Serious Threat

[Elliot]

Hello,

 

I decided to put this under a new thread because the lasting impression it has left on me. Alex and Dibbers have been following my CWS crisis. It was finally resolved this afternoon.

 

A few hours of having the computer on and behind a D-Link hardware firewall and the PCillin Firewall and several other antivirus warning softwares, I found myself vulnerable once again. This time to other variations of the CWS Trojan that quietly got into my computer and were not even triggering the alarms.

 

After carefull meditation I decided to reformat my hardrives and start from scratch. This is quite an ordeal. It was accomplished under the advise of the tech support staff at Adaptec, Tyan and Spy Sweeper. I wanted to make sure that I started with a clean drive and no malaware - virues, trojans..... "In laws" and whatever dangerous species hybernating on the internet.

 

Several hours later I had a clean Windows XP Pro SP2. I then proceeded to install the main softwares. Everytime I downloaded the upgrades for the software I would run the Spy Sweeper, Adaware and No-adawre programs. I took a break talked with the children for 2 hours and came back to the computer that was on standby. Ran the warning software and to my amazement and surprise there was two variations of CWS and 7 spy cookies. All this scattered on 68 traces throughout my hardrives and a brand new registry.....!

 

I didn't surf the internet, the computer was on but dormant.... How could I possibly get these bugs.... Can I trust the reports of these warning softwares. Could I be getting these things from people like Autodesk and SolidWORKS or even Microsoft. The only thing I did was download the updates and look into the CNN News front page and I went to talk with the kids.

 

If the flags I get from the anti virus softwares are accurate, this is a mess. Is it that everybody has these virues in their systems without noticing them. Is my case abnormal or just average behaviour. The interesting thing is that the XEON and the Pentium IV machines also on the internet, do not have the same amount of bugs. Is the AMD more sensitive to these bugs...?

 

At any rate, I am quite concerned. Upon cleaning and scrubbing the system for a million times in the last 48 hours, the system is very fast. I ran the benchmarks and the system is performing at the fastest since I put it together. This makes me believe there is some degree of truth on the warning softwares.

 

Is anybody finding the same issues.... Is MS very aware of this problem and that's why today they anounced the free antivirus for everybody. These people are not friendly or generous... they are the same people that rape the clients with $250.00 per incident when calling their tech support staff to find out why Windows is acting crazy. Why are these money hungry people giving a FREE antivirus....? Is this evidence of a real serious problem. Is this why my VIZ keeps loosing the authorization code...?

 

I find all these issues very interesting. I am sick of spending so much time dealing with tweaks and correction on Windows.... Viz, Solidworks.... I don't seem to have to correct ADOBE and Macromedia products.

 

I would like to know what you think....!

 

Thanks

Elliot

[Elliot]

Hello,

 

I keep cleaning these viruses and it's traces. Right now all the warning softwares are reporting a clean system. The speed gains are incredibly visible. It just amazing how much the machine has speed up.

 

I am intentionally going to surf the web and see how long it will take me to catch some nice bugs....

 

 

Elliot

[Ismael]

Elliot,

 

Tracking cookies are not neccessarily bad. A lot of programs do install them in order to gather info so they can improve the program for users... The CWS you found is just a different thing all together and I doubt you got those from Windows updates, etc. You may have to move (get different IP address) or move over to a Dynamic IP setup.

 

Best luck,

 

Ismael

[mbr]

I just keep my workstation off line and completely separate from my computer that is online. Look through http://www.extremetech.com for good help. I've been saved a few times by some generous folk there.

[David Knourek]

Hey Elliot, that CWS can be picked up almost anywhere, I got it earlier this year after looking for some C&C Generals maps and nothing but a clean install as your describing got rid of it. On the Viz loosing its auth, you mite want to run memtest86 on your ram. I had a similar problem last year with 3dsmax and it turned out to be a bad stick of ram that was somehow corrupting the licensing which I was having to reauth every 3 to 4 days and if your reauthing that much discreet can become a rite pain in the a** to deal with. Anyway one thing that has cut down on the spy ware for me is not using IE at all and now Ive been running Firefox 1.x and been having a great time with it.

