AVG and "Run.exe"

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Every 30 minutes, AVG Free detects a trojan infection of "run.exe."
I have the following questions:

1) I was using XP Firewall, now I have added ZoneAlarm. Will this be
sufficient to stop the attacks? If so, why didn't XP Firewall work?

2) Is there any way for the attacker to "lose" my IP address, if the
address is dynamically obtained from my ISP?

3) The attacked computer is connected by a wireless link to a Netgear
router; there is a second computer attached directly to the router via
cable. Can the attacker also "see" the second computer?

4) Can someone point me to a web page or textbook where I can find more
information about this topic?

Thank you for your feedback.

Re: AVG and "Run.exe"

redbrickhat wrote:
Quoted text here. Click to load it

No, although ZA and XP FW have some form of Application Control, they
are not enough to stop such an attack, because a human is sitting at the
keyboard and mouse and has contributed to the compromise in someway with
the happy fingers that click on unknown links in emails and going to
dubious Web Sites.

PFW(s) are not 100% protection so don't treat them as such.
Quoted text here. Click to load it

Yeah, if you tell the ISP you want the IP changed or you don't pay the
bill the IP may change if you're off long enough it will change.

On a dial-up connection the IP from the ISP will change every time you dial.
Quoted text here. Click to load it

A hacker can join your wireless network and be all over the top of the
wire and wireless computers if they are not protected, secured or harden
to attack.
Quoted text here. Click to load it

You can configure your computers to use static IP(s) on the router. Then
you can set/configure the personal FW(s) on the computers to only accept
traffic from the static IP(s) you have assigned.

That will prevent anyone from joining your wireless network and using a
DHCP or static on the router IP from accessing the computers on your
network wired or wireless.


You should try to secure the XP NT based O/S as much as possible or
harden it to attack.


You should try to practice safe hex.


You should look around from time to time with the proper tools and not
let something like a PFW or other solutions tell you everything is okey





If the router has a syslog, then use something like Wallwatcher (free)
or Kwiw Syslog Daemon to watch traffic to/from WAN IP(s) from LAN IP(s)
on the router.

Duane :)

Re: AVG and "Run.exe"

Quoted text here. Click to load it

One other thing, the computers are setting behind the protection of a NAT
router so you having the IP changed means nothing. It would mean something
if a computer was connected directly to the modem and for some reason
someone locked in on the IP the computer was using.

But that's a no with the machines behind the router, because it's blocking
all unsolicited inbound traffic to the machines and the only traffic that's
going to make it to a machine is traffic software running on the machine has
solicited from a remote/WAN IP.


Duane :)

Re: AVG and "Run.exe"

Right now, I am relying on the antivirus program for detecting the
If the attacks continue, is there anything specific I should do?

For example, would it be worth finding out the source of the attacks?


Re: AVG and "Run.exe"

redbrickhat wrote:
Quoted text here. Click to load it

If it keeps coming back like it comes back immediately, then there is
some hidden process that piggy backing off another one a possible legit
process that you'll have to track it down with the tools in the Hidden
Backdoor link.

If it shows sporadically, then someone that's using the computer is
doing something to bring it back and the person has contributed to it in
someway, which you'll have to find out who is doing what and correct it.
It's not just going to show-up by itself.

Duane :)

Re: AVG and "Run.exe"


Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi


Please read http://dts-l.org/goodpost.htm on how to post messages to NG's
Quoted text here. Click to load it

Site Timeline