does EarthLink do something funky?
Greetings,
I'm trying to help my sister with her computer. She's on Earthlink, and recently I installed Symantec to clean out over 174 viruses. Needless to says, it's been 0wn3d so long, I can't believe it hasn't cratered yet.
Ok, after Symantec, Spybot (v1.3), Stinger, and firewall additions... I've noticed wierd configurations with the IP information (handed via DHCP from the dial-up with E-link).
Here's the IPCONFIG:
PPP adapter EarthLink xxxxxxxxx@earthlink.net:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 209.179.190.140
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 209.179.190.140
DNS Servers . . . . . . . . . . . : 207.69.188.187
207.69.188.186
NetBIOS over Tcpip. . . . . . . . : Disabled
...and the NETSTAT -AN is still extreamly *busy* but down to 1.5 pages in length (from over 10 prior to the removal of all the DoS viruses, worms, trojans, etc.) -- including a listener 8080 on the local 127.0.0.1 and over a dozen listeners on 0.0.0.0.
Internet Explorer was configured to use a proxy: 127.0.0.1 8080.
???? Question is this: does E-link do anything wierd with their configs that would be attributed to this -- or is this just the last vestages of the myriad infestations? Their web site is, oh so, useful, but the DNS servers from the web are NOT the ones in the IPCONFIG, (but they still are e-link's...).
Please don't make me call e-link tech support...
Thanks, Cheers!
Myk
Re: does EarthLink do something funky?
Quote:
???? Question is this: does E-link do anything wierd with their configs that would be attributed to this -- or is this just the last vestages of the myriad infestations?
Could be.
You may want to consider backup data and killing the current OS and do a re-install.
You may never know what baddies lurk.
I have not known Earthlink to do use any strange proxy settings.
I have many remote users on Earthlink and have not seen it.
If you suspect Earthlink, you can simply setup a dialup profile and skip installing the
Earthlink software.
Good Luck
Re: Re: does EarthLink do something funky?
Quote:
Originally posted here by ss2chef
You may want to consider backup data and killing the current OS and do a re-install.
You may never know what baddies lurk.
I agree. There's no telling what they've changed. And as you said this has been going on for some time. They might have installed a rootkit that hides all their actions.
It doesn't hurt to check it out though. You might learn something ;)
Quote:
As far as the proxy..umm. 127.0.0.1 is the puters local ip, so that doesn't make since.
You can install a proxy in your local machine and perform some sort of content-scanning to protect yourself from Evil webpages (Norton maybe?). But it could also be something totally nasty. As I said run fport and see what application is listening on 8080.