Q: Am I infected? [ZoneAlarm]

[Unregistered]

Hi,

I was on Direct Connect downloading some files over the night through my ADSL-connection. In the morning I noticed that my browser was lagging. It's very unresponsive and slow. For example, when I use the scrollbar to scroll up or down on a website, the site moves in a stuttering way, not smooth like it used to. My former startpage [url]www.expressen.se[/url] causes my browser (IE6) to freeze and that's the only site I've found to do so (strange). Also, when typing this message there's a lag between my keystroke and when the characther appears on the screen. Not big but noticable. When positioning the mousepointer over a link, there's a lag until the arrow changes to a hand etc.
I tried various free virusscanners but they haven't found anything. Then I installed ZoneAlarm and every minute or so it reports that various IP-adresses is trying to ping me, mostly adresses within my ISP-s domain. Has someone managed to place - I don't know the term for it - some software on my computer that uploads my file's somewhere?
If you think so, how do I get rid of it? I use w*8 BTW, so it can't be the BlasterWorm. I've tried scandisc and defragging to see if that would speed things up, to no avail.

Best regards,

Simon, Sweden

[mbravo]

You can do at least two things:

go to [url]http://housecall.trendmicro.com/[/url] and check your computer for viruses

go to [url]http://security.kolla.de/[/url] and get Spybot S&D utility, it's free and will check your machine for over 5000 possible kinds of malware

[Unregistered]

i have zone alarm and I am getting crazy icmp echo ping request on port **5.
I contacted my ISP and they claim it is chat software but I don't have any on the start page or anywhere that i can think of

[DATA]

hi,

look at this

[url]http://securityresponse.symantec.com/avcenter/venc/data/w*2.welchia.worm.html[/url]

it says-


W*2.Welchia.Worm is a worm that exploits multiple vulnerabilities, including:


The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS0*-026) using TCP port **5. The worm specifically targets Windows XP machines using this exploit.
W*2.Welchia.Worm does the following:

Checks for active machines to infect by sending an ICMP echo request, or PING, which will result in increased ICMP traffic.
Attempts to remove W*2.Blaster.Worm.


There is a removal tool for it in that site-if you doubt you are infected run that tool.

I contacted my ISP and they claim it is chat software but I don't have any on the start page or anywhere that i can think of

Lots of chat servers world wide are receiving heavy pings from lots of systems round the globe and it has been a headache to deal with it. Some of those running chat servers have reduced the ping time out time to thrawt this attack but if you idle for a few minutes you will ping time out from the chat server. It all most be the work of this worm ,if i am correct.

That worm also probes port 80,go through that site and stay safe

Regards Data.