yosemitest

Question, How do I use the Firewall Log to block in or out information?

Recommended Posts

Hello,

Can someone tell me how to use the Firewall Log Information to block or verify that data coming in or out of my computer is safe?

Below is a log that I'm concerned about, and I what to know how to decipher it.

31/12/10 07:41:58  	 [TDI] UDP, Listen, 0.0.0.0:68 <- 0.0.0.0:0, C:\WINDOWS\system32\svchost.exe(892/2596)
	 [TDI] Passed by rule: "UDP, <-- svchost.exe, [68,123,137-138,1900], +(*), -(China;Russian Federation;)"
31/12/10 07:43:01  	 [TDI] UDP, Listen, 169.254.32.12:138 <- 0.0.0.0:0, System(4/48)
	 [TDI] Passed by rule: "UDP, <-- System, [137-138,445], +(*), -(China;Russian Federation;)"
31/12/10 07:43:01  	 [TDI] UDP, Listen, 169.254.32.12:137 <- 0.0.0.0:0, System(4/48)
	 [TDI] Passed by rule: "UDP, <-- System, [137-138,445], +(*), -(China;Russian Federation;)"
31/12/10 07:43:01  	 [TDI] TCP, Listen, 169.254.32.12:139 <- 0.0.0.0:0, System(4/48)
	 [TDI] Passed by rule: "TCP, <-- System, [139,445], +(*), -(China;Russian Federation;)"
31/12/10 07:43:01  	 [TDI] UDP, Listen, 169.254.32.12:123 <- 0.0.0.0:0, C:\WINDOWS\system32\svchost.exe(892/1272)
	 [TDI] Passed by rule: "UDP, <-- svchost.exe, [68,123,137-138,1900], +(*), -(China;Russian Federation;)"
31/12/10 07:43:01  	 [TDI] UDP, Listen, 127.0.0.1:1900 <- 0.0.0.0:0, C:\WINDOWS\system32\svchost.exe(1084/3688)
	 [TDI] Passed by rule: "UDP, <-- svchost.exe, [68,123,137-138,1900], +(*), -(China;Russian Federation;)"
31/12/10 07:43:02  	 [TDI] UDP, Connect, 127.0.0.1:1037 -> 127.0.0.1:1037, C:\WINDOWS\system32\svchost.exe(892/1272)
	 [TDI] Passed by rule: "UDP, --> svchost.exe, [0-65535], +(*), -(China;Russian Federation;)"
31/12/10 07:43:03  	 ARP -> 256   169.254.32.12(00-02-3F-DC-C2-7D)   169.254.32.12(00-00-00-00-00-00)
31/12/10 07:43:03  	 UDP -> 169.254.32.12:137, 169.254.255.255:137, System(4/48)
	 Passed by rule: "UDP, --> System, [137,,2180], +(*), -(China;Russian Federation;)"
31/12/10 07:43:03  	 UDP -> 169.254.32.12:137, 169.254.255.255:137, System(4/48)
	 Passed by access list (0/1)
31/12/10 07:43:03  	 UDP -> 169.254.32.12:1040, 239.255.255.250:1900, C:\WINDOWS\system32\svchost.exe(892/0)
	 Passed by rule: "UDP, --> svchost.exe, [0-65535], +(*), -(China;Russian Federation;)"
31/12/10 07:43:03  	 UDP -> 169.254.32.12:137, 169.254.255.255:137, System(4/0)
	 Passed by access list (0/2)
31/12/10 07:43:04  	 UDP <- 169.254.32.12:68, 192.168.1.254:67
	 Rule not found. Packet dropped.
31/12/10 07:43:04  	 UDP <- 169.254.32.12:68, 192.168.1.254:67
	 Rule not found. Packet dropped.
31/12/10 07:43:04  	 UDP <- 169.254.32.12:68, 192.168.1.254:67
	 Rule not found. Packet dropped.
31/12/10 07:43:04  	 UDP <- 169.254.32.12:68, 192.168.1.254:67
	 Rule not found. Packet dropped.
31/12/10 07:43:04  	 UDP -> 169.254.32.12:137, 169.254.255.255:137, System(4/0)
	 Passed by access list (0/2)
31/12/10 07:43:04  	 [TDI] UDP, Listen, 0.0.0.0:68 <- 0.0.0.0:0, C:\WINDOWS\system32\svchost.exe(892/4052)
	 [TDI] Passed by rule: "UDP, <-- svchost.exe, [68,123,137-138,1900], +(*), -(China;Russian Federation;)"