 

good luck,

 

-dave

[Elliot]

Ismael, Markus and David,

 

Thanks for your responses. What is going on it is incredible.....! I don't know if I even want these warning devices to be active. Now I live in fear of acquiring viruses, spy bugs and other malawares.

 

I clean the machine, leave it untouched for 20 minutes and when I get back there is the dreaded PCillin warning flag with all its ed letters saying I have picked up a bug.

 

The is three of these things that are most prevalent. These are:

 

ATWOLA

BLUESTREAK

CLICK.BV

 

In addition to the above there is several variations of the CWS. I wonder if this has been going on for a while and I just didn't noticed it before. Now that I keep cleaning the machine, the machine is just incredibly faster.

 

One symptom I had before is not present anymore. That is the following: I would go on the browser and click on CNN. I would pick up a article I want to read. Upon clicking to go back the machine would hang for 5 to 10 second before returning back to the previous screen. That happened not only on CNN it also happened with CG Architect and many other. Now that I keep cleaning the machine the symptom is not there anymore.

 

Is there a particular FIREWALL that is supposed to be among the best...? I turned off the Windows and I am using the PCillin. I have the Norton and the AVG but all of them are letting the bugs and cookies come into the machine.

 

Should I just ignore these things and clean once a day or once a week and forget the warning signs from PCillin. I wonder if this is just part of marketing strategy by PCillin to entice people into buying their program. Norton and AVG don't seem to be that aggresive in reporting the bugs. When PCillin gives me a warning I cross check with Spybot and I don't get a warning. Adware and No-adware sometimes they confirm the warning by PCillin. I am confused and simply don't know who to trust... PCillin, SPybot, Adware, No-adware, Spy Sweep.... and two or three more.

 

Dave, about the re-authorizations, you are correct about Discreet. Sometimes I get a kid that makes nasty comments like if I was trying to hack the program. About a month ago I became extremely upset and ask for the supervisisor. He then told me he was the supervisor and basically hung up. This re-authorization thing is happening like once every 10 days. It is anoying. One of the Discreet people told me it must be a plugin I have on the machine causing the lost authorization. I don't think so... It happens to be that one of the big dealers in town is a friend and he told me that these re-authorizations is causing a lot of money problems at the dealers level. The dealers are complaning and some are refusing to help the clients with the re-authorizations. He told me the dealers are encouraging the clients to go directly to AutoDesk so they feel the pain of their bad protection system. I will also check on your recommendation to use a different browser. I am using a different browser on the Xeon, that could be the problem with the AMD.

 

Thanks

Elliot

[Fran]

Hi Elliot,

 

How many ports do you have open on your router? Also, do you have the preview pane closed for email in Outlook Express (if you use it)? Also also, you should install xp on it's own partition that isn't shared across a network.

 

Am I understanding correctly that you allow others to use your computer for netsurfing?

[Elliot]

Fran,

 

Thanks for your response. I like your responses because you always think deeply about what you are writing. I don't even know how to answer to your comments. I inmediately going to explore this angle. I have two networks. One with 3 machines which is for my children and one 4 machines which is mine. The children connect through a DSL and I connect through the cable. The problems are mainly with my system.

 

I don't intensionally let anybody surf through my machine. Now I wonder about your question on the ports issues. I cleaned the machine and left it untouched for 30 minutes. Upon my return the red warning flags of PCillin where on the screen saying that I got Click.BV and Atwola. The last one is like a coquie and the other is like a spy. The amazing thing is that this entered the machine automatically without me even next to the clean machine.

 

Upon reading you response I am now concerned. This is starting to get scary. Could somebody be getting into my machines through an open port and using my network to broadcast weird things. I am now more concerned.

 

Thanks for you very well though suggestions.

 

See you

Elliot

 

PD:

How is that beatifull baby doing....! Did Santa brought him a computer....? That's what my 7 year old twins wanted... their own computers not to be shared with dad or the 20 year old triplets brothers and sisters. Get ready by the time your baby is 2 you are going to need another computer for the baby.... !!!!

[abicalho]

Hi Elliot,

 

You can only get the CWS through browsing. It's not a virus installable software. Is installs itself while you're browsing on the net.

 

Question: out of your routers is any of them Wireless? If so, are you enabling security in it? If you're in doubt, by security I mean three things:

 

1. Disable SSID Broadcast

2. Enable WEP encryption with a password

3. Enable MAC Address Filtering

 

If you're unsure of these being enabled or not, check your Firewall's log and check to see if anyone is logging into your network - I believe this would be the case.

 

Another thing to think of is that these apps only get installed when an Administrator or Power User is logged in. I'd suggest you create an account with no rights and permissions for yourself, which would then prevent these problems. Limited rights accounts have no power to install applications.

 

My suggestions to you at this moment are:

 

1. Go to your firewall website and install the latest firmware

2. Change your firewall password to something cryptic (j4ghw78amikt for instance but write it down!)

3. Leave the firewall as is (no ports will be open)

4. Format the computer and reinstall WinXP SP2 straight - no other apps in between - then install all Critical Hotfixes. Make sure you have a VERY good Administrator password too.

5. Install your antivirus and update it. Reboot after this

6. Check for spyware - you should have none at this point.

7. If you have Norton Ghost - this is a good moment to run it.

8. Install FireFox

9. Using FireFox, browse the websites you need to download and install the other apps - list them here for us to know what they are - Maybe, and I say Maybe these guys are coming through these apps (old Kazzaa is an example of an app with Spyware)

10. Create a limited user account, set write permissions to the folders you need (3dsmax for instance needs write permissions in its tree).

 

Other suggestions:

 

1. Do not use Outlook as your e-mail reader. Use something else (I like Eudora)

2. Switch to FireFox - although not the most secure browser, it'll be more secure than IE

3. Install the Google toolbar - they're cool, and they'll prevent popups, helping the issue

4. Using the Manage Add-ons option in IE you can disable these crappy apps - it's a start, but they'll still be there

5. Install a 3rd party firewall (Zonealarm, for instance)

 

My posts are too large, I know. Sorry for that. If you need help, send me a PVT message and I'll give you my e-mail.

 

Hope you get out of this soon,

 

Alexander

[Fran]

Hi Elliot,

 

The baby is now too squirmy for me to hold while I work. He is fascinated with pulling on the telephone cord until the receiver hits the floor. Time for an "activity station" I guess.

 

As for ports on your router only one should be open and it should only allow you to access the outside - not the outside to access you. By default, they are not set up that way. Make sure you have a router and not just a hub. You should contact DLink tech support - they are helpful in my experience. I have a Linksys router and their support guided me right over the phone while I changed the port settings.

 

Most worms that are spread via email will execute themselves in the OE preview pane. Close it! XP has a security feature that prevents you from opening attached files it thinks may be harmful. Keep that enabled and disable it only if you need to retrieve a file you know is safe (like a dwg from a client). Be sure to turn it back on once you have your file.

 

If your ISP provides pop-up blocking for web surfing, use it.

 

Make sure Windows does NOT hide file extentions of known file types. Change this in your folder options in My Computer. This is the stupidest default setting they've ever come up with. And still it ships with hidden file extentions enabled. Grrrrr.

[David Knourek]

Hi Elliot,

 

I hope you find a solution to ease your mind. The memtest utility I mentioned can be found here http://www.memtest86.com/ I recomend running it on your ram and if there is a single error on any of the sticks you have installed take it back and exchange it for another. One more thing, disable ECC checkign in the test options

 

-dave

[Elliot]

Fran, David and Alex,

 

Thanks for your responses.

 

First of all..... When the babies are that old they just play with the phone to defeat gravity.... Hi Hi When my daughter turned 14 the phone became a lethal weapon against boys.... Now at 19.75 the phone for her is an indespensable item at the same level as food or perhaps more important. I have learned through her what "texting" is all about. She is multitasking.... she talks to me while she send text messages to her boyfriend. It is amazing.... not that they multitask... that they can talk that much.... I am just kidding....... I love my children and I am very proud of all of them. There is a lot of very proud parents on this site.

 

Alex, your posting is not long at all.... please send me more.... You guys have open my eyes an imagination to check on things I was not aware off. I was in downtown Atlanta most of the day on with some hospital architects.... They all want this beatiful buildings until they learn about budgetary construction quotes. He he he

 

I left the computer on all day long while I was away. There was 82 attacks of this Click.bv, Atwola and Bluestreak. After reading your posting, I am starting to feel somebody is intentionally trying to do this....

 

When all this started I disconnected my wireless lan. The two networks I have are hardwired. The routers I though where routers and hubs at the same time but I will check. The one here is the D-Link DI-707P

 

At this moment I am on brain overload.... I will try to slowly read all your recommendations and take some kind of action. Thanks very much for your input.... All of you have certainly given me new areas to check.

 

Thanks

Elliot

 

PD:

For three years I have been reading the CG forum... After a while it feels like a big family. I know several of the members. Perhaps, one of these days we should have our on meeting to finally meet everybody.... There is no question this is dedicated group of talented individuals.

[4DM]

Elliot,

 

I feel for you - it sounds like this is giving you real grief.

 

I wouldn't normally stick my neck out, but I am moved to give you the only bit of advice I know, and it may seem unhelpful in particular, but in general, if all of this is really getting you down, why not think about getting a Mac?

 

There are so far no known viruses for OSX, my computer ticked all the most secure firewall settings by default when I tried out the Symantec hacking trial on their website, and you will be able to forget all about your system and just concentrate 100% on work, 100% of the time.

You get Safari and Mail which are far better (IMHO) than IE and Outlook. You will have to use a different 3D app from Max/Viz, but it's not the only one in the world, and as many people swear at it as by it.

 

I have never had any experience of Windows myself, but if this is what it is like to live with, I honestly don't know how, or why, people put up with it.

 

I hope you get it sorted out.

 

Cheers,

 

Danny.

[Elliot]

Danny,

 

Thanks for your message and kind words. It has been a joy ride.... Of the 7 computers here, only the one that I use for 3D is exibiting this problem. It is frustrating. My kids are all over the internet. The 7 year old twins on small children sites and the 20 year old triplets who knows were are they surfing....! None of those computers have this problem. All of those are Intels and this one is AMD.

 

Over the last few months I have been looking at the Macs and I have been tempted to do it... It is just that I have so much invested on software. My brother has a Mac with the utility that makes it think like a PC but it just slower.

 

I do agree with you about Viz, it is not the ultimate software for 3D. I am vaguely familiar with Strata Studio. I used to work for BOC (British Oxygen Corporation) and we used MAC with Strata and they were not that bad....! It is kind of funny, but the guy that brought Strata Studio to the group is directly related to the owner or Rhino....! This guy claimed Strata was the best. He used to do animations that were very good.... We used to take them to a sound studio and add profesional sound with a pro-anouncer. The final results out of Strata looked like those of a profesional film studio. At that time Strata was like $400.00. I understand Strata has improved even more. I used to get frustrated with Viz and SolidWORKS after seeing how easy it was with Strata and the MAC's. By the way, the guy that did these nice animmations was not a profesional graphic guy, he was our main chemist in charge of quality control. The best film he ever did was only after 3 months of playing with Strata on a laptop....!

 

I think the problem may have been solved thank to the advice of Fran, David and Alex (everybody else too) about the ports. I closed out all the ports and not too many virues have come through. I have been monitoring the computer for the entire day and I am getting like 6 or 7 strange cookies and one Trojan. Before closing the ports up it used to be in the 80 and 90 incidents.

 

Thanks for your advice. I appreciate you came out of your shell to offer some empathy to this frustrated VIZ driver.

 

Elliot

[4DM]

Elliot,

 

If you ever did consider getting a Mac, I would personally recommend Cinema4D as 3D software of choice - Strata may be fine, but I don't hear of many people using it nowadays.

 

There are some guys here who use Cinema4D (Strat, Ernest...and me, to name three). It's dual platform - so you can always d/l a PC demo and manual from Maxon and give it a try.

 

Glad you have contained the problem anyway.

 

I'll get back in my shell now ; )

 

Cheers,

 

Danny.

[Elliot]

Danny,

 

I have seen how some of our guys are talking highly about CD4. I think it is time that at least I try the demo.

 

It must have been quite late in the UK when you read my posting. People in this forum have a tendency of not sleeping. I am one of them too. Maybe we should start a research of what kind of hormones are secreted into the bloodstream of 3D people that make them sleepless. It maybe a hypnotic gene alteration virus planted by the software manufacturers of the 3D programs. He he he

 

Thanks once again

Elliot