I recently had a BIG problem with a virus and it took me three days to solve it. The name of the virus is Vundo.gen!R. I got rid of it using Malware's Anti Malware program. I found out that I had lost my Windows Firewall when I upgraded to Service Pack3. It disabled it and put it on Group policy. I still haven't solved that one!
Anyway, I installed Sygate as a firewall and left Windows Firewall disabled. I use AVG as anti-virus protection with Sygate as a firewall. It has been four days now without a problem. I happy!
I have a question I hope someone will be able to answer. When Sygate blocks program from getting into the computer, you have an option to do a backtrace and know where it is coming from. There is one persistent program that keeps getting blocked. I'll try to paste it here.
Blocked Trace
OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US
NetRange: 192.168.0.0 - 192.168.255.255
CIDR: 192.168.0.0/16
NetName: IANA-CBLK1
NetHandle: NET-192-168-0-0-1
Parent: NET-192-0-0-0-0
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for special purposes.
Comment: Please see RFC 1918 for additional information.
Comment: http://www.arin.net/reference/rfc/rfc1918.txt RegDate: 1994-03-15
Updated: 2007-11-27
OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: abuse@iana.org
OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: abuse@iana.org
# ARIN WHOIS database, last updated 2008-08-31 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
9/1/2008 5:27:46 AM - Blocked - 10 - Incoming - ICMP - 192.168.0.1 00-0F-B3-5A-54-36 - 3 - 192.168.0.3 - 00-17-31-8C-87-F0 3 HP_Administrator - MAXDESK - Normal = 1 - 9/1/2008 5:26:41 AM 9/1/2008 5:26:41 AM Block_all
(The above was on one long line on the report)
The following describes the 'hops' it took. The first one is mine.
Hops 1. 192.168.01 6. 63.237.224.30
2. 63.231.1.10.217 7. 207.46.36.249
3. 71.217.184.193 8. 207.46.34.14
4. 67.14.1.194 9. 10.22.8.10
5 205.171.26.38 xxx xxx 65.55.15.122(R?
The "hops" seem to indicate that they are trying to hide where they are coming from; is that true?
I can understand part of it, but I need to know if I have anything to worry about, or should I just ignore it, or set Sygate to allow the program to access my computer.
If anyone can enlighten me, I would appreciate it.
Woah... I didn't know that Sygate was that advanced, being able to backtrace all the way through routed destinations.
However, it may seem that inbound protection is not exactly configurable in most firewalls, and I suppose you can only set the level of security or something.
I'm not too familiar with Sygate. Last I heard, it got absorbed into Norton's Firewall. That is why I don't think my interpretation of the Sygate log will be accurate, but I do know that Sygate used to be a very effective firewall, and if it blocks something, it has a valid reason for doing so, so all you have to do is trust it.
Also, you have recently just gotten rid of Vundo? Vundo is notorious for changing settings on your computer. Perhaps some setting is calling for a program to access your computer. It would be best to check further.
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed. Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing. To be or not to be; thats a dumb question.
This message has been edited since posting. Last time this message was edited on 2. September 2008 @ 23:13
I started a reply and hit ctrl + ?? (mant to hit shift) and everything disappeared.
Starting over.
I had also queried another forum about IANA and was sent this link, which was interesting to say the least. I am sort of a neophyte in urls and tracing stuff on the net, but I'm learning.
I intend to query Quest about this to see if they know something about the incoming traffic to my computer. I am not on any local network that the letter from IANA mentioned, but it might have something to do with Quest and their use of urls.
I just did another scaan with Malwarebyte's Anti Malware and it came up clean, as did another scan by AVG. If you know of another scan that would provide deeper probing, I'd like to know about it.
You are right about Sygate being purchased by Symantec's Norton, but they still have a spearate site that provides some support, and they still have the free version available.
Thanks for your reply. Like I said, I'm still learning and help from pros like yourself is valuable for a guy like me.
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed. Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing. To be or not to be; thats a dumb question.