31/12/10 07:43:04  	 UDP <- 169.254.32.12:68, 192.168.1.254:67, C:\WINDOWS\system32\svchost.exe(892/4052)
	 Passed by rule: "UDP, <-- svchost.exe, [68,123,137-138,1900], +(*), -(China;Russian Federation;)"
31/12/10 07:43:04  	 UDP <- 169.254.32.12:68, 192.168.1.254:67, C:\WINDOWS\system32\svchost.exe(892/4052)
	 Passed by access list (0/3)
31/12/10 07:43:04  	 [TDI] UDP, Listen, 192.168.1.1:123 <- 0.0.0.0:0, C:\WINDOWS\system32\svchost.exe(892/1272)
	 [TDI] Passed by rule: "UDP, <-- svchost.exe, [68,123,137-138,1900], +(*), -(China;Russian Federation;)"
31/12/10 07:43:04  	 ARP -> 256     192.168.1.1(00-02-3F-DC-C2-7D)     192.168.1.1(00-00-00-00-00-00)
31/12/10 07:43:05  	 UDP -> 192.168.1.1:1040, 239.255.255.250:1900, C:\WINDOWS\system32\svchost.exe(892/0)
	 Passed by access list (2/3)
31/12/10 07:43:06  	 [TDI] UDP, Listen, 192.168.1.1:68 <- 0.0.0.0:0, C:\WINDOWS\system32\svchost.exe(892/4052)
	 [TDI] Passed by rule: "UDP, <-- svchost.exe, [68,123,137-138,1900], +(*), -(China;Russian Federation;)"
31/12/10 07:43:06  	 [TDI] UDP, Listen, 127.0.0.1:1900 <- 0.0.0.0:0, C:\WINDOWS\system32\svchost.exe(1084/3688)
	 [TDI] Passed by rule: "UDP, <-- svchost.exe, [68,123,137-138,1900], +(*), -(China;Russian Federation;)"
31/12/10 07:43:07  	 [TDI] UDP, Listen, 192.168.1.1:138 <- 0.0.0.0:0, System(4/48)
	 [TDI] Passed by rule: "UDP, <-- System, [137-138,445], +(*), -(China;Russian Federation;)"
31/12/10 07:43:07  	 [TDI] UDP, Listen, 192.168.1.1:137 <- 0.0.0.0:0, System(4/48)
	 [TDI] Passed by rule: "UDP, <-- System, [137-138,445], +(*), -(China;Russian Federation;)"
31/12/10 07:43:07  	 [TDI] TCP, Listen, 192.168.1.1:139 <- 0.0.0.0:0, System(4/48)
	 [TDI] Passed by rule: "TCP, <-- System, [139,445], +(*), -(China;Russian Federation;)"
31/12/10 07:43:07  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/48)
	 Passed by rule: "UDP, --> System, [137,,2180], +(*), -(China;Russian Federation;)"
31/12/10 07:43:07  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/48)
	 Passed by access list (2/4)
31/12/10 07:43:07  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/48)
	 Passed by access list (2/4)
31/12/10 07:43:07  	 [TDI] UDP, Connect, 127.0.0.1:1041 -> 127.0.0.1:1041, C:\WINDOWS\system32\svchost.exe(892/3580)
	 [TDI] Passed by rule: "UDP, --> svchost.exe, [0-65535], +(*), -(China;Russian Federation;)"
31/12/10 07:43:07  	 [TDI] UDP, Connect, 192.168.1.1:1046 -> 239.255.255.250:1900, C:\WINDOWS\system32\svchost.exe(892/3580)
	 [TDI] Passed by rule: "UDP, --> svchost.exe, [0-65535], +(*), -(China;Russian Federation;)"
31/12/10 07:43:07  	 UDP -> 192.168.1.1:1046, 239.255.255.250:1900, C:\WINDOWS\system32\svchost.exe(892/0)
	 Passed by rule: "UDP, --> svchost.exe, [0-65535], +(*), -(China;Russian Federation;)"
31/12/10 07:43:07  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (2/5)
31/12/10 07:43:08  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (2/5)
31/12/10 07:43:16  	 [TDI] UDP, Connect, 127.0.0.1:1047 -> 127.0.0.1:1047, C:\WINDOWS\system32\svchost.exe(892/3580)
