-
June 11th, 2002, 03:47 AM
#1
Has this computer been compromised?
I have a friend who came to me with a question. He feels his puter may be compromised. I did a google and a SamSpade. The Traceroute looked strange to me.
I'm posting the info he sent me. If you see something obvious that I don't, please feel free to speak up. We all know I'm no expert. LOL
I knew I could ask my friends here at AO.
Thanks in advance.
PS. Hogfly, is your gas better?
Anyway, here's what he says....
---------------------------------------------------
At work I have a small network. 4 computers including a server.
My secretary is on vacation this week and I am the only one there.
While I wasn't on the net, I noticed the data light on the cable modem on the server flashing. (server is running nt4.0 with ZAP Pro and Wingate for inet access through cable modem)
I do a netstat on my puter. Everything is fine. I check my hub. Nothing on the network is transmitting over the network.
So I log on to server. (Nobody uses it and it is usually logged off so the only things that should be running are services)
I do a netstat -a and there are a couple of connection to Romania. Wingate is only showing a connection to my 'puter. Still no network activity.
info.....
server:nbsession (I assume netbui) 205.246.203.43:80
server:2385 varzarv2.kappa.ro:8080
server:3661 67dial105.xnet.ro:8080
and connections to
194.105.24.221:8080:8080/talk.htm
213.233.67.105:8080:8080/talk.htm
Actually I think the last 2 were showing in wingate.
A probe of my system at grc shows I am cool.
------------------------------------------------------------------
Thanks again, folks.
-
June 11th, 2002, 05:27 AM
#2
Senior Member
no, you have not been hacked
-
June 11th, 2002, 05:32 AM
#3
Member
Well, going to http://194.105.24.221:8080 takes you to a page with a message to go to ifriends.net. That domain is registered to Intimate Friends Network out of Florida. www.ifriends.net is an online video chat site, where if you have a web cam, you can chat about cars, computers, gardening.... and yes, Adult Chat.
But the thing your friend really needs to look out for is that there is a virus that does make a connection to kappa.ro. I remember reading a virus warning a couple weeks ago that said one of the things the virus did was set up a connection to that domain. I remember that specifically because I went to the home page for the domain, just to see what it looked like.
And just now, I went to kappa.ro and I remembered that I had seen that home page before, and it was due to a virus warning.
Now, I can't remember WHAT virus it is that does this, but I am sure of it.
Have your friend do a full virus scan.
-
June 11th, 2002, 06:16 AM
#4
Did you know that there was a soccer shoe called the kappa virus...retail, about 125 bucks. LMAO Sometimes, Google just doesn't give the answers you want. LOL
I didn't find anything about the virus at McAfee of Symantec either but, I'll suggest a full scan to my friend.
I thought maybe spyware but, he said his ZoneAlarm is secure and working properly. He also said GRC gave him a clean bill of health.
I also thought someone might be "bouncing" (is that the right term?) off his server. Using it for their own little private proxy server.
Anyone else?
Thanks again,
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|