Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

'netbios Name' & 'session' Anti-virus Alert


  • Please log in to reply
3 replies to this topic

#1 LucyMarsh

LucyMarsh

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 12 January 2006 - 01:11 AM

Hi guys! I've been having a nagging problem for a couple of weeks now and not sure what it is.

My anti-virus program keeps popping up a window with this message: "The firewall has blocked Internet access to your computer (NetBIO Session) from 211.24.253.185 (TCP Port 1871) (TCP Flags: S). Some pop up windows display different 'blocked Internet access' like '(NetBIOS Name) from 201.42.217.229 (UDP Port 1025)'.
I use a local broadband service and the TCP/IP connection does not correspond with any of those that are blocked by the firewall.

These messages pop up almost every few minutes no matter which site I'm surfing. I just click the 'OK' button and carry surfing with no interruptions.

My question: Is this a virus? How do I stop it?

I use WindowsXP Pro, Zone Alarm and Ad-ware anti virus protection.

I tried searching for related problems on Google for 'NetBIOS Session and NetBIOS Name' but it was too much technical info for me to understand, even if it was a problem, leave alone what it is!

Any help will be appreciated.

Thanks!

BC AdBot (Login to Remove)

 


#2 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:09:28 AM

Posted 12 January 2006 - 02:42 AM

"from 211.24.253.185"
these are the IP addresses of the origin of the attempted access, they need not relate to your own IP address.
From APNIC the source of the first address is:
inetnum: 211.24.0.0 - 211.25.255.255
netname: TIMETELEKOM
descr: TIME Telecommunications Sdn Bhd
descr: Kuala Lumpur
country: MY

and from LACNIC the second address belongs to:
inetnum: 201.42/15
aut-num: AS27699
abuse-c: ABL226
owner: TELECOMUNICACOES DE SAO PAULO S.A. - TELESP

I've no idea why these phone companies should be so interested in your ISP (unless they are gathering statistics on a competitor, who knows. It's unlikely to be aimed specifically at you but just incase, run the scans outlined below. To fix the problem go into the Zone Alarm config and tell it not to notify you every time it does something ("turn off reporting"? can't remember the name). See ZA help for details.

I use WindowsXP Pro, Zone Alarm and Ad-ware anti virus protection.


Windows XP Pro is an operating system that includes a poor firewall. You should turn off the Windows firewall.
Zone Alarm - what version? - is a firewall and could have some anti-virus action, depends.
Ad-Aware - what version? - Ad-Aware SE is a free anti-spyware application it has no anti-virus capability.
If you have no anti-virus program installed on your system you should immediately download and install AVG Free from (US Link): AVG Free
Use 1 Anti-Virus program, 1 Firewall and many Anti-Spyware programs, supplemented by occasional online Anti-Virus scans.

Run some of these free online scans:

Online trojan scanner: http://www.windowsecurity.com/trojanscan/

Here are some links to free online Anti-Virus scans. They do take some time to load and run and in some cases you can only use Internet Explorer, with ActiveX enabled, to access them but they are an excellent support for your existing anti-virus program.

Panda Active Scan online - http://www.pandasoftware.com/activescan/
Internet Explorer only. Requires email address. Requires Active-X components to be installed. Approx 12MB download.

BitDefender online scan - http://www.bitdefender.com/scan/licence.php
Internet Explorer only. Must agree to a EULA. Need to allow installation of an Active X component. Some of the options are not clearly explained.

McAfee online scan - http://www.pcpitstop.com/freescan/

Security Advisor (?) - http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Trend Micro Housecall - http://uk.trendmicro-europe.com/enterprise...call_launch.php
(European version, supports Netscape, Mozilla, Firefox and Opera)
or http://housecall.antivirus.com/ (IE only)

Kaspersky - http://www.kaspersky.com/scanforvirus
Link to 'Online Scan' at the top rhs of the page. Requires IE and Active-X components.
"does not scan RAM, boot sectors and MBRs, so it cannot detect malicious code located in these areas."

hth :thumbsup:

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#3 LucyMarsh

LucyMarsh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 13 January 2006 - 03:29 AM

Hi Rimmer!

Thank you so much for the reply. You were right about "211.24.253.185" as I'm from Malaysia ("MY" is short for Malaysia) and TIMETELEKOM, is a government owned telecommunications company which is now semi-government, is the biggest internet provider in the country. Still I have some questions.
Why would they try to access my connection when I'm signed on to a private IP?
Have you come across any 'similar' cases like this before?
What can they 'access' assuming I've no firewall protection?

The "TELECOMUNICACOES DE SAO PAULO S.A. - TELESP" is a mystery indeed. God I wish I knew what this is all about!
I have "turn off reporting" on ZoneAlarm as you've suggested and now there are no more annoying 'alerts'. That was simple...thanks!

I use "ZoneAlarm Stub Program for ZAPro" (that's what it says in the description) and "Ad-Aware SE Personal'. I have also downloaded and installed AVG like you've suggested.

I hope this leaves me with a clean PC...for now!

Thanks again for your help and advice...:thumbsup:

#4 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:09:28 AM

Posted 13 January 2006 - 04:08 AM

Okay, but run some of those online scans as well to be sure you are clean. :thumbsup:

What can they 'access' assuming I've no firewall protection?

You do have firewall protection while Zone Alarm is still active, you've just turned off the reporting. If you turned off the firewall it's possible, if a hacker had found your IP address, they could take control of your PC, delete files, plant malware, all kinds of bad stuff. So keep your firewall active, right?

Why would they try to access my connection when I'm signed on to a private IP?

Those Zone Alarm messages, although correct, do make people worried for no reason. Lots of organisations scour the internet every day (Google, for example) to gather information. TIMETELEKOM may just be gathering statistics on the number of individuals connected to the internet every hour (within Malaysia) it doesn't mean anyone is targeting you or your PC. It's just Zone Alarm doing a bit of self publicity "look how much I have blocked!". Now you have turned it off, forget about it.

Edited by Rimmer, 13 January 2006 - 04:20 AM.


Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users