I have Nortons 2005 installed, always have had. I have windows XP with sp2,
In the Nortons worm protection settings there has been some rules put in by "user" which I didn't put in as I have only just found them, I didn't know anything about these settings till this week.
Nortons
Options
Internet Worm Protection
Program Control---there are are few to permit: a couple that I don't know are ipscan[1] and tiscali dialer plus others
Then under general rules there are 10 rules about permitting a whole lot things that i don't understand.
If you then go to the Nortons main window and choose reports-view activity log-connections, it mostly has my IP address connecting to whatever site. But on the 12Feb it has a different IP address connecting to sites (like hotmail and others) for about 90minutes.
Then on the system log : it has that is is protecting my system to a "newly detected network on adapter with my IP address mostly. But on the 12thFeb a new entry that I have never seen before it was protecting to a newly detected network adapter "WAN(PPP/SLIP) interface (IP address is this new one"
{I have talked to my ISP and they say that because I was connected to this new IP address that they cannot help because I was not on there network}
Then on the Alerts log it has 5 rules that "the user has created a rule to permit communication"
11/11/04: permit Inbound UDP local address service is my IP. remote address service is another IP address. process name is msnmsgr.exe
15/11/04: permit inbound TCP communication local address is my IP. remote address is another IP (similar to the one above). process name svchost.exe
27/12/04 permit TCP inbound communication. local and remote are my IP
24/1/05 permit inbound UDP packets local address 0.0.0.0 remote is yet another IP with netbios. process name is ipscan[1].exe
24/1/05 similar to the one above with a slighty different IP.
There was an entry somewhere about the newly detected adapter being a server of somesort (google search)
I could delete all these entries, but I want to know what is happening, rather than delete and forget.
Windows pfirewall log matches up, but with more detail (I think).
On that night of the 12thFeb, there was so much logging going on, so much more than usual. I saved some of the Nortons logs in word and one document is 1038pages just for that night, and it is in the 8 size font.
There is more, but this quick overview seems like alot.
So I would love it if you could tell me I am just paranoid and it is nothing, and I will continue on. I am too scared to connect that PC to the internet. So I am using this old old old computer on dial up and trying to leave my broadband alone!
In the Nortons worm protection settings there has been some rules put in by "user" which I didn't put in as I have only just found them, I didn't know anything about these settings till this week.
Nortons
Options
Internet Worm Protection
Program Control---there are are few to permit: a couple that I don't know are ipscan[1] and tiscali dialer plus others
Then under general rules there are 10 rules about permitting a whole lot things that i don't understand.
If you then go to the Nortons main window and choose reports-view activity log-connections, it mostly has my IP address connecting to whatever site. But on the 12Feb it has a different IP address connecting to sites (like hotmail and others) for about 90minutes.
Then on the system log : it has that is is protecting my system to a "newly detected network on adapter with my IP address mostly. But on the 12thFeb a new entry that I have never seen before it was protecting to a newly detected network adapter "WAN(PPP/SLIP) interface (IP address is this new one"
{I have talked to my ISP and they say that because I was connected to this new IP address that they cannot help because I was not on there network}
Then on the Alerts log it has 5 rules that "the user has created a rule to permit communication"
11/11/04: permit Inbound UDP local address service is my IP. remote address service is another IP address. process name is msnmsgr.exe
15/11/04: permit inbound TCP communication local address is my IP. remote address is another IP (similar to the one above). process name svchost.exe
27/12/04 permit TCP inbound communication. local and remote are my IP
24/1/05 permit inbound UDP packets local address 0.0.0.0 remote is yet another IP with netbios. process name is ipscan[1].exe
24/1/05 similar to the one above with a slighty different IP.
There was an entry somewhere about the newly detected adapter being a server of somesort (google search)
I could delete all these entries, but I want to know what is happening, rather than delete and forget.
Windows pfirewall log matches up, but with more detail (I think).
On that night of the 12thFeb, there was so much logging going on, so much more than usual. I saved some of the Nortons logs in word and one document is 1038pages just for that night, and it is in the 8 size font.
There is more, but this quick overview seems like alot.
So I would love it if you could tell me I am just paranoid and it is nothing, and I will continue on. I am too scared to connect that PC to the internet. So I am using this old old old computer on dial up and trying to leave my broadband alone!