Virus problem with network [Resolved]

[Guest]

[juraikken]

hello i'm new to COMODO and this forum so i have a few questions. recently my ISP has claimed that i have a malicious virus that disables my firewall to send unwanted emails to other people in the network. and because of this they shut off my computer. then i got COMODO so im hoping COMODO will stop this virus from doing this. i want to know what to do to stop it from doing it because my Windows XP firewall is crap and i was guided to COMODO for help. =)

[juraikken]

um can anyone help? 96 people have looked at it...no one knows what i can do? =/

[zvaragabor]

Install a third party firewall (e.g. Comodo Firewall Pro). CFP's HIPS module will probably catch that worm on your machine. XP SP2 built in firewall is a simple inbound packet filter, it can't block outgoing traffic, so that worm can easily connect to anywhere, and can send spam. Actually it can do anything.

Also install a 3rd party antivirus. Nod32 or Avira are good choices. But you can choose any other big name.

Or even you can run online scanners to find the malware. Just a few of them:
- http://housecall.trendmicro.com/
- http://www.kaspersky.com/virusscanner
- http://support.f-secure.com/enu/home/ols.shtml
- http://www.bitdefender.com/scan8/ie.html

[juraikken]

awesome! thank you ill get to it ASAP! 

btw whats HIPS module?

[Ragwing]

btw whats HIPS module?

HIPS, which stands for Host Intrustion Prevention System, is a a software (in this case, a part of CFP 3) that will alert you if an unknown .exe tries to run (this will catch the virus). It will also do a lot of other things, like monitor keyboard against unauthorized access (keylogger protection), and tell you if something tries to shutdown your computer, kill your security processes or other things.
So in short words, it's like a firewall for your OS!

Cheers,
Ragwing

[juraikken]

cool thanks. i have it set on "train with safe mode" is that ok?

[LeoniAquila]

cool thanks. i have it set on "train with safe mode" is that ok?

Yeah, that's a secure mode.

LA

[Ragwing]

To follow up your problem, has Defense+ detected the malicious process? I don't really know how Train with Safe Mode works, since I've always used Paranoid Mode for maximum protection.
Else, the firewall should alert you about the malware trying to connect to the Internet.

Cheers,
Ragwing

[juraikken]

actually yes, COMODO discovered it trying to send out a signal to an IP Address in New Jersey so it would know what to spam. and once it tried that, COMODO asked me if it was ok, and i saw that it was "trying to connect to another computer" so i denied it. so basically i stopped it from sending out the spam, thanks to COMODO. but that didnt solve the virus problem. i talked to a computer physician who loves to analyze viruses and he discovered a backdoor trojan by the name of "dxdss.sys" that was executing the request and now both COMODO can protect my computer from doing things like that, and the virus is gone. =)

[Ragwing]

I'm glad you solved the problem
Defense+ only checks .exe, so that's possible why it didn't catch the backdoor program.
I'll close this thread now that your problem is solved. PM me or another online moderator if you want it opened again for some reason.

Cheers,
Ragwing

[Tags:]