Anyone recognize this IP?

[Locke]

I've gotten a couple Norton alerts telling me that 89.188.16.99, 80 has been trying to remotely access my computer. Does anyone recognize the IP, or is it just some poor bot computer? There's been a couple rootkits also trying to get into my computer, so could this be related. Here's a screen of the actual log:

[Netrix]

Unlucky, you are. I suggest you go here: Trojan.Vundo Removal Tool - Symantec.com, download the Vundo Removal Tool, and run it.

Unfortunately, you appear to have the Vundo Trojan. It is not pleasant.

Also, that IP address is not trying to access your computer. Your computer is trying to access that IP address, probably to download more malware.

[Locke]

Same difference, right? If my computer talks to it, they're getting an in anyways. Also, I've had several "Vundo" related alerts, but I haven't noticed a thing on my computer, it runs fine, no more slowdowns than to be expected from this machine. Is this a privacy problem, or is this actually supposed to do something?

[MasterSprtn117]

Maybe Norton is blocking it from downloading more malware?

[Cloud Strife]

Hmm... search indicates that this IP is from Amsterdam

[LancerRevolution]

we should all go and kill the attacker!:p
im thinking of switching to norton,using avast currently.do you think i should?i got 1gb ddr2@pc5300 ram and cpu 1.8ghz.will it slow down my laptop?

[Netrix]

Quote:

Originally Posted by Locke

Same difference, right? If my computer talks to it, they're getting an in anyways. Also, I've had several "Vundo" related alerts, but I haven't noticed a thing on my computer, it runs fine, no more slowdowns than to be expected from this machine. Is this a privacy problem, or is this actually supposed to do something?

There is a fairly large difference. This means that the Vundo Trojan is already on your computer and is trying to do evil things, as opposed to someone trying to access your computer from abroad. It is a lot easier for bad things to happen to your computer when there is already something malicious on it that could do more harm. If it was just someone trying to access your computer, you would be fairly safe because of Norton and any firewalls that you may have. Also, I like to be precise.

You should really get rid of Vundo. It might not be slowing your computer down right now, but it could in the future. If something happens and Norton crashes or does not start up in time when you restart, Vundo might find a way to get access to that IP and download more malware.

SpyNoMore AntiSpyware: Remove Vundo, Vundo Remover

It gives you adware and tries to fool you into downloading bad software.

[Locke]

Oh, believe me, I already ran the tool. I just found it odd that such spyware could behave so well that I wouldn't want to do a thorough cleaning. Though, this is the first time that Vundo's acted like this; usually it's blocked when I try to open certain files, which it then promptly removes.

[Netrix]

Quote:

Originally Posted by Locke

Oh, believe me, I already ran the tool. I just found it odd that such spyware could behave so well that I wouldn't want to do a thorough cleaning. Though, this is the first time that Vundo's acted like this; usually it's blocked when I try to open certain files, which it then promptly removes.

Okay, that is good, then. Sometimes malware does not do anything for a while in order to help hide itself.

[Locke]

Apparently it's not over yet. The tool has found...nothing.

EDIT: Well ****. Now weird things start happening. Explorer.exe has become unuasable. The taskbar kept dying and reloading, and eventually settled for loaind without a system tray. Very odd. Then I killed it and used RK Launcher to open it, which usually brings back Explorer without fail. My taskbar came back, and so did my desktop. It gave me an error saying My Documents-what I had opened-could not be found, but I've seen that while reloading Explorer before. Then I opened it again. Here's where it got bad. It killed Explorer a second or two after loading My Documents. Everything now ends up with failed attempts. Methinks Vundo found its way in, finally. I was wondering why Norton stopped giving me alerts, and the tool found nothing. I'm going to run the tool again, but anyone have other things I can do? For one thing, I can't disable System Restore unless I can access the Properties window for My Computer.

[Locke]

I apologize for the double post, but I need this to get seen because I'm rather terrified at the moment; I still haven't regained control over my computer. I'm really lucky to have Opera running, at the moment.

EDIT: Never mind, the folks over at www.bleepingcomputer.com solved it. Apparently the Norton tool was dated, so they provded me with Malwarebyte's Anti-Malware, which cleaned up the infection in about 3 minutes.

[Bushor]

use spybot search and destroy, which is freeware, should fix it plus it works better than anything else that i have ever used.