06-23-2012 09:21 PM
So, yesterday I accidently downloaded a LilyJade malware virus.
This virus downloaded several programs and toolbars on my computer, and was "acessing my network resources"
I removed these programs, then downloaded Malawarebytes Anti-Malware. This program found 2 suspicious folders that I didn't find previously, and deleted them.
Norton and Malawarebytes say there is no threats decteted, and the messages about acessing my network resources and making changes to my firewall have stopped.
Now, a new message is showing up. One that concerns me even more.
When ever I log off my computer, put it in sleep mode, or anything that disconnects my computer from the internet, weird messages pop in my norton history.
Messages like: "Protecting your newly dected connection on adapter "Atheros AR 9285 Wireless Network Adapter""
"IP adress has dissapeared from adapter Teredo Tunneling Psuedo-Interface...."
Other connections involved in such these messages include networks with random numbers, network (::0) , these instances happening SEVERAL times a minute
I have googled these various networks, and it seems like a normal problem for a lot of people. But when viewing my "Firewall- network and connections" history tab, I have no incidents of these messages from before I installed the virus. This leads me to believe this is a work of the virus itself.
After downloading malawarebytes I was almost certain I got rid of the virus. Things stopped dowloading, changes to my firewall stopped... but now this?
Is this part of Norton and am I paranoid, or is it really the virus? And if so, any other suggestions on how to get rid of it?
I'm getting frustrated and afraid the virus will steal information or get into my network. But, this ONLY happens when the internet is disconnected
Solved! Go to Solution.
06-23-2012 10:31 PM
Ugh. I went into safe mode, to try and scan malbytes from there.
While I found no threats, I logged back into to find these messages in my norton history.
"Fire wall has been enabled"
"Firewall configuration updated: 121 rules"
"Protecting your connection to a newly detected network on adapter "Software Loopback Interface 1" (IP adress 127.0.0.1)"
" " same this as above with different IP adress
"firewall rules have been automatically created for Local Security Authority Process"
Protecting connection to Atheros
"Firewall setting "Alertthreadenable" changed"
"Connected to protected network ###s"
"Intrusion prevention has been enabled"
"Intrusion prevention monitoring 2102 signatures. Driver version ##s"
"Firewall rules were automatically created for Services and Control Apps"
Then I logged in.
What does all of this mean? :(
06-23-2012 11:14 PM - edited 06-23-2012 11:19 PM
Those firewall entries and the ones mentioned in your first post are all normal.
"Fire wall has been enabled" The Firewall is running.
"Firewall configuration updated: 121 rules" These are the rules that the firewall uses to filter traffic.
"Protecting your connection to a newly detected network on adapter "Software Loopback Interface 1" (IP adress 127.0.0.1)" This is your computer's internal loopback that is used by software on your PC (also IP address ::1 in IPv6)
" " same this as above with different IP adress
"firewall rules have been automatically created for Local Security Authority Process" This is the firewall allowing customary network access for a Windows process that requires it.
Protecting connection to Atheros This is your PC's wireless network adapter.
"Firewall setting "Alertthreadenable" changed" This is a registry setting that the firewall normally resets.
"Connected to protected network ###s" This is your Local Area Network or other internal network. Norton classifies them as protected because sharing among devices on your network is not enabled, If it were, this would show as a Shared network.
"Intrusion prevention has been enabled" Norton IPS prevents web-based attacks.
"Intrusion prevention monitoring 2102 signatures. Driver version ##s" These are the signatures that IPS uses to recognize attacks.
"Firewall rules were automatically created for Services and Control Apps" Another Windows service being allowed network access.
When a network or IP address disappears and is no longer protected, it just means that the connection is closed - it is no longer protected because it isn't there anymore.
There isn't anything in your logs that is unusual or out of the ordinary. There is nothing there that would suggest that you are still infected.
06-23-2012 11:21 PM
Thank you so much for helping me, AGAIN.
I guess I should get over it and stop obsessing XD
I've never had a virus before, and I guess I'm just really worried. I try to be careful about where I click and what sites I see, so seeing I had a virus freaked me out
It's just so strange that I've never had these messages until the day the virus happened.
I'll stop worrying now, thanks so much for being so helpful!
06-23-2012 11:35 PM - edited 06-23-2012 11:49 PM
We've all been there. It is unnerving when malware sneaks in. When you start looking around the PC you do find things that you've probably never noticed before, and if you don't know what they are, it is natural to be concerned. Your Firewall entries are perfectly normal, and I think you can be cautiously optimistic. Continue to run periodic scans and keep an eye on your PC's behavior for anything out of the ordinary, just to be sure.