Virus Trouble

NarfwakNarfwak Join Date: 2002-11-02 Member: 5258Members, Super Administrators, Forum Admins, NS1 Playtester, Playtest Lead, Forum Moderators, Constellation, NS2 Playtester, Squad Five Blue, Reinforced - Supporter, Reinforced - Silver, Reinforced - Gold, Reinforced - Diamond, Reinforced - Shadow, Subnautica PT Lead, NS2 Community Developer
in Off-Topic
I first noticed a problem when I awoke this morning; my ping on all of my favorite server was nearly three times as much as it generally was. Wondering what could be wrong, I installed Norton Antivirus. While it was installing, my ping continued to rise peaking at nearly 400, although it has since settled around 250 (which is still absolutely ridiculous). When I finally got Norton installed and scanned my system, it found one file to be infected with Backdoor.Sdbot.dr. I deleted the file and restarted my computer, which had no effect on the ping situation. I scanned and restarted again, also restarting my modem and router. I did not find anything more, and my ping showed no improvement.

Now, short of reinstalling windows or reformatting my HD (both of which I would like to avoid), does anyone have any other advice? I'm essentially unable to play games online until I resolve this issue.
Off Topic Disagree Agree Awesome

Comments

  • DruBoDruBo Back In Beige Join Date: 2002-02-06 Member: 172Members, NS1 Playtester
    Update Norton's definitions. If your ICMP (ping) traffic is spiking that much, it's entirely possible you have Welchia, which finds new targets to infect by spamming ping.

    You can get Norton's removal tool for it <a href='http://www.symantec.com/avcenter/FixWelch.exe' target='_blank'>here</a>.

    Also, check your system services (ctrl+alt+delete, task manager, services) for suspicious things, like zillions of entries for svchost.exe.
    Off Topic Disagree Agree Awesome
  • NarfwakNarfwak Join Date: 2002-11-02 Member: 5258Members, Super Administrators, Forum Admins, NS1 Playtester, Playtest Lead, Forum Moderators, Constellation, NS2 Playtester, Squad Five Blue, Reinforced - Supporter, Reinforced - Silver, Reinforced - Gold, Reinforced - Diamond, Reinforced - Shadow, Subnautica PT Lead, NS2 Community Developer
    edited October 2003
    <!--QuoteBegin--DrunkenBozo+Oct 24 2003, 07:54 PM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (DrunkenBozo @ Oct 24 2003, 07:54 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> Update Norton's definitions. If your ICMP (ping) traffic is spiking that much, it's entirely possible you have Welchia, which finds new targets to infect by spamming ping.

    You can get Norton's removal tool for it <a href='http://www.symantec.com/avcenter/FixWelch.exe' target='_blank'>here</a>.

    Also, check your system services (ctrl+alt+delete, task manager, services) for suspicious things, like zillions of entries for svchost.exe. <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
    I did update my definitions and patch the software before I scanned. I do have several entries of svchost.exe running. Any advice on what I should do with that?

    Edit: Number of entries has been ruled to be normal. Ran netstat and found nothing abnormal.

    Edit: Linked scanning program found nothing.
    Off Topic Disagree Agree Awesome
  • ZunniZunni The best thing to happen to I&amp;S in a long while Join Date: 2002-11-26 Member: 10016Members
    How do your pings to other things look??

    It may be your network connection....
    Off Topic Disagree Agree Awesome
  • NarfwakNarfwak Join Date: 2002-11-02 Member: 5258Members, Super Administrators, Forum Admins, NS1 Playtester, Playtest Lead, Forum Moderators, Constellation, NS2 Playtester, Squad Five Blue, Reinforced - Supporter, Reinforced - Silver, Reinforced - Gold, Reinforced - Diamond, Reinforced - Shadow, Subnautica PT Lead, NS2 Community Developer
    I pinged google.com. Average ping was 404 ms. Additionally, while I was downloading the tool that DruBo linked to, DAP pinged the FTP sites at around 250 ms. So it's not just an HL server thing. I'm thinking that it might be someone trying to DoS either myself or my ISP, although this is nothing more than conjecture at this point.
    Off Topic Disagree Agree Awesome
  • lolfighterlolfighter Snark, Dire Join Date: 2003-04-20 Member: 15693Members
    Hmm, I've got three entries for svchost. What does that mean?
    Off Topic Disagree Agree Awesome
  • NarfwakNarfwak Join Date: 2002-11-02 Member: 5258Members, Super Administrators, Forum Admins, NS1 Playtester, Playtest Lead, Forum Moderators, Constellation, NS2 Playtester, Squad Five Blue, Reinforced - Supporter, Reinforced - Silver, Reinforced - Gold, Reinforced - Diamond, Reinforced - Shadow, Subnautica PT Lead, NS2 Community Developer
    Okay, I downloaded and ran adaware, finding 48 problems (!). I nuked them all and restarted my comp, but this has still not fixed the problem.
    Off Topic Disagree Agree Awesome
  • CobyCoby Join Date: 2002-11-11 Member: 8210Members
    edited October 2003
    Ok, guys, supposedly since you have multiple svchosts running means that you have WinXP (or some other that uses those, win2k3?), and it is normal to have 3-5 running, and by any means don't shut them or you may freeze your OS. That's all I can say, can't help with the pinging thing, just helping out with the svchost thing <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->