	 [TDI] Passed by rule: "UDP, --> svchost.exe, [0-65535], +(*), -(China;Russian Federation;)"
31/12/10 07:43:17  	 [TDI] UDP, Connect, 0.0.0.0:53847 -> 192.168.1.254:53, C:\WINDOWS\system32\svchost.exe(1024/1624)
	 [TDI] Passed by rule: "UDP, --> svchost.exe, [0-65535], +(*), -(China;Russian Federation;)"
31/12/10 07:43:17  	 [TDI] UDP, Connect, 0.0.0.0:54270 -> 192.168.1.254:53, C:\WINDOWS\system32\svchost.exe(1024/628)
	 [TDI] Passed by rule: "UDP, --> svchost.exe, [0-65535], +(*), -(China;Russian Federation;)"
31/12/10 07:43:17  	 [TDI] UDP, Listen, 127.0.0.1:1900 <- 0.0.0.0:0, C:\WINDOWS\system32\svchost.exe(1084/2264)
	 [TDI] Passed by rule: "UDP, <-- svchost.exe, [68,123,137-138,1900], +(*), -(China;Russian Federation;)"
31/12/10 07:43:18  	 [TDI] UDP, Connect, 0.0.0.0:54270 -> 192.168.1.254:53, C:\WINDOWS\system32\svchost.exe(1024/628)
	 [TDI] Passed by rule: "UDP, --> svchost.exe, [0-65535], +(*), -(China;Russian Federation;)"
31/12/10 07:43:18  	 [TDI] UDP, Listen, 127.0.0.1:123 <- 0.0.0.0:0, C:\WINDOWS\system32\svchost.exe(892/1176)
	 [TDI] Passed by rule: "UDP, <-- svchost.exe, [68,123,137-138,1900], +(*), -(China;Russian Federation;)"
31/12/10 07:43:18  	 [TDI] UDP, Listen, 127.0.0.1:123 <- 0.0.0.0:0, C:\WINDOWS\system32\svchost.exe(892/2892)
	 [TDI] Passed by rule: "UDP, <-- svchost.exe, [68,123,137-138,1900], +(*), -(China;Russian Federation;)"
31/12/10 07:44:57  	 [TDI] UDP, Listen, 0.0.0.0:68 <- 0.0.0.0:0, C:\WINDOWS\system32\svchost.exe(892/2108)
	 [TDI] Passed by rule: "UDP, <-- svchost.exe, [68,123,137-138,1900], +(*), -(China;Russian Federation;)"
31/12/10 07:45:00  	 [TDI] UDP, Listen, 192.168.1.1:138 <- 0.0.0.0:0, System(4/48)
	 [TDI] Passed by rule: "UDP, <-- System, [137-138,445], +(*), -(China;Russian Federation;)"
31/12/10 07:45:00  	 [TDI] UDP, Listen, 192.168.1.1:137 <- 0.0.0.0:0, System(4/48)
	 [TDI] Passed by rule: "UDP, <-- System, [137-138,445], +(*), -(China;Russian Federation;)"
31/12/10 07:45:00  	 [TDI] TCP, Listen, 192.168.1.1:139 <- 0.0.0.0:0, System(4/48)
	 [TDI] Passed by rule: "TCP, <-- System, [139,445], +(*), -(China;Russian Federation;)"
31/12/10 07:45:00  	 ARP <- 512     192.168.1.1(00-02-3F-DC-C2-7D)   192.168.1.254(00-24-C8-A7-87-D0)
31/12/10 07:45:00  	 [TDI] UDP, Connect, 192.168.1.1:1059 -> 239.255.255.250:1900, C:\WINDOWS\system32\svchost.exe(892/3580)
	 [TDI] Passed by rule: "UDP, --> svchost.exe, [0-65535], +(*), -(China;Russian Federation;)"
31/12/10 07:45:00  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/48)
	 Passed by access list (2/5)
31/12/10 07:45:00  	 UDP -> 192.168.1.1:1059, 239.255.255.250:1900, C:\WINDOWS\system32\svchost.exe(892/0)
	 Passed by rule: "UDP, --> svchost.exe, [0-65535], +(*), -(China;Russian Federation;)"
31/12/10 07:45:01  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (2/6)
31/12/10 07:45:02  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (2/6)
31/12/10 07:45:02  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (2/6)
31/12/10 07:45:03  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (2/6)
