Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
General Security
Go to first new post Security -Expert installed multiple remo ...
Go to first new post Solved: not sure?about site
Go to first new post Computer security, may have been hacked ...
Go to first new post Account Maintenance/Upgrade
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard network printer problem ram registry router security slow software sound toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > General Security >
Norton reporting attempted sending of private information on local network

Reply  
Thread Tools
dexterbip's Avatar
Junior Member with 2 posts.
  
Join Date: Jul 2009
11-Jul-2009, 02:13 PM #1
Norton reporting attempted sending of private information on local network
Hi,

I'm not typically a PC user and so I'm somewhat out of my depth with this (possible?) problem on my parents' computer (XP, running Norton Internet Security)

Norton suddenly reported that something was trying to send "private information" (specifically, parents' surname) over http to something on 192.168.1.2.

192.168.1.2 is a mac running on the same network. The attempt was apparently made to send the information to http://192.168.1.2/USERNAME (where "USERNAME" is replaced with my short username on the mac).

My father blocked this attempt, after which several other attempts were apparently made to the same address, but appending .lnk, .exe, .pif, .bat, .cmd in turn to the end.

Apache is running on the mac in question, so http://192.168.1.2 is theoretically valid, but it's not serving anything except the standard Apache placeholder page at present. There's no folder or file "http://192.168.1.2/USERNAME" and certainly no .lnk, .bat, .exe etc. files.

I've had a poke about in the Norton logs and this seems to be pretty much all the information I can find. Nothing about which service/process was trying to send this information, nothing about what ports it was being sent over.

The PC in question was, when this occurred, in the middle of a virus scan with nobody at the keyboard, with no other programs open other than Outlook.

I'm somewhat at a loss here, any help or pointers greatly appreciated.
Register for free to hide this ad!
lunarlander's Avatar
Computer Specs
Senior Member with 3,491 posts.
  
Join Date: Sep 2007
13-Jul-2009, 01:48 AM #2
I would say there is no program on your parents PC that would know of the existance of your Mac's Apache server. Even if you browsed to that Apache default home page once or twice, your parents would not browse to it, nor add USERNAME to the end of the http address line, nor add file extensions. So, I guess your parents' PC has been hacked. Then having owned that PC, he has scanned your network to see what else is there and found your Apache server active. Now he is trying to see whats available on your Apache server.

Please download the EICAR test virus to see if your antivirus program is still working. Download and click on the file. Your antivirus program's active protection should kick in.
http://www.eicar.org/anti_virus_test_file.htm

If your antivirus program can't detect EICAR, then thats a confirmation that someone has disabled your defences. Then come back for more help.
dexterbip's Avatar
Junior Member with 2 posts.
  
Join Date: Jul 2009
13-Jul-2009, 09:37 AM #3
Hi there,

Thanks for the advice. Norton picks up and removes the EICAR string in both .com and .zip formats pretty much straight off, so that's a good sign I guess.

Trouble is I'm still no closer to knowing what was causing the original alert. Filesharing is on across the network, but I wouldn't have thought the windows PC would have been trying to send anything samba related across the http protocol?

Any further ideas from anyone greatly appreciated.
lunarlander's Avatar
Computer Specs
Senior Member with 3,491 posts.
  
Join Date: Sep 2007
13-Jul-2009, 04:05 PM #4
Go to Trendmicro's Housecall and do an online scan, its free. See if that picks up anything.

http://housecall.trendmicro.com/
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | General Security | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 09:57 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.