We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
New router setup, but first virus since got machine!?
dinkie_2
Posts: 198 Forumite
in Techie Stuff
Hi
I just got the Netgear RP614 v2 wired router today, thanks to great advice here. Automatically detected, no problems at all. Tried a few online tests and reports came back as better than had done previously, without a router. I don't know what to check or tweak with the router, but am a bit concerned as McAfee has just reported that New Poly Win32 is in tmp00016f58 file, but it can't clean, quarantine or delete it.
Haven't had a virus at all since getting the computer about a month ago. Have still got the same (XP and McAfee) firewalls running .. I know it isn't ideal to have two running, but keeping an eye on it, and have had no problems with it, and no viruses, until today, after attaching the router and downloading Realplayer (from the realplayer site) and listening to some samples of CD tracks on Amazon! Windows Defender messages came up during this, and I allowed the first instance, as thought it must of course be to do with Realplayer (I didn't download the Google toolbar etc), but then messages kept coming up, to do with firewall access, so I got worried and blocked them, checking it up online first. Turns out it is Realplayer. But then this virus pops up.
Also Windows Defender brings up a failed message whether I block or allow, but it looks like it's doing it. Just had to try to block Gteko, something to do with driver and services changes; SDDMI2 driver changed.
Puzzled, as I thought the router made the system more secure. Am thinking that there's settings I haven't done that I should have, but is first router, and don't know what the settings are/need to be. With online tests coming up with so much better results (Shields Up), I thought XP must have automatically configured it. There's no other firewall exceptions I've made, except for the ones during listening to the CD tracks on Amazon.
Would really appreciate advice.
Many thanks, Cat
I just got the Netgear RP614 v2 wired router today, thanks to great advice here. Automatically detected, no problems at all. Tried a few online tests and reports came back as better than had done previously, without a router. I don't know what to check or tweak with the router, but am a bit concerned as McAfee has just reported that New Poly Win32 is in tmp00016f58 file, but it can't clean, quarantine or delete it.
Haven't had a virus at all since getting the computer about a month ago. Have still got the same (XP and McAfee) firewalls running .. I know it isn't ideal to have two running, but keeping an eye on it, and have had no problems with it, and no viruses, until today, after attaching the router and downloading Realplayer (from the realplayer site) and listening to some samples of CD tracks on Amazon! Windows Defender messages came up during this, and I allowed the first instance, as thought it must of course be to do with Realplayer (I didn't download the Google toolbar etc), but then messages kept coming up, to do with firewall access, so I got worried and blocked them, checking it up online first. Turns out it is Realplayer. But then this virus pops up.
Also Windows Defender brings up a failed message whether I block or allow, but it looks like it's doing it. Just had to try to block Gteko, something to do with driver and services changes; SDDMI2 driver changed.Puzzled, as I thought the router made the system more secure. Am thinking that there's settings I haven't done that I should have, but is first router, and don't know what the settings are/need to be. With online tests coming up with so much better results (Shields Up), I thought XP must have automatically configured it. There's no other firewall exceptions I've made, except for the ones during listening to the CD tracks on Amazon.
Would really appreciate advice.
Many thanks, Cat
0
Comments
-
Sounds like you might have inadvertantly got it from the net, won't have anything to do with your router.
Quick search on google got me this from McAfee site:
http://vil.mcafeesecurity.com/vil/content/v_99969.htm
Heard that McAfee is like Norton, ie not very good. You could try something like F-Secure or F-Prot...have used both and they are very good. Also, Windows firewall is not worth keeping on, especially if you are using a software and now a hardware router already.if i had known then what i know now0 -
Hi j03
I'd done a search on the McAfee site but it came up with no results. Curioser and curioser! I'm sure you're right about McAfee; seen quite a few reports saying it's not the best, but it came free with the computer so I thought I'd give it a go. Many thanks for recommendations. Will definitely give it some thought, as now McAfee's changed it's mind about the virus being there.
Thanks, Cat0 -
Dinkie - if not already done
Change the default admin password on your router - as the whole world will know the default netgear password and your settings will be reachable from down the phone line...Rich people save then spend.
Poor people spend then save what's left.0 -
Mcafee is better than most.. (it has picked it up and blocked it, which may be why you can't delete it, cos it's not there) try doing a scan in safe mode to be sure, and delete your temp files with ccleaner.
The hardware firewall gives you robust protection against hacking from remote locations, but once you lauch ie, you are opening ports up, so can still get infected.Ever get the feeling you are wasting your time? :rolleyes:0 -
GreenNotM wrote:Dinkie - if not already done
Change the default admin password on your router - as the whole world will know the default netgear password and your settings will be reachable from down the phone line...
