I picked up the Bagle virus the other day from a spoofed e-mail address that I thought was my wife. I have it all deleted ( I hope ). Now my Sygate Firewall is going nuts. I am constantly getting a security log alert that someone is looking at my computer. The source IP is 10.248.147.193. I have it blocked but they keep trying. Is there any way to stop this person from trying to hack me ?

You could try disconnecting for a long period meaning your router and modem. Somtimes after a period of time your isp will assign a new ip address to your system. The time varies so no guarentee. :D

If you're using a router, you can spoof the addy of your own IP to get a new IP from your ISP. Or spoof the IP of a PC on your network, same deal.
Done from the routers logon page.

If you don't have a router, you can swap out your nic to get a new IP.
Or as posted above, shut down for a few days,( until the lease on your IP is up, and you might get a new IP.

I would send an email to your isp - explain the situation. They can either block that IP from their net or give you a new ip.

Skye

Just in case, have a look at this page at Sophos (http://www.sophos.com/support/disinfection/baglea.html) and you will find BagleGUI that may help. The variant also helps if you know it.

Croc.

I unplugged my modem for half a day or so, released and renewed and received a different IP address. Was surfing last night and my firewall went off again with a major attack. Someone is scanning my computer. The new IP address that was scanning me is 68.102.4.99. I tried to back trace and use the WHOIS function but it came up blank. I ran the resolve program that was recomended and it said there is no trace of the virus. How can someone still be scanning my computer after I changed IP's ?

How can someone still be scanning my computer after I changed IP's ?

Because a port scanner can be set to scan a range of addresses. Example:
SCAN THESE: 68.102.4.01 - 68.102.4.255

The guy who is scanning you is a COX customer in the CoX Atlanta Region:
68.96.0.0 - 68.111.255.255
Cox Communications Inc.
1400 Lake Hearn Drive
Atlanta, GA, 30319
US

The source IP is 10.248.147.193

That is either a spoofed address of the one who is scanning you, but unlikely because all 10.xx.xx.xx IP addresses are local addresses. It is possible that you are infected with a backdoor-remote access trojan and the trojan's server assigned itself that IP address.

I downloaded and ran the trojan remover Simply Super Software Trojan Remover 6.1.9 and it found no trojans.

Just after my last post I happened to look at the Sygate icon in the corner of my monitor and it was flashing again. Another major alert "someone is scanning your computer". This time the IP address was 68.48.86.77. I have no virus's or trojans. How am I going to stop this ?

Originally posted by iflog
Just after my last post I happened to look at the Sygate icon in the corner of my monitor and it was flashing again. Another major alert "someone is scanning your computer". This time the IP address was 68.48.86.77. I have no virus's or trojans. How am I going to stop this ?

:rotfl: First off calm down. You may have been a wide open target earler but it sounds like you have locked it down. You are going to continue to get scanned just like everyone else. Let sygate do its job and alert you when it happens. Some of the alerts of these software firewalls is enough to make you scared and I understand that but being scanned is by far not a "major alert".

Where you been hidin Mr greEd? Often wonder what your up to these days. :)

quote:The source IP is 10.248.147.193



Are you on cable? I used to get scanned constantly by comcast - they were looking for servers.

Which port are you being hit on?

Originally posted by cyberskye
Are you on cable?

Check his sig. ;)

Originally posted by blebs99
Where you been hidin Mr greEd? Often wonder what your up to these days. :)

Working ALOT ontop of starting my own consulting business keeps me very busy. :D

I lurk around here quite a bit but most of you guys provide more than enough information to help those looking for security questions. :)

Keep well blebs !

greEd

Working ALOT ontop of starting my own consulting business keeps me very busy

ahem...when is web site gonna be reactivated?

Thought I would import a backup of my registry I had saved from a few months ago. I receive an error " cannot import, not all data was successfully written by the registry. Some of the keys are open by the system or other processes. ". What gives there ?

Because at the time of backup. A program on your computer was useing the reg key. Try shutting down all programs that run in the back ground before backing up the reg. This may solve your problem.