    [edit] More info about SVCHost.exe <a href='http://support.microsoft.com/?kbid=314056' target='_blank'>here</a> [/edit]
    Off Topic Disagree Agree Awesome
  • NarfwakNarfwak Join Date: 2002-11-02 Member: 5258Members, Super Administrators, Forum Admins, NS1 Playtester, Playtest Lead, Forum Moderators, Constellation, NS2 Playtester, Squad Five Blue, Reinforced - Supporter, Reinforced - Silver, Reinforced - Gold, Reinforced - Diamond, Reinforced - Shadow, Subnautica PT Lead, NS2 Community Developer
    Okay, as oddly as thing ping problem materialized, it has now gone away. I have no idea how it happened - maybe somone was attacking my ISP, who knows. In any case, thanks to DruBo and others.
    Off Topic Disagree Agree Awesome
  • lolfighterlolfighter Snark, Dire Join Date: 2003-04-20 Member: 15693Members
    Sometimes a server along the way just has a bad day. The internet "hiccoughs" occasionally. Has happened to me a few times over the years.
    Off Topic Disagree Agree Awesome
  • HawkeyeHawkeye Join Date: 2002-10-31 Member: 1855Members
    Solar flares are screwing up internet connections, so all packets are having to take alternate routes to servers, delaying the speed by a crapload if it doesn't have enough time to optimize the routing.

    It could have been a coincidence, and the virus didn't do anything to your internet. Backdoors rarely touch your settings. They want to be quiet not obvious, so they can continue to transmit data in the least conspicuous way.
    Off Topic Disagree Agree Awesome
  • NarfwakNarfwak Join Date: 2002-11-02 Member: 5258Members, Super Administrators, Forum Admins, NS1 Playtester, Playtest Lead, Forum Moderators, Constellation, NS2 Playtester, Squad Five Blue, Reinforced - Supporter, Reinforced - Silver, Reinforced - Gold, Reinforced - Diamond, Reinforced - Shadow, Subnautica PT Lead, NS2 Community Developer
    <!--QuoteBegin--Hawkeye+Oct 25 2003, 02:48 AM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Hawkeye @ Oct 25 2003, 02:48 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> Solar flares are screwing up internet connections, so all packets are having to take alternate routes to servers, delaying the speed by a crapload if it doesn't have enough time to optimize the routing.

    It could have been a coincidence, and the virus didn't do anything to your internet. Backdoors rarely touch your settings. They want to be quiet not obvious, so they can continue to transmit data in the least conspicuous way. <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
    I did later figure out that the virus hadn't even become a problem - I hadn't even opened the file, so there was no way that it was doing damage. The adware found was also not related. I was thinking that the solar flare sounded a bit far fetched; however, now that you mention it, it may have been the problem.
    Off Topic Disagree Agree Awesome
  • lolfighterlolfighter Snark, Dire Join Date: 2003-04-20 Member: 15693Members
    <!--QuoteBegin--Hawkeye+Oct 25 2003, 04:48 AM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Hawkeye @ Oct 25 2003, 04:48 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Solar flares are screwing up internet connections, so all packets are having to take alternate routes to servers, delaying the speed by a crapload if it doesn't have enough time to optimize the routing. 

    It could have been a coincidence, and the virus didn't do anything to your internet.  Backdoors rarely touch your settings.  They want to be quiet not obvious, so they can continue to transmit data in the least conspicuous way.<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
    That would explain my high pings to Lunix yesterday (we're on different sides of the Atlantic).
    Off Topic Disagree Agree Awesome
Sign In or Register to comment.