31/12/10 07:45:03  	 UDP -> 192.168.1.1:1059, 239.255.255.250:1900, C:\WINDOWS\system32\svchost.exe(892/0)
	 Passed by access list (5/6)
31/12/10 07:45:04  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (0/4)
31/12/10 07:45:05  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (0/4)
31/12/10 07:45:05  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (0/4)
31/12/10 07:45:06  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (0/4)
31/12/10 07:45:06  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (0/4)
31/12/10 07:45:06  	 UDP -> 192.168.1.1:1059, 239.255.255.250:1900, C:\WINDOWS\system32\svchost.exe(892/0)
	 Passed by access list (3/4)
31/12/10 07:45:07  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (0/4)
31/12/10 07:45:07  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (0/4)
31/12/10 07:45:08  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (0/4)
31/12/10 07:45:08  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (0/4)
31/12/10 07:45:08  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (0/3)
31/12/10 07:45:08  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (0/3)
31/12/10 07:45:09  	 UDP -> 192.168.1.1:138, 192.168.1.255:138, System(4/0)
	 Passed by rule: "UDP, --> System, [137,,2180], +(*), -(China;Russian Federation;)"
31/12/10 07:45:09  	 UDP -> 192.168.1.1:138, 192.168.1.255:138, System(4/0)
	 Passed by access list (1/4)
31/12/10 07:45:09  	 [TDI] UDP, Connect, 127.0.0.1:1060 -> 127.0.0.1:1060, C:\WINDOWS\system32\svchost.exe(892/3580)
	 [TDI] Passed by rule: "UDP, --> svchost.exe, [0-65535], +(*), -(China;Russian Federation;)"
31/12/10 07:45:12  	 UDP -> 192.168.1.1:138, 192.168.1.255:138, System(4/0)
	 Passed by access list (1/4)
31/12/10 07:45:12  	 UDP -> 192.168.1.1:138, 192.168.1.255:138, System(4/0)
	 Passed by access list (1/4)
31/12/10 07:45:15  	 [TDI] UDP, Connect, 0.0.0.0:56657 -> 192.168.1.254:53, C:\WINDOWS\system32\svchost.exe(1024/1624)
	 [TDI] Passed by rule: "UDP, --> svchost.exe, [0-65535], +(*), -(China;Russian Federation;)"
31/12/10 07:45:15  	 UDP -> 192.168.1.1:138, 192.168.1.255:138, System(4/0)
	 Passed by access list (1/4)
31/12/10 07:45:15  	 UDP -> 192.168.1.1:56657, 192.168.1.254:53, C:\WINDOWS\system32\svchost.exe(1024/0)
	 Passed by rule: "UDP, --> svchost.exe, [0-65535], +(*), -(China;Russian Federation;)"
31/12/10 07:45:15  	 UDP -> 192.168.1.1:138, 192.168.1.255:138, System(4/0)
	 Passed by access list (1/5)
31/12/10 07:45:16  	 UDP -> 192.168.1.1:56657, 192.168.1.254:53, C:\WINDOWS\system32\svchost.exe(1024/0)
	 Passed by access list (4/5)
31/12/10 07:45:16  	 UDP -> 192.168.1.1:138, 192.168.1.255:138, System(4/0)
	 Passed by access list (1/5)
31/12/10 07:45:17  	 UDP -> 192.168.1.1:56657, 192.168.1.254:53, C:\WINDOWS\system32\svchost.exe(1024/0)
	 Passed by access list (3/4)
31/12/10 07:45:22  	 UDP <- 192.168.1.1:56657, 192.168.1.254:53, C:\WINDOWS\system32\svchost.exe(1024/0)
	 Passed by access list (3/4)
31/12/10 07:45:22  	 UDP -> 192.168.1.1:138, 192.168.1.255:138, System(4/0)
	 Passed by access list (1/4)
31/12/10 07:45:22  	 UDP -> 192.168.1.1:138, 192.168.1.255:138, System(4/0)