Hi GreenNotM
Much appreciate advice. Luckily I'd stumbled across a page advising that earlier today, so have done it, thank goodness1 But according to Symantec tests, I've got ICMP Ping, 22 SSH, and 80 HTTP ports open and vulnerable. Can I ask what they are or what to do about them, as I can't make head nor tail about ports and stuff. :eek:
Thanks, Cat0 -
albertross wrote:Mcafee is better than most.. (it has picked it up and blocked it, which may be why you can't delete it, cos it's not there) try doing a scan in safe mode to be sure, and delete your temp files with ccleaner.
The hardware firewall gives you robust protection against hacking from remote locations, but once you lauch ie, you are opening ports up, so can still get infected.
Hi albertross
Thanks for information, especially as I couldn't understand why suddenly the virus was gone when I hadn't been able to do anything to sort it out. Deleted temp files.
Before reading message I'd uninstalled McAfee and put back on ZoneAlarm Pro as the firewall and disabled Windows firewall. About to put Kaspersky back on, but if there are problems will definitely put McAfee back on. Thanks for advice. Will have a think, as it is good that McAfee found it and seems to have sorted it.
Thanks again about your advice regarding the Netgear RP614 v2 last week. Got one on Ebay for half the price, and I don't think anything I've added on has setup and run as easily. The only problem is that I don't know how to configure it to be more secure. The three ports symantec has reported as being open and vulnerable are ICMP Ping, 22 SSH, and 80 HTTP. Haven't dealt with ports etc before!
Thanks, Cat0 -
Try shields up, (all service ports), symantec sometimes reports false positives.
https://www.grc.com/x/ne.dll?bh0bkyd2
and http://www.dslreports.com/tools portscan
http://www.sysinternals.com/Utilities/TcpView.html will tell you what port activity is happening on your PC..
It is possible that zonealarm is holding those ports open, it is supposed to block ports, but actually opens them up, if you have all the automatic updates, check virus checker etc stuff running.. the free lite version is better in this respect, as it doesn't have all the bundled extra's. Perverse I know!
try disabling zonealarm temporarily, and do another testEver get the feeling you are wasting your time? :rolleyes:0 -
Do you have a wan setup page on the router config screen, if so, uncheck the "respond to ping on internet wan port" box, and click apply. this may close the icmp hole..Ever get the feeling you are wasting your time? :rolleyes:0
-
albertross wrote:Try shields up, (all service ports), symantec sometimes reports false positives.
https://www.grc.com/x/ne.dll?bh0bkyd2
and http://www.dslreports.com/tools portscan
http://www.sysinternals.com/Utilities/TcpView.html will tell you what port activity is happening on your PC..
It is possible that zonealarm is holding those ports open, it is supposed to block ports, but actually opens them up, if you have all the automatic updates, check virus checker etc stuff running.. the free lite version is better in this respect, as it doesn't have all the bundled extra's. Perverse I know!
try disabling zonealarm temporarily, and do another test.
Do you have a wan setup page on the router config screen, if so, uncheck the "respond to ping on internet wan port" box, and click apply. this may close the icmp hole..
Hi albertross
Many thanks for advice and links. Much appreciate. Know what you mean about the difference between pro and lite versions.
Just updated then disabled ZoneAlarm, and run Shields Up all ports (100% in stealth mode), and dslreports (100% healthy). Checked the wan setup page and it's unchecked but SPI is checked. This is like talking a different language ... learning a lot! Going to download TcpView.
Thanks, Cat0 -
The tests you are doing is the way to proceed :T - seems symantec was testing your home/pc LAN - i.e PC and router comms - if you was logged into the routers config pages then that would explain the open ports you have above. As long as they cannot be seen from the internet, your LAN is secure :beer: the tests you are doing are from outside systems - so your results look fine.dinkie wrote:Hi GreenNotM
ICMP Internet Control Message Protocol
Ping, Packet Internet Groper ... used to test communications by getting echos from remote systems - just like a sonar
22 SSH, Secure Shell -- Used for secure communications with another systems/hosts
80 HTTP Hyper Text Transport Protocol - Is how internet/web pages - composed of hyper-text - are sent
ports open and vulnerable. Can I ask what they are or what to do about them, as I can't make head nor tail about ports and stuff. :eek:
SPI Stateful Packet Inspection - a form of firewall - a good thing to have ticked - it remembers what requests went out and only allows those returning queries back in.Rich people save then spend.
Poor people spend then save what's left.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.4K Banking & Borrowing
- 252.9K Reduce Debt & Boost Income
- 453.3K Spending & Discounts
- 243.4K Work, Benefits & Business
- 598K Mortgages, Homes & Bills
- 176.6K Life & Family
- 256.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards