What worm?

We do not and never have served spyware. Never.

Thanks, John, I didn't think that FT had used spyware or anything more then a cookie set to keep us logged in.

The Norton warning just happened again, however, and this time I copied the relevent information from it, as I was once again on FT when it appeared. Since I can't "track" where it came from, maybe you can help with some insight.

Here's the details that I copied:

Security Rule: Default Block NETBUS Trojan Horse
Date: 12/28/04
Time: 10:51 PM (EST)
Path: N/A
File Name: N/A
Direction: Inbound
Local Address: XX.XXX.XX.X (My ISP Address)
Local Port: NETBUS (12345)
Remote Address: 211.41.222.234
Remote Port: 1593
Protocol: TCP

Since I installed the Norton Systemworks 2005 several weeks ago to try to correct a slow running computer, I've only had seven virus/worm warnings appear, and four of these have come while I was on FT. May be coincidences, as I usually am here in the evenings, usually very late, so it may be a time-zone thing from somewhere else in the world.

But it did, really, happen again, as per above.

Thanks for your help.

bj-21.

*****Just happened again!!! Same details as above, except the following:

Time: 11:19 PM (EST)
Remote Address:61.43.226.159
Remote Port: 4482

bj-21.

Based on the info you pasted above, it doesn't look like it is FT.

The warning is telling you that someone is trying to connect to your computer. The NETBUS program works by listening to a specific numbered port (listed above), and people outside your computer can then connect into that port if the program (trojan) is running. However, the firewall software you have installed doesn't even let it get that far - it sees the attempt to access that port, and doesn't let it even check if the trojan is installed on your computer (which it probably isn't).

In the simplest terms, someone was just seeing if you had the trojan infected/installed on your computer. The firewall saw the attempted access, and let you know.

As for the person trying to see if you had the trojan installed, I looked up the registration for the company which owns the IP listed. It's a Cable TV company in Korea, which means one of their customers was probably just scanning an entire range of IP addresses to find computers infected with the trojan, and yours just happened to fall into the range that they scanned. Any other questions, feel free to ask, and I'll see what I can do to answer. FYI, here's the registration info for the attacker IP that was in your info above:

Also, for the second IP you posted above, it also looks like a Korea-owned IP... see below for registration details. Looks like the second connection attempt is coming from somewhere in DACOM corporation, which has internet access provided by BORANET corporation in Korea. Not much you can do about it... although perhaps you can tell your firewall to silently log the attempted accesses rather than display them each time, if it's annoying to have them pop up.

Seems like lots of attacks that I see, most of them in fact, originate or appear to originate in South Korea. Not sure if they really do come from there or if there are just a large number of compromised computers there that are being used by criminals in other countries to stage other attacks.

Thank You
 

Thanks, drtravix and John, for tracking the sources for me. At least we know where they originate, and that they are blockable.

Now, if I could only get my slow-running pc to speed up, and stop losing connections...........

Thanks again.

bj-21.

CPU Flush with running Flash..
 

Maybe the advertisements mentioned in this thread in this Same Forum have something to do with the slow speed.
It has been mentioned already by one poster here:My CPU has a thermostatic fan that turns on when it gets warm. In the aircon environment of my office this rarely happens, but recently, every time it has come on, I am in FlyerTalk and have forgotton to set the flash qualities to low @:-)

Tried setting the emotican ad quality to low, as suggested, but each time I go to a new page or thread, it once again had to be reset to low. No way to keep the setting permanently set at low? That might be a help.

bj-21.

Just mentioning that I am still pulling up pretty slow...and I am on a pretty fat pipe.

Had problems today as well.

Today FlyerTalk.com was mentioned again in The Wall Street Journal and I noticed we were operating at record levels of online activity all day long, nearly 2,000 members on every second of the day. Actually the member activity has been extremely high the last few days even before this mention again in the newspaper. Must be members looking for resolutions.....

and I thought it was just me. ;)

I agree on the Flash advertisements - I had the exact same thing start to happen - my CPU would get extremely hot on my laptop everytime I would come to Flyertalk over the last 2 or 4 days, causing the fan to kick in at full speed non-stop until I left the site.

I disabled Flash, and now it works great. Wish we could get rid of the Flash banners.

For those who want to disable Flash on their computers with Windows XP (SP2 installed), you can select "Manage Add-Ons" from the Tools menu of Internet Explorer, and "disable" Shockwave Macromedia Flash.

FT has been real slow for me the last 15 minutes or so.

I logged on again around 4:30 and it took over a minute for the home page to open. Has been slow opening threads too. And I'm on DSL. Have checked some other sites, and they're loading fast so it's FlyerTalk.