Internet security

[Zarathustra]

Whenever I log into my admin account in Windows XP, I get several popup warnings from my Norton's Internet Security 2006 Suite. It says a remote computer is attempting to access my computer. Norton's recommendation is to always allow this! Ridiculous.

So, not trusting Norton's judgement, I did some research into the IP address and the port through which this computer was trying to get access: 12.203.193.120: 3779. The IP address belongs to AT&T WorldNet Services, and the port is registered as Cognima Replication. When I did a search for this, I found:

Back in April Simon East CEO of Cognima (www.cognima.com) gave me a demonstration of its Replicate™ technology at the Symbian Exposium03. It was very impressive, requiring no action on the user’s behalf to get contact details and photos replicated onto a server that could then be accessed via the Internet. Since April Replicate has attracted the interest of several major operators including Orange who are currently running formal tests. I caught up with Simon recently and had a chance to talk with him about how Cognima is developing Replicate

A little more research informed me that this being used to keep mobile phones up to date with users' preferences, and it has something to do with Opera browers--but I'm running Firefox.

So why is this computer trying to access mine on this port? Even stranger, when I log into my admin account, I disable my cable modem, so I'm confused as to why I'm getting pop-up warning when I'm supposedly not even connected to the Internet!

Does anyone else have info about this, or any other strange stories of remote computers trying to access yours? Any advice on firewall configuring? I'm going to set up a firewall rule for this IP and port (always block), but I'd still like to know why I'm repeatedly getting this. It happens every day.

[The Laughing Man]

do you use AT&T for your internet service? or maybe it's installed on your PC by the MF, as a trial offer? go to Start>Run: type MSCONFIG and see whats in the startup group....it's a quality of service function no doubt, requiring 2 way communication to help improve your service....see if it's installed on your system, and if it is, and you don't use it, uninstall it. I think the fact that a legitimate company has been found by you to be utilizing this technology can help you relax a little.

[wayfriend]

Spyware. It installs things that open ports on your computer to get commands from the mother ship. It's not always from a virus or a trojan horse. It can be bundled into anything you install. Anything "free" or otherwise too good to be true is suspect. Heck, I downloaded something from Disney once that scared me.

Your firewall isn't flagging it because it assumes if you install something that opens a port and accepts connections, you want it to do that.

I downloaded this thing from Wild Tangent once. I found out it was downloading and installing updates to itself. It doesn't uninstall when you uninstall the thing it's bundled with. It protects itself - it gets control multiple ways and if you don't zap them all in the right order it heals itself and comes back.

There's a lot of good spyware sites you can go to to classify and remove spyware without bying anti-spyware software. Tedious, but doable. Thank goodness for grassroots internet organizations.

You can also review your firewalls list of "permissible" activities and make sure that there's no surprises. Some of these spyware programs no how to deal with the common firewalls.

Here's something I found:

These were the details from the NIS logs:

Details: Attempted Intrusion "Klez_Propagation" against your machine was detected and blocked
Intruder: www.reeddesign.co.uk(62.3.91.17)(pop3(110))
Risk Level: Medium
Protocol: TCP
Attacked IP: localhost.
Attacked Port: 3779

Symantec says that Klez is a virus spread through e-mail. link. You should be able to check if your system is infected with Klez from the info on this page.

[The Laughing Man]

housecall.trendmicro.com/ free online scan, called Housecall, I use it regularly.

[Zarathustra]

Thanks for the help. Yeah, I've checked msconfig already. That was one of the first things I did when I got my computer--shut down a lot of unnecessary stuff loading at start up.

No, I'm not using ATT World Net, but a local cable provider.

I'll check into the spyware. However, since I've told Norton to always block it, I haven't gotten anymore pop ups, but this doesn't mean that the spyware isn't still there and trying in the background, I suppose.

[Loredoctor]

Get 'Adaware' - that program is great. Oh, and look for a registry cleaner, as well.

[Cail]

Are there any good, free registry cleaners out there?

[The Laughing Man]

www.download.com



ALWAYS READ USER OPINIONS, ALL OF THEM, BEFORE DOWNLOADING AND INSTALLING ANYTHING!

[Cail]

I've looked at a couple of them on PCworld.com, but they've all been free scans, not free cleaners.

[Avatar]

Murrin has posted a link to CCleaner somewhere, which seems to do a bit of everything. Very handy little prog. Thanks Murrin. (You'll have to search for the post Cail...I'm lazy and busy...a terrible combination. )

--A

[I'm Murrin]

www.ccleaner.com

[Avatar]

Well, that was easy.

--A

[Loredoctor]

[Cail]

Thanks Murrin!

[Nav]

Some ISPs will try and access you're computer remotely, so it might just be AT&T. I know my firewall (Sygate) used to register a port scan attack from Blueyonder every couple of hours.

I would also recommend installing Javacool's SpywareBlaster. It isn't a spyware remover, instead it prevents spyware from getting on to your system in the first place. I've been running it for a year now and I haven't found a single piece of spyware or adware since.