	 Passed by access list (1/4)
31/12/10 07:45:22  	 UDP -> 192.168.1.1:56657, 192.168.1.254:53, C:\WINDOWS\system32\svchost.exe(1024/0)
	 Passed by access list (3/4)
31/12/10 07:45:22  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (0/4)
31/12/10 07:45:22  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (0/4)
31/12/10 07:45:22  	 UDP <- 192.168.1.1:56657, 192.168.1.254:53, C:\WINDOWS\system32\svchost.exe(1024/0)
	 Passed by access list (3/4)
31/12/10 07:45:22  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (0/4)
31/12/10 07:45:22  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (0/4)
31/12/10 07:45:22  	/C74  ICMP -> Destination unreachable(Network unreachable error) 192.168.1.1 192.168.1.254, Passed by policy (LAN)
31/12/10 07:45:22  	 UDP <- 192.168.1.1:56657, 192.168.1.254:53, C:\WINDOWS\system32\svchost.exe(1024/0)
	 Passed by access list (3/4)
31/12/10 07:45:22  	/C74  ICMP -> Destination unreachable(Network unreachable error) 192.168.1.1 192.168.1.254, Passed by policy (LAN)
31/12/10 07:45:22  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (0/4)
31/12/10 07:45:23  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (0/4)
31/12/10 07:45:24  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (0/4)
31/12/10 07:45:24  	 UDP -> 192.168.1.1:137, 192.168.1.255:137, System(4/0)
	 Passed by access list (0/4)
31/12/10 07:45:25  	 UDP -> 192.168.1.1:138, 192.168.1.255:138, System(4/0)
	 Passed by access list (1/4)
31/12/10 07:45:25  	 UDP -> 192.168.1.1:138, 192.168.1.255:138, System(4/0)
	 Passed by access list (1/4)
31/12/10 07:45:25  	 UDP -> 192.168.1.1:138, 192.168.1.255:138, System(4/0)
	 Passed by access list (1/4)
31/12/10 07:45:25  	 UDP -> 192.168.1.1:138, 192.168.1.255:138, System(4/0)
	 Passed by access list (1/4)
31/12/10 07:45:29  	 UDP -> 192.168.1.1:138, 192.168.1.255:138, System(4/0)
	 Passed by access list (1/4)
31/12/10 07:45:29  	 UDP -> 192.168.1.1:138, 192.168.1.255:138, System(4/0)
	 Passed by access list (1/4)
31/12/10 07:45:29  	 UDP -> 192.168.1.1:138, 192.168.1.255:138, System(4/0)
	 Passed by access list (1/4)
31/12/10 07:45:29  	 UDP -> 192.168.1.1:138, 192.168.1.255:138, System(4/0)
	 Passed by access list (1/4)
31/12/10 07:45:29  	 UDP -> 192.168.1.1:138, 192.168.1.255:138, System(4/0)
	 Passed by access list (1/4)
31/12/10 07:45:30  	 [TDI] UDP, Connect, 0.0.0.0:55806 -> 192.168.1.254:53, C:\WINDOWS\system32\svchost.exe(1024/1080)
	 [TDI] Passed by rule: "UDP, --> svchost.exe, [0-65535], +(*), -(China;Russian Federation;)"
31/12/10 07:45:31  	 UDP -> 192.168.1.1:55806, 192.168.1.254:53, C:\WINDOWS\system32\svchost.exe(1024/0)
	 Passed by rule: "UDP, --> svchost.exe, [0-65535], +(*), -(China;Russian Federation;)"
31/12/10 07:45:31  	 UDP -> 192.168.1.1:138, 192.168.1.255:138, System(4/0)
	 Passed by access list (1/5)
31/12/10 07:45:31  	 UDP <- 192.168.1.1:55806, 192.168.1.254:53, C:\WINDOWS\system32\svchost.exe(1024/0)
	 Passed by access list (3/5)
31/12/10 07:45:31  	 UDP -> 192.168.1.1:138, 192.168.1.255:138, System(4/0)
	 Passed by access list (1/5)

