I am having a problem the pass couple of months. I am being booted from the net. I am still connected but I find that when I am on a page my browser suddenly closes and I am off the page. It does not matter what page is it. I have Zone Alarm Pro and Virtual Zone alarm. My virus cans and updates are current. I have also been getting a number of intrusion attempts on mostly on ports 137 two to three a day any one know why I am being bounced off the net.

Try Agnitum's Tauscan, Pest Patrol, Boclean,Trojan Finder or TDS(PC FLANK's Website for product reviews) to see if you might have a trojan. I would give Pest Patrol a try, as there is a very small chance it could be a spyware problem, and Pest Patrol checks for spyware too. I use Tauscan, because it is easy and effective, but I also use Lavasoft's Adaware to delete spyware daily, which you did not mention using on your system. All the best!

capt is right!A problem or issue that seems to be growing is spyware/adware.I have used Adaware and Spybot search and destroy.They both work well.Both programs can be downloaded from wilders.org.They are listed under free tools >cleaners category.Every one that runs Adaware or Spybot for the first time always finds some of that crap on their computer!

Not everything is a virus or trojan ... I know for a fact that certain pages do crash Opera 6.04 i have no idea why if the scripts in the page screw it up but its definitely not a virus or trojan maybe its a browser bug. Is the problem occuring with opera. Netscape 4.79 does it too but not that often.

hi cabootee,
you may have a trojan on port 137:
if you are using zone alarm put your security to maximum to stealth all your ports, also you may want to disable ports 137 to 139, for more info go to grc.com and also www.thepublicworks.com security section and link to disable ports 137-139 for instructions and info.
someone may be using your computer for Dos attacks and you are being botted or booted off the internet for nefarious purposes, or it can be for any of the reasons in the posts above. the important thing is to verify.

here'a some info on possible trojans on 137:

Msinit
Aliases: Troj_Msinet.A, MSINIT.A, W32/Msinit, Win32.Trojan.Bymer,W32.HLLW.Bymer, Dnet.Dropper, Trojan.Win32.Bymer, W32/Bymer-A,Worm_Bymer_a, Wininit, Worm.Bymer,
Worm.RC5, Worm.RC5.b,Worm/Dnet_Winit,
Ports: 137 (UDP), 139
Files: Wininit.exe - 22,016 bytes Msinit.exe - 22,016 bytes (compressed) Msinit.exe - 53,248 bytes (uncompressed) Msxxxx.exe - 22,016 bytes Msclient.exe - 4,096 bytes Dnetc.exe - 186,188 bytes Dnetc.ini - Info.dll - Ms216.exe - Msi216.exe - Msi211.exe - - [220 kb]
Created: Sep 2000
Requires:
Actions: Worm / Destructive trojan / Network trojan
Alters Win.ini. It is also found in Windows Startup Directory. Msinit spreads itself through open network shares and disables infected computers from the network. Most of the files are packed using different versions of UPX. Dnetc is a legitimite program that may have been installed previously. In this case itīs used illegally.
Versions: A, B,
Registers: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\
Notes: Works on Windows 95, 98 and ME.
Country: written in the Ukraine

Name: Qaz
Aliases: Worm.Qaz, W32.HLLW.Qaz, Notepad, W32/QAZ.worm, Note.com,Qazwsx, W95/Qaz,
Ports: 137 (UDP), 139, 7597 (ports can not be changed)
Files: Qaz.zip - 40,548 bytes Qaz trojan notepad.exe - 120,320 bytesNotepad.exe - 120,320 bytes Qazwsx.hsq - Note.com - [53 kb] -119,296 bytes - 120,297 bytes - 122,880 bytes
Created: July 2000
Requires:
Actions: Remote Access / Downloading trojan / Worm / Network trojan
It mails the IP-address of the infected computer, probably to the sender. Qaz loads every time the user launches Notepad as Qaz has taken the original Notepadīs place. It propagates to all shares on the network with Full Access privileges granted.
Versions:
Registers: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Notes: Works on Windows 95, 98, ME, NT and 2000.
Country: written in China
Program: Written in Visual C++.

Name: Chode
Aliases: BAT/911-A, BAT/911-B, BAT.Chode.Worm, W95/Firkin.worm, Foreskin, BAT911, 911, DickHair, Bat/Firkin.A, Bat/Firkin.B, Firkin, Chode 911,
Ports: 137, 138, 139
Files: Chode.bat - Random.bat - Cu##ent.bat - Current.bat -Ashield.pif - Netstat.pif - Winsock.vbs - Mstum.bat -
Created: Mar 2000
Requires:
Actions: Worm / Autodialing trojan / Destructive trojan / Network trojan
Propagates to shared drives. Creates hidden subdirectories called \chode, \dickhair and \foreskin. May alter Autoexec.bat and format all hard drives. Autodials 911. On the 19th of the month it will delete all files in several essential directories.
Versions: 1.07c, A, B,
Registers:
Notes: Works on Windows 3.x, 95 and 98 (maybe also on NT).
Country:
Program: Written in DOS batch language.

hope this helps, all the best
murve

Murv I just put Zone Alarm on the highest security for the net. I don't know how to cut off those ports 137-139. I do have Adware, Zone Alarm and VirtualZone Utility an virus protection.

Southwestern Bell is the one pinging me at port 139 my TCP port. I have at least 15 out of Plano Texas. I don't know if they are testing or not but sending them abuse emails don't stop these intrusions.As far as virus I run my virus protectors often.

I can't say too much because all this tells of my security and I would be less secure if people knew what is running in my computer.

hi cabootee,
i know its not easy when you think you are being hacked, don't get paranoid. lets do things in a logical and organized manner.
for closing ports 137-139 you can find info at www.grc.com, or at www.thepublicworks.com security section, link -disable ports 137-139
you should install a port monitor (TDImon), a process monitor(Process Explorer)from Sysinternals and a registry monitor (REGProt), from Diamond Labs as well as a good anti-trojan, such as the capt. mentions in his post above. any good anti-trojan with regular scans and updates will protect your machine as well as regular scans and updates of your anti-virus.
you should also consider installing a free 30 day trial version of Trojan Hunter, and a trojan and port test at Pcflank to see if you have any open ports. also if you can find it- an old copy of Jammer 1.95 by Agnitum, will help you immensely, as it effectively jams out all backoffice trojans and sends an email to the offending hackers ISP. the newer version of Jammer, doesn't work well with zone alarm or any other firewall, i was told.
Hope this helps, all the best
murve

I checked out my Zone Alarm and found the feature regarding letting or blocking access to different ports. So far so good and I also raised the internet security leve.

Still having problems. I was on different sites and my was knocked off the page about 5 times. Zone Alarm is set for high I blocked several tcp and udp ports with zone alarm. I am also using virtual zone.

What do you think causes this? I know it is not a virus. I update and scan regularly. Also is is safe to do a back trace? If it is not and I still want to find out who the intruder is what protection do I need besides Zone Alarm and a antivirus should I have.