|
I understood the headaches I went through at work today since our network is like a sieve, but at home:
I have an up-to-date AV data file, plus a firewall on my router, PLUS ZoneAlarm. (I'm running Win2K, btw.) I've run the "Probe My Ports" test and all that, and theoretically, my network is invisible to the outside world. I checked the log on my router and port 135 is constantly getting pounded. I check the log on ZoneAlarm and didn't see any attempts to reach Port 135 (or any port, for that matter since the router firewall seems to be working). And yet, when I checked my PC, I saw the same symptoms as the ones I saw at work! So, either the symptom I'm seeing isn't really a sympton and I'm safer than I thought (I don't tend to think that way, though), or my computer got infected by some other method (but the only method I've read about is unauthorized exploits through port 135).
The symptom I had was watching tftp.exe "miraculously" restore itself in the system32 directory after I rename it or delete it. I didn't see it active in Task Manager, either, so I'm not sure who restored it.
Once I ran the updates and patches, I was able to delete the restored instances of tftp.exe without having them return, so I'm pretty confident that I was attacked. But I'll be damned if I can figure out how.
|