End of Log.

Sincerely, Yosemitest

Share this post


Link to post
Share on other sites

Hi Yosemitest :)

The log entries are formatted as follows:

They show the protocol used (eg UDP, TCP, ICMP etc), an arrow indicating the direction of the connection (pointing left for “In” and right for “Out”), the source address and port followed by the destination address and port (formatted as “address:port”), and the program that created the connection. Immediately following the file name and path of the program creating the connection will be the Process ID and Thread ID of the program, formatted as "(PID/TID)."

The second line of the log entry shows information about how the Firewall handled each event and why. Using a portion of your log below as an example, the second line indicates that this connection was allowed because there was a matching rule for it. The ports in brackets indicate the port or port range that is set for the applicable rule. The "+(*)" indicates whitelisted countries or IP's for this rule. There are no whitelisted countries or IP's in this example so it shows as "(*)". The -(China;Russian Federation;) indicates that China and the Russian Federation are blacklisted for this rule.

31/12/10 07:43:04 UDP <- 169.254.32.12:68, 192.168.1.254:67, C:\WINDOWS\system32\svchost.exe(892/4052)
Passed by rule: "UDP, <-- svchost.exe, [68,123,137-138,1900], +(*), -(China;Russian Federation;)"

Share this post


Link to post
Share on other sites

Thanks CatPrincess,

I'm trying to learn how to use my Online Armor++.

I'm pretty sure I have a boot mbr rootkit on both my "C" drive and my "E" drive that I use for my backups.

I'm trying to stop it, but I don't know enough DOS or C language to root it out.

"SpywareHammer" was a great help, until they blocked me.

Malwarebytes' is trying to help me now, but short of reformatting both drives and loading from scratch with my factory disk, there's little hope of getting rid of this problem.

I have alot on my "E" drive that I need to save, and I'm guessing the only way to do that is to a flash drive, stick drive.

My system is old, a toshiba A76 S226 laptop with Windows XP SP3.

Do you have any suggestions on how to stop this MBR Malware root kit?

Sincerely, yosemitest

Share this post


Link to post
Share on other sites

Do you have any suggestions on how to stop this MBR Malware root kit?

There's a malware removal help section on this forum here http://support.emsisoft.com/forum/6-malware-removal-help/ However, we did discuss on the old forum how the people at SpywareHammer (who like the people that work with the malware removal section here; are experts on malware removal) had helped you before with this issue and told you more than once that your computer was clean.

Share this post


Link to post
Share on other sites

Thanks for the link, CatPrincess,

Just because they say it's clean, doesn't mean it's clean.

I have two files that I keep deleting, that keep coming back, and something is trying to send a very large file out of my computer to the internet.

I just unplug the cable to stop it, and wait for the firewall log to show that the file is stopped.

Sincerely, Yosemitest.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.