4HOFI\counter[1].htm is infected with the Download.Trojan virus. Unable to repair this file. Date: 4/28/2005, Time: 19:19:50, mike on XXXPC The file C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\ULJ4HOFI\counter[1].htm is infected with the Download.Trojan virus. Access to the file was denied. Date: 4/28/2005, Time: 19:19:52, mike on XXXPC The file C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\RUO3FLCT\exploit[1].htm is infected with the MHTMLRedir.Exploit virus. Unable to repair this file. Date: 4/28/2005, Time: 19:19:52, mike on XXXPC The file C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\RUO3FLCT\exploit[1].htm is infected with the MHTMLRedir.Exploit virus. Access to the file was denied. Date: 4/28/2005, Time: 19:19:52, mike on XXXPC The file C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\8JRNEKPH\loader6[1].htm is infected with the JS.Downloader.Trojan virus. Unable to repair this file. Date: 4/28/2005, Time: 19:19:52, mike on XXXPC The file C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\8JRNEKPH\loader6[1].htm is infected with the JS.Downloader.Trojan virus. Access to the file was denied. Date: 4/28/2005, Time: 19:19:54, mike on XXXPC The file C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\QPHURM5S\loader1[1].jar is infected with the Trojan.ByteVerify virus. Unable to repair this file. Date: 4/28/2005, Time: 19:19:54, mike on XXXPC The file C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\QPHURM5S\loader1[1].jar is infected with the Trojan.ByteVerify virus. Access to the file was denied. Date: 4/28/2005, Time: 19:19:54, mike on XXXPC The file C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\1FNN5PCE\web2[1].htm is infected with the Trojan.Adwareloader virus. Unable to repair this file. Date: 4/28/2005, Time: 19:19:54, mike on XXXPC The file C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\1FNN5PCE\web2[1].htm is infected with the Trojan.Adwareloader virus. Access to the file was denied. Date: 4/28/2005, Time: 19:20:28, mike on XXXPC The file C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\UVMRYLEF\counter[1].htm is infected with the Download.Trojan virus. Unable to repair this file. Date: 4/28/2005, Time: 19:20:28, mike on XXXPC The file C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\UVMRYLEF\counter[1].htm is infected with the Download.Trojan virus. Access to the file was denied. Date: 4/28/2005, Time: 19:20:30, mike on XXXPC The file C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\KDIRK1UN\exploit[1].htm is infected with the MHTMLRedir.Exploit virus. Unable to repair this file. Date: 4/28/2005, Time: 19:20:30, mike on XXXPC The file C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\KDIRK1UN\exploit[1].htm is infected with the MHTMLRedir.Exploit virus. Access to the file was denied. Date: 4/28/2005, Time: 19:20:30, mike on XXXPC The file C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\2P5EU3H2\loader6[1].htm is infected with the JS.Downloader.Trojan virus. Unable to repair this file. Date: 4/28/2005, Time: 19:20:30, mike on XXXPC The file C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\2P5EU3H2\loader6[1].htm is infected with the JS.Downloader.Trojan virus. Access to the file was denied. Date: 4/28/2005, Time: 19:20:30, mike on XXXPC The file C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\S9E70HMN\web2[1].htm is infected with the Trojan.Adwareloader virus. Unable to repair this file. Date: 4/28/2005, Time: 19:20:30, mike on XXXPC The file C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\S9E70HMN\web2[1].htm is infected with the Trojan.Adwareloader virus. Access to the file was denied. Date: 4/28/2005, Time: 19:36:46, mike on XXXPC Virus scan started. Date: 4/28/2005, Time: 20:24:06, mike on XXXPC The compressed file GetAccess.class within C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\QPHURM5S\classload[1].jar is infected with the Trojan.ByteVerify virus. The file was quarantined. Date: 4/28/2005, Time: 20:24:06, mike on XXXPC The compressed file InsecureClassLoader.class within C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\QPHURM5S\classload[1].jar is infected with the Trojan.ByteVerify virus. The file was quarantined. Date: 4/28/2005, Time: 20:24:06, mike on XXXPC The compressed file Dummy.class within C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\QPHURM5S\classload[1].jar is infected with the Trojan.ByteVerify virus. The file was quarantined. Date: 4/28/2005, Time: 20:24:06, mike on XXXPC The compressed file Installer.class within C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\QPHURM5S\classload[1].jar is infected with the Trojan.ByteVerify virus. The file was quarantined. Edited April 30, 2005 by yoos
Guest mupwangle Posted April 30, 2005 Report Posted April 30, 2005 (edited) I once counted how many alerts I got from zonealarm in an evening and I think it was around 1500. To be honest I reckon that it is a windows messenger message (not to be confused with MSN messenger). Messenger is for lan's so that the server or administrator can send messages to PCs warning them of system shutdowns, issues and whatever. In recent years spammers have been using them to send spam directly to your screen. Really bloody annoying. Also it looks like a proper windows message so people are often tricked into it. Update - OK, I'm wrong. I'll leave what I posted up above as it is useful to know, but your particular message is normal for broadband. Apparently (and I didn't know this) is that is just requests for IP addresses being broadcast to other computers on the network - since they don't yet have an IP it has to be broadcast. Just tell norton to stop telling you. Edit : This is quite a useful site to look at. Some of it is a bit techie but it tells you what all the port numbers mean... http://www.linuxsecurity.com/resource_file...ewall-seen.html Edited April 30, 2005 by mupwangle
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now