About a month ago, one of my computers was infected by a webpage that hijacked it and ran some crap. I didn't have Virus Scan running automatic file scanning at the time, so I thought that I might have picked something up. I ran Virus Scan which found 3 viruses. I also ran a couple other web-based scans, (Panda, Trend-Micro) and the computer looked clean. So, this morning AVG finds a Trojan Horse Dialer imbedded in Java deployment....\FILE\SECURI~1.CLA. Well, I'm glad that I found it and many thanks to the link for the Grisoft product, but should I be concerned that the security of the PC may be violated? I run one of my IB accounts on this computer as well as Quicken. Any help would be appreciated! P.S. I've run the Grisoft product on all 3 of our computers (OS-W2K) and have had no problems.
I have been using Norton Antivirus, and SPY Bot and Lava Soft for cleaning ad and tracking files. Plus my Internet provider has all ports stealthed. Not being a computer Guru, I assumed this was sufficient. Nonetheless, last week my trading program would constantly shutdown making it unworkable. Turned out it was some kind of a worm or trojan using my TCP port 135, sending out lots of data bursting. Neither Norton nor the stealth blocking had prevented this. Luckily I found a program to resolve the issue made by Agnitum called Outpost Firewall Pro. With this I was able to block all incoming and outgoing internet connections and traffic that is not necessary. It also has a dynamic menu of all connections and you can make specific rules for each connection both inbound and outbound. The added feature is that it blocks most ads based on size and keyword content. It also has a detailed log of all connections allowed, all connections blocked, all ads blocked, etc. It also shows the svchost.exe process, as for example being connected to TCP port 135. And with the program, I simply click on a proconfigured rule to disallow that connection inbound and outbound. Really simple. The only downside to this program is that they are located in Cyprus and there is no phone support, but the email support has been fair. IMHO there are numerous bugs with the program that they tell me they are working on. I had also been advised to disable Netbios over TCP/IP and DCOM. But with the Outpost program it would not have been necessary to do so. Good Luck and Good trading
the number of these is not important : they represent some - but not all - of the services. They can however be connected to trojan services. However the presence of svchost does not necessarily imply a problem. To find out whats going on us the free tools available at sysinternals.com: these allow you to see exactly which dlls are loaded by the processes running on your system and to monito things like tcp/ip connections, file system handles and allocations/deallocations, process launches, system security token usage etc. Using these free tools you can always figure out exactlky what is going on if you have any doubts about the quality of your virus checkers or if you are suspicious about some type of system activity. Like I have said numerous times .... You should get a clean install on your system, install the applications for your trading systems, and after teh system is stable do NOT install any other software. You also need to be behind a firewall and monitoring product.
Do you have recommendations for firewall (s/w or h/w)? What other monitoring software do you use? My pc's sit behind the Linksys cable modems, with a router behind that. Then each pc uses Zonealarm. I use Webroot Window Washer to keep the cache clean, and Norton AV for antivirus. Any comments on that? Thx