Results 1 to 9 of 9

Thread: Trojans...etc.

  1. #1

    Trojans...etc.

    I'm a little paranoid....I got a worm recently. Panda antivirus found it and removed it. Coincidently somebody obtained access to one of my web page accounts and left an obvious message that they breached my security. The password for my account was really long and convuluted so I'm wondering if I have a trojan or something to that effect on my system. Panda hasn't found anything, but I'm curious if it would find something, if the anti-virus software was installed after the incident.

    I have zone alarm pro now, but it only asks me if I want "x-file" to access the internet...saying that it has accessed the internet before....unfortunately if zone alarm pro was installed after the trojan was...then it would only be telling me that "trojan x" has already accessed the internet...so do not worry about it.

    Basically...what should I do...besides wiping out my system and reinstalling everything.

    Is there some utility that is designed to catch trojan-like viruses?

  2. #2
    Shadow Programmer mmelby's Avatar
    Join Date
    Jul 2002
    Location
    Ft. Myers, FL
    Posts
    291
    There are probably some free stuff out there but PestPatrol will find and eliminate hacker tools, Spyware, and Trojans.

    http://www.pestpatrol.com
    Work... Some days it's just not worth chewing through the restraints...

  3. #3
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    www.tauscan.org (I think it is)

    ITs possible they hacked your webpage through poor programming also, not from gaining root on your machine...
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  4. #4
    Senior Member
    Join Date
    Jul 2002
    Posts
    386
    Another really good piece of software is Trojan Hunter. You get a 30 day free trial and updates. At the end of the 30 days you remove it or buy it. It doesn't stop working but no more updates are available. There's free stuff out there, but I haven't found anything in a single package that'll look for them all.

    Trojan Hunter, Pest Patrol, Tauscan, and lots of others are very good and should do the job. Unfortunately, antivirus software and firewalls can't stop them all. although the folks at Wilders.org say Kaspersky AV does a better job on trojans than most.

    Also, Kaspersky AV is looking for people to test a free beta AV program. Just need a valid email and give them some input. I downloaded it and like it. Worth a look.

  5. #5
    Senior Member
    Join Date
    Feb 2002
    Posts
    500
    http://www.sophos.com

    theres another place to get a free trial of a full AV with definitions, works great (better then mcafee's) on servers too!
    Ron Paul: Hope for America
    http://www.ronpaul2008.com/

  6. #6
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    First thing you need to do is make absolutely sure that your machine is clean. The only surefire way to do this is to start over; however, if that is not an option for you, you might want to start here. This page contains many tools that can be helpful in finding out processes that may be running as a backdoor.

    I would also recommend finding a good anti-trojan hunter (as has already been mentioned).

    The next thing you need to do is to identify how the intruder accessed your web page, whether it was a Windows attack, an IIS attack (there are trillions), a script abuse, a frontpage attack (there have been some released lately). If you can't identify how the intruder accessed your machine, you need to start locking things down very very tightly (and pay close attention to your scripts). Make sure you have all the latest patches and hotfixes available, not just for the OS but for IIS and any other server programs that you may be running (most likely avenue that the attacker used).

    You didn't mention what OS you are running (would have been helpful), but you need to start looking into the security policies for your machine. You need to make sure as many services as possible are turned off, that the file permissions for your web user and web pages will not allow access outside of the proper directories, you need to check on anonymous access (null sessions), and a liriad of other possibilities (I will wait to elaborate until you mention what OS you have).

    I would also recommend ditching zone alarm. IMHO, something like agnitum outpost is much better (though more difficult to use since it offers more options/granularity). It not only pays attentions to what applications are allowed access, but you can granularly restrict the destinations by ip/name and port, it also does some rudimentary IDS and Ad Blocking...and it is free.

    You have alot of work ahead of you, good luck.

    /Nebulus


    EDIT: Forgot some things: Once you are sure it is clean, change every password on the machine. Look at all trust relationships you have used. Any account that you accessed from that machine (whether email, messengers, other machines, etc) should also have its password changed. Any shares that the machine may have had access to should also be evaluated to make sure that the hacker didn't abuse those relationships to get into other machines. While you are locking down the box, leave it offline, no sense in further exposing yourself. I am sure i will remember more stuff soon...but this is about all the gas my brain has left right now
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  7. #7
    Senior Member
    Join Date
    Jul 2002
    Posts
    386
    Good point, nebulus, about cleaning the machine first. I always put first things second. I also second the nomination of Outpost firewall. I can't use it, unfortunately. The current version isn't compatible with xp's ICS.

    I don't think there's much else to add to what's been said. Absolutely change ALL passwords to everything, and if you've used credit cards or do banking and such on the net, pay damned close attention to your statements and do a lot of praying.

  8. #8
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,050
    www.tauscan.org (I think it is)

    ITs possible they hacked your webpage through poor programming also, not from gaining root on your machine...
    souleman its actually http://www.agnitum.com/download/
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  9. #9
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    For me, PestPatrol works wonders. Also, maybe that they did find the password or something through an FTP service or whatever. Definitely try doing daily or weekly tests of any server or machine you have to make sure you aren't infected with Virii, Trojans, Spyware, etc..
    Space For Rent.. =]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •