My mind is blown...

[v-a-m]

I just got an attempted intrusion, detection from Norton Firewall. Said (when tried to trace) 127.0.0.0

I got this info....

Attempted Intrusion "BD_BUGBEAR" from your machine against 69.11.23.250 was detected and blocked
Intruder: localhost(3071)
Risk Level: High
Protocol: TCP
Attacked IP: 69.11.23.250
Attacked Port: socks(1080)

Any help??

[bfcx]

if it's just attempted then probably nothing happened, just a virus on someone elses computer scanning IP's and yours happened to be one it scanned. If you want to be safe update norton and do a full virus scan.

[HeadBand]

could it just be a coincedince that this happend at the same time???

[golfcart]

If I'm reading it right, it looks like you are infected with the bugbear virus. Free removal tool and complete instructions can be found here

[M_Six]

Sounds like maybe your machine is infected and is trying to find other machines to infect. Hit one of the anti-virus sites like McAfee or Symantec and download a virus checker.

Try Stinger.

[v-a-m]

I tried the symatec Bugbear fix, I followed the instructions to a t, and Bugbear was not found on my computer?!

Baffling.

It looked like an attack on me at first, as I was warned about an attrack. Then upon checking the Intrusion history, thats where I got the info posted above (where it looks as if my machine is attacking the other)

[DVS_DVIT]

Attempted Intrusion "BD_BUGBEAR" from your machine against 82.67.177.70 was detected and blocked
Intruder: localhost(4490)
Risk Level: High
Protocol: TCP
Attacked IP: 82.67.177.70
Attacked Port: socks(1080)
i had this in my norton log... and yes that is why i did a search on google to find out more about it, so i amnot the only person who has recieved this alert... so like it has been above meantioned, it looks like my computer has atempted to atack someone else, and i was shocked as i try to stay as up to date as possible, i am using norton internet security professional 2003 and windows xp pro, and have full subscription, and it is up to date, so im buggered if i can figure what this is all about. i will be checking this site for future developments... i went to symantec security site for info but found nothing helpful.
DVS_DVIT

[DVS_DVIT]

I forgot to mention that this occured at 12.49 am on the 16 march 2004 guam(east australia time).

[John Prophet]

Welcome to the forum!

there is a tool to remove bugbear http://securityresponse.symantec.com...ugbear@mm.html

I suppose the "BD" part means "backdoor" as in a trojan.

I see that the "symantec gateway security" has a patch that includes coverage for the BD_bugbear http://securityresponse.symantec.com...004.02.18.html

I would get that tool and try it out.

and/or also go to www.antivirus.com and do the free scan as a second opinion in case your symantec has somehow been compromised

here is a long article on bugbear, how it works etc http://216.239.51.104/search?q=cache...hl=en&ie=UTF-8

JP

[DVS_DVIT]

Attempted Intrusion "BD_BUGBEAR" from your machine against 201.1.77.97 was detected and blocked
Intruder: localhost(4229)
Risk Level: High
Protocol: TCP
Attacked IP: 201.1.77.97
Attacked Port: socks(1080)

Attempted Intrusion "BD_BUGBEAR" from your machine against 201.1.77.97 was detected and blocked
Intruder: localhost(4192)
Risk Level: High
Protocol: TCP
Attacked IP: 201.1.77.97
Attacked Port: socks(1080)

two more.... waht to do... ive tried all advise mentioned so far....
DVS_DVIT