I recently acquired a virus on my machine seemingly overnight. This has happened several times since I've had subsonic installed. A quite nasty one that infects userinit.exe and doesn't allow me to login to windows even in safe mode. I've had to wipe my drive 3 times over the last week. The last time I did, I didn't install and set up subsonic. The virus hasn't returned since.
I have a domain pointing to a dyndns account, which points to my IP, and obviously I have passwords set for login in to subsonic.
I found that subsonic doesn't work if I have windows firewall turned on. Maybe I just need to allow that port, but if there's a virus that scans ports, wouldn't it find that one anyway?
Can anyone tell me if they've had a similar occurance with your subsonic 'open to the whole internet' as it were? Are there viruses out there that port scan every IP and then try to hack in? Also, does subsonic use a proprietary 'server' or does it use some form of apache or something? Could there be a security hole?
Security/Virus issue?
Moderator: moderators
5 posts
• Page 1 of 1
Security/Virus issue?
by squipple » Fri Feb 27, 2009 11:35 pm
- squipple
- Posts: 44
- Joined: Tue Jan 13, 2009 5:02 am
by Gandohr » Fri Feb 27, 2009 11:52 pm
Don't think the problem is SubSonic, but more dyndns (that makes your ip more findable) or you having your firewall turned off.
Just open the ports that are needed (thought that would only be 80 but i could be mistaken)
Sure there port scanners, but virusses just can't travel over any port, else everyone would be infected, since everyone has some open ports
Second a firewall is designed to protect your computer from people trying to enter it, not block virusses.
There some people that have invented virusscanners for that.
I suggest you get one.
Me i like mcAfee, but "AVG free" should do the trick and as the name says its free.
Hope you get it all back on track, cause you just can't live without subsonic
Just open the ports that are needed (thought that would only be 80 but i could be mistaken)
Sure there port scanners, but virusses just can't travel over any port, else everyone would be infected, since everyone has some open ports
Second a firewall is designed to protect your computer from people trying to enter it, not block virusses.
There some people that have invented virusscanners for that.
I suggest you get one.
Me i like mcAfee, but "AVG free" should do the trick and as the name says its free.
Hope you get it all back on track, cause you just can't live without subsonic
- Gandohr
- Posts: 19
- Joined: Thu Feb 26, 2009 8:08 am
by squipple » Sat Feb 28, 2009 12:50 am
Just open the ports that are needed (thought that would only be 80 but i could be mistaken)
Thanks for the reply.
I put subsonic on a different port than 80 so as to have a little security by obscurity.
Sure there port scanners, but virusses just can't travel over any port, else everyone would be infected, since everyone has some open ports.
I assume that's what a port scanner would do in a virus..scan for open ports and then run exploits on that port.
Second a firewall is designed to protect your computer from people trying to enter it, not block virusses.
How does a firewall discern between a person and a virus?
There some people that have invented virusscanners for that.
I suggest you get one.
I appreciate the sarcasm. I had Avira running at the time, but it didn't seem to prevent it. I also run spybot, malware bytes, cureit, and hijack this periodically to see if anything has gotten on my machine.
I guess the main reason I'm wondering if it's subsonic is because I've had my machine set up with apache and Wimpy player for several years with no virus scanning software, and my firewall off. No viruses had ever shown up from that. I switched to subsonic for several reasons, but it seems like when I put it on my machine and get 'er up n runnin, a virus shows up.
I didn't want to re-try this again without verifying whether or not someone else has subsonic set up similar to how I do.
- squipple
- Posts: 44
- Joined: Tue Jan 13, 2009 5:02 am
by aphuey » Mon Mar 02, 2009 6:57 pm
Even if you've been running your machine for a long time without a firewall and haven't been infected, my guess would be that your recent hit wouldn't have to due with subsonic but more with dyndns making your IP more visible, but who knows.
I'd enable your firewall with an exception for the port that you have subsonic running on and continue using the anitvirus software that you have been using.
Another thought would be to stop using dyndns and manage your dynamic IP address yourself. Does dyndns leave a port open on your computer so that it can communicate with their server to notify them when your ip address changes? If so, dyndns might be the vulnerability that is letting the virus in.
I'd enable your firewall with an exception for the port that you have subsonic running on and continue using the anitvirus software that you have been using.
Another thought would be to stop using dyndns and manage your dynamic IP address yourself. Does dyndns leave a port open on your computer so that it can communicate with their server to notify them when your ip address changes? If so, dyndns might be the vulnerability that is letting the virus in.
- aphuey
- Posts: 102
- Joined: Mon Nov 17, 2008 6:25 pm
by squipple » Mon Mar 02, 2009 7:49 pm
Thanks for the reply, but I found out what it was.
The virus was on a file that was on a drive other than my C drive. All virus scanners could not detect it, UNTIL the file was accessed through explorer. I had avira active at the time, and it found it.
Sneaky virus was masked from the scanners and invoked upon accessing the file (not running it). That's why I couldn't find it with my scanners.
Well, lesson learned. Thanks for your feedback. Subsonic is back on my machine and running chezzer.
The virus was on a file that was on a drive other than my C drive. All virus scanners could not detect it, UNTIL the file was accessed through explorer. I had avira active at the time, and it found it.
Sneaky virus was masked from the scanners and invoked upon accessing the file (not running it). That's why I couldn't find it with my scanners.
Well, lesson learned. Thanks for your feedback. Subsonic is back on my machine and running chezzer.
- squipple
- Posts: 44
- Joined: Tue Jan 13, 2009 5:02 am
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 30 guests