Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Hacker put spam e-mailer on my comp!

  1. #1
    Junior Member
    Join Date
    Feb 2003
    Posts
    7

    Hacker put spam e-mailer on my comp!

    I recently connected my computer to a cable modem and wasn't using a firewall. It seems that somone came into the machine and is using my IP address to send spam.

    The cable company shut down my modem and notified me of the problem. I took all the settings out of outlook express thinking that it was using that program.

    So here is whats hapening...I have the main comp connected to the cable modem and then there are three other machines that connect to the main one to gain internet access. I'm running a proxy server by analogx to give the other machines access. As soon as I start up that proxy I start getting pop up windows showing that Nortons is scaning out going messages. So whatever virus is on my machine needs that proxy running inorder to send the mail.

    Is there anyway I can find this program or change the proxy program to stop that, I've been told that all the proxys would use the same settings..so just switching proxys wouldn't help. I've run Nortons online scan and that didn't find anything either...

    Its starting to look like I'll have to format and reload everything which would be a major pain ...

    There has to be a way to find this program and get rid of it with out starting over, no?

    Thank you!

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Are any of the 'other' machines running as a mail server (SMTP)? If so, you may just be relaying spam not originating it.

    Cheers:
    DjM

  3. #3
    Junior Member
    Join Date
    Feb 2003
    Posts
    7
    I shut all the machines down other then the main one connected to the internet. As soon as I start the proxy server even though all the other machines are turned off, it will start sending the mail ....oh yeah OS is 98SE

    Thanks

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    I would check your startup locations on every machine to make sure that you don't have programs starting up that you don't want to.

    If you are using 9x, ME or XP, from start, run type "msconfig" (w/o the "") and click on the startup tab. 2k doens't have this by default and you have to either copy the msconfig from another PC to your %systemroot%\system32 folder or check your most common startup locations in the registry.

    start programs startup folder

    HKLM\software\microsoft\windows\currentversion\run

    HKLM\software\microsoft\windows\currentversion\runonce

    HKLM\software\microsoft\windows\currentversion\services

    I would also look at the same locations in HKCU.

    Look through for anything that shouldn't be starting up. Check to make sure that you don't have remote access enabled on these PCs. You can install zone alarm firewall to find out what programs are trying to access the web at startup. You will most likely find your culprit there.
    I would also look through you services and disable anything that you don't need.

    Run antivirus to make sure that viruses wern't planted on your machine.
    It is also likely that someone installed a trojan, so use a trojan scanner to check your machines and remove the trojan(s) if there are some.

    EDIT: Can't get the formatting correct... sorry.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Junior Member
    Join Date
    Feb 2003
    Posts
    7
    ScanRegistry
    SystemTray
    SoundFusion
    LexmarkPrintray
    LoadPower Profile
    RealTray
    SmcService
    XtreamLok Licence Manager
    ccApp
    cc RegVfy
    LoadPower Profile
    Scheduling Agent
    WinProxy
    SmcService
    ccEvtmgr
    ScriptBlocking

    Thi is what shows up ...THanks

  6. #6
    Senior Member
    Join Date
    Jan 2003
    Posts
    686
    You're main problem is your OS I think, Win98 is not really that secure. You might want to think about picking up a version of Windows 2000 or XP, which are NT platforms. That's an expensive route to do though.

    Personally you know what you should do, go find yourself a 486 with a working floppy drive and 16MB of RAM, then you can download software for Windows to create a bootable disk and turn the 486 into a router complete with a firewall. You can do a search on google for linux firewall distros. Http://www.coyotelinue.com is an example of something you could use (thats what I use, runs great).
    486's are cheap, I bought 3 of them for like $40. A 486 is like the minmum repirements, if you've got a nice system as the Gateway between your other 3 computers and the Internet, no sence is wasting that for something that is simple but powerful. Or go out and buy yourself a router, but those can cost you about $80.

    Bottom line is that you need security, you need some sort of firewall security hardware or software that will block the mail server port (I think it's port 110) so that you aren't a relay for spam. I know what's happening, I tried setting up a mail server on my system and got the same problem once I turned port 110 open. So I scraped that idea.

    Plus with being on cable and not having a firewall, people will be trying to hack the crap out of your server. I know I've had cable since it came out, I was port of a few DDoS systems for awhile until I wised up and figured out what was going on. No need for you to loose Internet over an OS flaw or problem that is letting someone else take over your system right? Plus you don't want someone hacking in and formatting your hard drive so you loose all your stuff?
    [shadow]There is no right and wrong, only fun and boring...
    Formatting my server because someone hacked into it sounds pretty boring to me...
    That\'s why it\'s all about AntiOnline.com!
    [/shadow]

  7. #7
    Junior Member
    Join Date
    Feb 2003
    Posts
    7
    I just downloaded zonealarm and by the time I got this site back up it has shown 32 intrusion attempts what the heck is going on??

  8. #8
    Senior Member
    Join Date
    Jan 2003
    Posts
    686
    you're on cable, that is how it is, if people can ping your computer they will take a look and see if they can break into it. That's why you will hear about people trying to "stealth" their ports or computer. That makes the computer look like the specified IP doesn't have a computer connected to it. Well at least to the typical person who's just looking, but it's better than having those 32 people attacking your computer!
    [shadow]There is no right and wrong, only fun and boring...
    Formatting my server because someone hacked into it sounds pretty boring to me...
    That\'s why it\'s all about AntiOnline.com!
    [/shadow]

  9. #9
    Junior Member
    Join Date
    Aug 2002
    Posts
    15
    have you done an antivirus scan yet? My suggestion is to sort through each attempt and of course the above suggestions. If you have critical data and you can stand the down time I would log those 32 attempts and take it off the network.

    That way if the hack is monitored by the hacker and he knows that he's been caught then he might fire your drive. But most of the time these are just spammers making money off your bandwidth...

    Good luck to you...

  10. #10
    Junior Member
    Join Date
    Feb 2003
    Posts
    7
    OK, I've got zonealarm up and running and my problem seems to be gone..I started up that proxy server and I see no Nortons pop up screens showing that e-mail is being scaned..is this possible?

    And yes, I'm running Nortons antivirus

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •