PDA

View Full Version : Virus message!


Fred_Smith
15-08-2004, 19:14
HI,

HAs anyone had the message 'Virus Infection alert' (URL http://outbreak.ntl.net) It said that I had the virus Netsky

Thanks

paulyoung666
15-08-2004, 19:25
the link goes nowhere , have you checked to see if you do have the virus :)

Fred_Smith
15-08-2004, 19:32
oops wrong link should be http://outbreak.ntli.net i have norton antivirus running all the time & that hasn't picked up anything. I also have ZoneAlarm running as well & that hasn't picked up any dodgy traffic. I have also run adaware & spybot....

greencreeper
15-08-2004, 20:26
Sounds like NTL's walled garden - again :rolleyes:

It's likely that you don't have the virus. Good luck getting out the garden - you might have to phone NTL.

Chris W
15-08-2004, 21:38
follow the instructions on the site, and about 3 hours later you should be released from the walled garden automatically. You might need to reboot the cable modem to be released.

If this doesn't help, get onto TS and they can get you released.

greencreeper
15-08-2004, 21:50
follow the instructions on the site, and about 3 hours later you should be released from the walled garden automatically. You might need to reboot the cable modem to be released.

If this doesn't help, get onto TS and they can get you released.

Always assuming he has the virus in the first place :) Following the instructions if you don't have the virus won't do any harm - won't do any good neither :D

Fred_Smith
15-08-2004, 22:21
HI all, I followed the instructions, ran the virus checker. No virus found..... Left it for about half an hour, one of my PC's on my network was stuck with the error, but the other one was ok. Rebooted my router & cable modem, all now working. Does anyone know what triggers this to happen, especially as I didn't seem to have the virus.

Thanks

nate
15-08-2004, 23:21
If your computer is broadcasting on the port(s) that the netsky virus uses, your computer will most likely be walled gardened, which is what you were seeing.

Fred_Smith
17-08-2004, 21:55
What are the port numbers?
Thanks

greencreeper
17-08-2004, 22:17
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.d@mm.html

With the looks of it, Netsky doesn't use ports - just sends emails. I'm not sure what NTL are on about :erm:

Grampy
19-08-2004, 17:42
I had the above message just over an hour ago when opening my netscape 7 browser. Followed the instructions but there was no sign of netsky. Still cannot use netscape 7 or my e-mail client (mailwasher or outlook express) but I can access the internet using Internet Explorer (which I hate and only use when sites I visit don't work properly with Netscape 7. My wife has a laptop which is on a wired network sharing my internet connection this uses IE and is still working ok. Any suggestions.

nffc
19-08-2004, 19:05
I had the above message just over an hour ago when opening my netscape 7 browser. Followed the instructions but there was no sign of netsky. Still cannot use netscape 7 or my e-mail client (mailwasher or outlook express) but I can access the internet using Internet Explorer (which I hate and only use when sites I visit don't work properly with Netscape 7. My wife has a laptop which is on a wired network sharing my internet connection this uses IE and is still working ok. Any suggestions. Ring NTL? Reboot your modem?

Grampy
19-08-2004, 20:02
Ring NTL? Reboot your modem?

Tried rebooting modem no change. What number do I ring please?

Ramrod
19-08-2004, 20:20
Tried rebooting modem no change. What number do I ring please?tech support is on 0845 6500125

Fred_Smith
19-08-2004, 22:35
Perhaps this was conincidence then because I installed both Opera & Mozilla

Grampy
21-08-2004, 13:45
Spoke to tech support whoo talked me throughtd pinging sites using command line without problem but I still cannot acces my e-mails or use netscape 7. Tech support say I must still have a virus I have run avg, stinger & panda active scan but no sign of a virus.

Ramrod tech support for wales area is 0845 6500121. I used your number and after holding for about 25 minutes I was informed that I should have used the above number, I was redirected and had to wait a further 20 minutes.

I'm still in the walled garden HELP!!

Grampy
21-08-2004, 15:48
Further to previous post

I have run the command "netstat -an" and there is no reference to the computer listening to ports 25 or 110. How do I get the computer to listen please.

KraGorn
21-08-2004, 15:55
Er, you don't want your computer listening on those ports .. 25 is a SMTP server and 110 is a POP3 server, you run clients not servers so those ports should indeed not be active on your PC.

What makes you think you need them?

Grampy
21-08-2004, 19:22
because it states here that the computer should be listening
http://support.microsoft.com/default.aspx?scid=kb;en-us;q191687

and that they should be open allowing me to access my e-mails but they aren't.

Stuartbe
21-08-2004, 19:32
because it states here that the computer should be listening
http://support.microsoft.com/default.aspx?scid=kb;en-us;q191687

and that they should be open allowing me to access my e-mails but they aren't.

As KraGorn just explained. These are server ports and should not be open on your pc unless you are running a mail server.

Ports 25 and 110 will be open on the ISP's mail server to allow email flow. If you cant connect with outlook try the following command.

telnet *isp mail server* 25

Grampy
21-08-2004, 20:08
As KraGorn just explained. These are server ports and should not be open on your pc unless you are running a mail server.

Ports 25 and 110 will be open on the ISP's mail server to allow email flow. If you cant connect with outlook try the following command.

telnet *isp mail server* 25


Tried that and recieved message "could not open a connection to pop.ntlworld.com"

Ramrod
21-08-2004, 20:31
Ramrod tech support for wales area is 0845 6500121. I used your number and after holding for about 25 minutes I was informed that I should have used the above number, I was redirected and had to wait a further 20 minutes.

I'm still in the walled garden HELP!!
Sorry m8. Didn't know the number was different for Wales :dunce:

greencreeper
21-08-2004, 20:39
Tried that and recieved message "could not open a connection to pop.ntlworld.com"

Try either

telnet pop.ntlworld.com 110
telnet smtp.ntlworld.com 25

Grampy
21-08-2004, 20:42
Try either

telnet pop.ntlworld.com 110
telnet smtp.ntlworld.com 25


Tried that get same message!!! Off for a drink now speak tomorrow Thanks

KraGorn
21-08-2004, 23:24
because it states here that the computer should be listening
http://support.microsoft.com/default.aspx?scid=kb;en-us;q191687

and that they should be open allowing me to access my e-mails but they aren't.
That's a typically unhelpful and confusing Microsoft 'knowledge base' (sic) article, the comment:

To work around this behavior, make ports 110 and 25 available.
is referring to those ports on the SERVER your e-mail client, eg. Outlook Express, is connecting to, it is NOT referring to your PC. :)


Open a command prompt, aka. 'DOS box', and enter:

tracert pop.ntlworld.com

and post the output you get.

Paul
21-08-2004, 23:50
because it states here that the computer should be listening
http://support.microsoft.com/default.aspx?scid=kb;en-us;q191687
Nope, it states the server should be listening, not your pc. :)

Open a command prompt on the Exchange Server computer. You have to modify the command prompt properties, because the data scrolls off the screen ........

greencreeper
22-08-2004, 00:14
Just for clarity...

Client - your PC
Server - a computer that provides one or more services

Client ---request---> Server ---response---> Client

Client --get email ID 501--> Server --copy of email ID 501--> Client

A server isn't really a machine - the defining characteristic is the software that runs on the machine, and it's that which determines whether a machine is a server or not. My PC is both client and server because it runs a email proxy (piece of software).

Grampy
22-08-2004, 01:20
Microsoft(R) Windows 98
(C)Copyright Microsoft Corp 1981-1999.

C:\WINDOWS\Desktop>tracert pop.ntlworld.com

Tracing route to pop.ntlworld.com [212.250.1.6]
over a maximum of 30 hops:

1 10 ms 8 ms 7 ms 127.0.0.1 [10.157.135.254]
2 9 ms 10 ms 8 ms 127.0.0.1 [62.254.254.197]
3 9 ms 8 ms 7 ms 127.0.0.1 [62.254.253.169]
4 11 ms 11 ms 10 ms 127.0.0.1 [213.105.172.49]
5 10 ms 11 ms 10 ms 127.0.0.1 [213.105.172.86]
6 17 ms 15 ms 15 ms 127.0.0.1 [213.105.172.150]
7 21 ms 14 ms 14 ms 127.0.0.1 [213.105.172.157]
8 15 ms 14 ms 14 ms pop.ntlworld.com [212.250.1.6]

Trace complete.


This what I get when I type tracert pop.ntlworld.com

Hope it helps Off to bed now

Chris W
22-08-2004, 04:23
Ramrod tech support for wales area is 0845 6500121. I used your number and after holding for about 25 minutes I was informed that I should have used the above number, I was redirected and had to wait a further 20 minutes.



WRONG

the technical support numbers (again) are as follows...

Cable Modem in Langley Areas- 0845 650 0121 (and yes this includes wales)
Cable Modem in Bromley Areas- 0845 650 0925
STB broadband, - 0845 650 0125

If you are not sure whether you live in a Langley or Bromley area, PM me your postcode so i can check, or when you call, enter your correct home phone number when request, and that will redirect you to the right queue.

MB

greencreeper
22-08-2004, 04:40
Microsoft(R) Windows 98
(C)Copyright Microsoft Corp 1981-1999.

C:\WINDOWS\Desktop>tracert pop.ntlworld.com
<snip>



Open a command prompt again and type:

ipconfig /all > c:\windows\desktop\ipconfig.txt

A file should appear on your desktop - post the contents.

Grampy
22-08-2004, 11:11
Open a command prompt again and type:

ipconfig /all > c:\windows\desktop\ipconfig.txt

A file should appear on your desktop - post the contents.

Here is the contents of the file

Windows 98 IP Configuration
Host Name . . . . . . . . . : BAGPUSS
DNS Servers . . . . . . . . : 212.250.1.6
Node Type . . . . . . . . . : Broadcast
NetBIOS Scope ID. . . . . . :
IP Routing Enabled. . . . . : Yes
WINS Proxy Enabled. . . . . : No
NetBIOS Resolution Uses DNS : No

0 Ethernet adapter :
Description . . . . . . . . : PPP Adapter.
Physical Address. . . . . . : 44-45-53-54-00-00
DHCP Enabled. . . . . . . . : Yes
IP Address. . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . :
DHCP Server . . . . . . . . : 255.255.255.255
Primary WINS Server . . . . :
Secondary WINS Server . . . :
Lease Obtained. . . . . . . :
Lease Expires . . . . . . . :

1 Ethernet adapter :
Description . . . . . . . . : Microsoft TV/Video Connection
Physical Address. . . . . . : 00-00-00-00-00-00
DHCP Enabled. . . . . . . . : No
IP Address. . . . . . . . . : 3.0.0.2
Subnet Mask . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . :
Primary WINS Server . . . . :
Secondary WINS Server . . . :
Lease Obtained. . . . . . . :
Lease Expires . . . . . . . :

2 Ethernet adapter :
Description . . . . . . . . : F5D5000, PCI Card/Desktop Network PCI Card
Physical Address. . . . . . : 00-30-BD-1A-C7-C1
DHCP Enabled. . . . . . . . : No
IP Address. . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . :
Primary WINS Server . . . . :
Secondary WINS Server . . . :
Lease Obtained. . . . . . . :
Lease Expires . . . . . . . :

3 Ethernet adapter :
Description . . . . . . . . : ICSHARE Adapter.
Physical Address. . . . . . : 00-02-8A-60-36-A5
DHCP Enabled. . . . . . . . : Yes
IP Address. . . . . . . . . : 81.103.***.*** (Mod Edit - have removed ip)
Subnet Mask . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . : 81.103.***.***(My Edit - have removed address)
DHCP Server . . . . . . . . : 62.252.32.20
Primary WINS Server . . . . :
Secondary WINS Server . . . :
Lease Obtained. . . . . . . : 08 22 04 10:03:24
Lease Expires . . . . . . . : 08 22 04 10:33:24

Hope this helps

KraGorn
22-08-2004, 11:51
Microsoft(R) Windows 98
(C)Copyright Microsoft Corp 1981-1999.

C:\WINDOWS\Desktop>tracert pop.ntlworld.com
...SNIP...

This what I get when I type tracert pop.ntlworld.com

Hope it helps Off to bed now
It tells us you PC can resolve the name and seems to be able to reach the POP server .. in which case normally one would conclude one of:

1) there's no POP server running on the target machine
2) their firewall is blocking connection attempts to the POP server
3) you have a firewall on your PC which is blocking outbound connection attempts to their POP server
4) you have a firewall blocking the response
5) any other reason I can't think of :)

(4) is extremely unlikely of the rest it's hard to say .. 'fraid right now I'm a bit stumped, not sure what greencreeper was looking for in that ipconfig output, my knowledge of that is limited but I don't see anything amiss.

:confused:

Grampy
22-08-2004, 12:52
It tells us you PC can resolve the name and seems to be able to reach the POP server .. in which case normally one would conclude one of:

1) there's no POP server running on the target machine
2) their firewall is blocking connection attempts to the POP server
3) you have a firewall on your PC which is blocking outbound connection attempts to their POP server
4) you have a firewall blocking the response
5) any other reason I can't think of :)

(4) is extremely unlikely of the rest it's hard to say .. 'fraid right now I'm a bit stumped, not sure what greencreeper was looking for in that ipconfig output, my knowledge of that is limited but I don't see anything amiss.

:confused:

Tried turning off firewall but all responses are the same
Thanks for you input

I had thought that someone may have obtained my e-mail password and is using my address, so ntl are blocking access. I have just changed my password so will see if there is any improvement as time goes on, but I'm not holding my breath.

I tried using a different pc to log on to my e-mails and the blocking is also an that machine and IE on that machine has the virus alert page as well now.

greencreeper
22-08-2004, 12:57
(4) is extremely unlikely of the rest it's hard to say .. 'fraid right now I'm a bit stumped, not sure what greencreeper was looking for in that ipconfig output, my knowledge of that is limited but I don't see anything amiss.


I was wondering why pop.ntlworld.com resolves to 212.250.1.6 instead of the actual IP address of the pop server which is 62.253.162.50. I've just done a DNS lookup on the 212.250.1.6 address and it resolves to outbreak.ntli.net, which rather suggests you're still in the walled garden and you won't ever leave the garden until NTL let you out. Phone them (again) :)

It's high time NTL dropped the flaming walled garden - causes far more trouble than it solves.

Grampy
22-08-2004, 15:32
I was wondering why pop.ntlworld.com resolves to 212.250.1.6 instead of the actual IP address of the pop server which is 62.253.162.50. I've just done a DNS lookup on the 212.250.1.6 address and it resolves to outbreak.ntli.net, which rather suggests you're still in the walled garden and you won't ever leave the garden until NTL let you out. Phone them (again) :)

It's high time NTL dropped the flaming walled garden - causes far more trouble than it solves.

NTL are insisting that I still have a virus even though I've run stinger, Avg & panda online virus checker. How can I insist on them releasing me.
I have also been contacted by several people who have sent me e-mails (which I have received using webmail to access my account) but they are being told that they are undeliverable!!

paulyoung666
22-08-2004, 15:36
NTL are insisting that I still have a virus even though I've run stinger, Avg & panda online virus checker. How can I insist on them releasing me.
I have also been contacted by several people who have sent me e-mails (which I have received using webmail to access my account) but he is being told that they are undeliverable!!


it looks as though that is going to be the only way i am afraid , when you ring them ask for a supervisor and see if that helps , or is there an ntl office near you , it might help to knock on the door and see what happens :erm:

greencreeper
22-08-2004, 18:01
it looks as though that is going to be the only way i am afraid , when you ring them ask for a supervisor and see if that helps , or is there an ntl office near you , it might help to knock on the door and see what happens :erm:


Agree. Be pushy - threaten to withhold payment. Sounds like they're treating you as yet another muppet user with a virus.

I don't know why NTL staff have such faith in NTL systems :no:

KraGorn
23-08-2004, 18:09
I was wondering why pop.ntlworld.com resolves to 212.250.1.6 instead of the actual IP address of the pop server which is 62.253.162.50. I've just done a DNS lookup on the 212.250.1.6 address and it resolves to outbreak.ntli.net, which rather suggests you're still in the walled garden and you won't ever leave the garden until NTL let you out. Phone them (again) :)
Gotcha, didn't consider that. :o

Grampy
04-10-2004, 20:06
Sorry for such a delay getting back to you all. Finally got round to talking to someone with sense at ntl world and it looks like I am out of the walled garden.
greencreeper was correct about the dns address being incorrect. I'll keep my fingers crossed for a few days to make sure it's ok. Thanks to everyone for your help.

greencreeper
04-10-2004, 21:24
Sorry for such a delay getting back to you all. Finally got round to talking to someone with sense at ntl world and it looks like I am out of the walled garden.
greencreeper was correct about the dns address being incorrect. I'll keep my fingers crossed for a few days to make sure it's ok. Thanks to everyone for your help.
Glad you got out :D

paulyoung666
04-10-2004, 21:38
Sorry for such a delay getting back to you all. Finally got round to talking to someone with sense at ntl world and it looks like I am out of the walled garden.
greencreeper was correct about the dns address being incorrect. I'll keep my fingers crossed for a few days to make sure it's ok. Thanks to everyone for your help.


a result in the end , its a shame it took so long :erm:

Grampy
11-10-2004, 13:20
Well I had it sorted for two days then it went completely (no internet connection at all) so contacted NTL again they ended up sending an engineer to check modem. He said the signal was too strong fitted a thingy(forward path attenuator 10db) on the input of the modem. All seems ok again.

Again thanks for all your help.