Opaserv will not stop!!!

[Espilonarge]

For the last few weeks, someone on an IRC server has attempted to kill my system and it won't stop.

I have been banned from the server (PM me for a reason if you want unless you want to know here) but somehow this person keeps attempting non stop to screw my system up. So far this attacker did far worse but his manange to bypass my Firewall and changed my Norton's settings and such to bring me down.

I need help badly as I don't know how much longer I can last with the constent attacks, its been the 4th attack this week on me and I don't know how much longer this will keep going for.

I have a change of IP and hostmask everytime I connect but the main part of my login name is always the same so how there finding me that easy... I have no idea...

I am running this setup

P266, AS61111 mother board, 64 Megs ram
8 Meg PCI video card
16 Meg ESS Technowledgy sound card
56 k Modem and 10/100 network card
Windows 98 (non-SC for a reason)
Black ICE and Norton's 2002

I know its a poor setup but thats all I like, I'm not interested in super powered mother of systems, there just not me but I know theres a few things there that should be upgraded (ram being one...).

I still have the IP and attack list of when I was attacked and everything else including the list of trojins and virii that hit me...

Please... someone help me... today at 4 am now for me... I am shaking cronicly and scared...

[DjM]

OK relax, you obviously pissed someone off, but we won't go into that here. First, you said you have an IP Address of the attacker. Trace that back to find his ISP, then collect all the evidence of the attack(s) compile them into an e-mail and send it to abuse@his_ISP.com. It may take them a few days to help you but they are your best bet. You may also want to try installing another firewall like zonealarm.

Good Luck:

[gore]

Whatever you do, DO NOT retaliate, even though if what your saying is true they deserve it but if you do that kills your chances to tell his ISP and something being done, but i totally agree with the other user, tell his ISP and if possible call them ife-mailing them isnt helping, but make sure that the evidence you save is also on disk in case for example they get in and delete it, also i agree with the other again, get zone alarm and when his IP shows up, put it on a blcking list http://www.zonelabs.com and also check out http://www.downloads.com and look around for firewalls and maybe a port blocker i am kinda curiouse as to why your banned too because that might help solve why this is happening.

[Espilonarge]

Unfortunly there is a problem with working with that...

some how, this user or so has seemed to change almost every detail except one thing in common that I caught but it seems he found out...

his NetBIOS's was always the same except everything else, his IP kept changing, his ISP info changed and even tracing down the user, my ISP keeps pinging me off so badly it ends up somewhere out in the ocean.

I have the attack info from that night here with me aswell as everything he used...

I will post here now,

Time, Event, Intruder, Count
11/04/02 13:24:50, SubSeven port probe, 80.65.229.106, 1

Time, Event, Intruder, Count
11/04/02 13:24:51, Proxy port probe, 80.65.229.106, 1

Time, Event, Intruder, Count
11/04/02 13:24:57, TCP port scan, 80.65.229.106, 1

Time, Event, Intruder, Count
11/04/02 13:25:04, TCP port probe, 80.65.229.106, 6

Time, Event, Intruder, Count
11/04/02 13:25:08, TCP trojan horse probe, 80.65.229.106, 1

Time, Event, Intruder, Count
11/04/02 13:25:11, NetBus port probe, GALLY, 2

Time, Event, Intruder, Count
11/04/02 13:25:48, TCP port scan, 80.65.229.106, 33

IP: 80.65.229.106
Node: GALLY
NetBIOS: <0102>__MSBROWSE__<02>
Group: NEOXYS

* Backdoor.Trojan.Client
* Backdoor.Trojan
* Backdoor.NetDevil
* Hacktool.Rootkit
* Hacktool
* Hacktool.Nuker
* Backdoor.Osirdoor
* Trojan Horse
* W95.Spaces.1445
* W32.Opaserv.Worm
* W32.HLLW.Acebo
* JS.Exception.Exploit
* W32.HLLW.Ultimax
* W32.HLLW.Bymer

That attack was from the 4th, I have observed Black ICE seeing that NetBIOS to hack into my system after the 4th but now it seems his gotten worse and figured that out...

I'm scared that soon this guys seriously going to do a massive payload on me soon because who ever it is seems to now have some friends within the time also helping him get me, I caught about 5 Australians all outside Queensland attempting to get me.

ZoneAlarm doesn't want to work properly ethier and its to confusing of a program to use, its to cluttered...

God I want to stay on my computer but with the constent attacks, I don't know how much longer I can last...

[gore]

ok this is what you could do, you proll have a trojan installed in your computer, put that log on disk so you have proof and then back up everything on your system, and after you have everything backed up, reformat and reinstall windows, then get a good anto virus scanner, and after you get your computer back up and running install the AV software and update it till it says no more updates, then, go and update windows untill there are no more critical updates and whatever ese you may want to update then, scan everything you backed up BEFORE putting it back on your system, and then reinstall your firewals.

[DjM]

Before you do that, all those 'scans' look like they are in-bound traffic. Is there any out-bound going on. netstat -an should provide you with that information.


Cheers: