Help - Search - Members
Full Version: Intrusion.Win.MSSQL.worm.Helkern
Kaspersky Lab Forum > English User Forum > Protection for Home Users > Kaspersky Internet Security & Anti-Virus for Windows
lovethepirk
Hello There smile.gif

I have win xp sp2 with zonealarm free, and Kaspersky Personal Pro 5.0.391.

Thanks for your help in advance.

Before, I begin I am a Malware/Virus helper at Spyware Info, Geekstogo, and Thatcomputerguy. I am visiting my step-father, who was paranoid so on my suggestion he got the best AV out there..Kaspersky.

His HJT log is clean as a whistle, he has no rootkits, and no hidden baddies at all.

Every morning there are 3-4 messages that an intrusion has been blocked, here are the details...

Attack type
Intrusion.Win.MSSQL.worm.Helkern

IP address of attacker

61.128.161.231
218.75.1.52


All these ipaddresses trace back to China somewhere, but that could always be a mask for where the culprit is.

Is this some sort of "real" attack, or is this a bug with Kaspersky? Maybe I need a better Firewall to stealth the computer a bit better?

I appreciate your feedback on this matter.



Much love,

LTP
Mem
It's probably a bot attack - just hitting all IP's within a certain range on port 1434 (Slammer worm). The log is saying that it's blocked basically so there is nothing you can do. Check again to make sure you are stealth from ZA free and that's about it. When using a 3rd party firewall like ZA you should disable the IDS (network protection) of KAV, btw.
Piston Ron
QUOTE(lovethepirk @ Mar 7 2006, 08:46 AM)
Every morning there are 3-4 messages that an intrusion has been blocked, here are the details...

Attack type
Intrusion.Win.MSSQL.worm.Helkern

IP address of attacker

61.128.161.231
218.75.1.52


All these ipaddresses trace back to China somewhere, but that could always be a mask for where the culprit is.

Is this some sort of "real" attack, or is this a bug with Kaspersky?  Maybe I need a better Firewall to stealth the computer a bit better?
*
LTP,

You are not vulnerable to Helkern. You can disable the audio if you like.
QUOTE
Kaspersky Labs, an international data security software developer, is warning users to look our for the new Internet-worm "Helkern" (also known as "Slammer" or "Sapphire") that infects servers running under the popular Web-enabled database Microsoft SQL Server 2000.

Helkern - 376 Bytes That Shook The World
Helkern - The Fastest Ever

I leave mine on because it annoys my wife. YMMV.

Ron smile.gif
lovethepirk
Thanks for the replies Mem and Piston smile.gif


To Mem..

I was not in stealth in ZA, I am now though tongue.gif

I have a question about disabling ids since this computer has ZA free already.

Would this be the correct way to disable ids...

1) Click 'Settings'tab
2) Click 'Configure Real-Time Protection'
3) Click 'Network' tab
4) Un Check 'Enable real-time protection against network attacks'

???

Regards,

LTP
Mem
QUOTE(lovethepirk @ Mar 7 2006, 05:17 PM)
Would this be the correct way to disable ids...
*

Yes - you have it!

As a side note - if all ports are closed you are just as safe security wise - stealth is a nice afterthought. If you have no open ports you should be fine.
gahbmwM5
Yes indeed as I too receive a warning about 1-3 times a day, with my KIS6.0.0.297b RC C11 build...

Galileo was quick to inform about the details, and for 'no worries'...

smile.gif

But additional info is good...
lovethepirk
Thanks all.

You can close this topic, I appreciate the feedback.

LTP
NiTeHawK
Attention! Your computer has been attcked from the internet.

Network attack Intrusion.Wi.MSSQL.worm.Helkern from address 61.175.163.195

has been successfully repelled.
NiTeHawK
Attention! Your computer has been attcked from the internet.
Network attack Intrusion.Win.MSSQL.worm.Helkern from address 61.175.163.195 has been successfully repelled.
imageplanet48
Mem - you wrote above:

QUOTE
When using a 3rd party firewall like ZA you should disable the IDS (network protection) of KAV, btw


I've been having several KAV alerts per day for the last few days with teradachtyl screech and window saying helkern attack has been successuflly repelled.

Question - will I still be protected from helkern if I turn off my Kasp. network protection?

I, too, have ZoneAlarm(Pro) up. I was wondering why should one disable Kaspersky's network protection, if he/she has a 3rd party firewall up? Do they interfere with each other? Would like to know, pls.

Thanks.
Don Pelotas
QUOTE(imageplanet48 @ 22.07.2006 08:04)
Mem - you wrote above:
I've been having several KAV alerts per day for the last few days with teradachtyl screech and window saying helkern attack has been successuflly repelled.

Question - will I still be protected from helkern if I turn off my Kasp. network protection?

I, too, have ZoneAlarm(Pro) up.  I was wondering why should one disable Kaspersky's network protection, if he/she has a 3rd party firewall up?  Do they interfere with each other?  Would like to know, pls.

Thanks.
*

If you use Kaspersky 5.0 and ZA, then yes, trun of the network protection in Kaspersky, ZA will take care of it.
quding
QUOTE(Don Pelotas @ 22.07.2006 17:12)
If you use Kaspersky 5.0 and ZA, then yes, trun of the network protection in Kaspersky, ZA will take care of it.
*

not only ZA, bit also SP2 is enough for that,i think
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.