-
February 24th, 2003, 09:25 PM
#1
Junior Member
Hacker put spam e-mailer on my comp!
I recently connected my computer to a cable modem and wasn't using a firewall. It seems that somone came into the machine and is using my IP address to send spam.
The cable company shut down my modem and notified me of the problem. I took all the settings out of outlook express thinking that it was using that program.
So here is whats hapening...I have the main comp connected to the cable modem and then there are three other machines that connect to the main one to gain internet access. I'm running a proxy server by analogx to give the other machines access. As soon as I start up that proxy I start getting pop up windows showing that Nortons is scaning out going messages. So whatever virus is on my machine needs that proxy running inorder to send the mail.
Is there anyway I can find this program or change the proxy program to stop that, I've been told that all the proxys would use the same settings..so just switching proxys wouldn't help. I've run Nortons online scan and that didn't find anything either...
Its starting to look like I'll have to format and reload everything which would be a major pain ...
There has to be a way to find this program and get rid of it with out starting over, no?
Thank you!
-
February 24th, 2003, 09:33 PM
#2
Are any of the 'other' machines running as a mail server (SMTP)? If so, you may just be relaying spam not originating it.
Cheers:
-
February 24th, 2003, 09:37 PM
#3
Junior Member
I shut all the machines down other then the main one connected to the internet. As soon as I start the proxy server even though all the other machines are turned off, it will start sending the mail ....oh yeah OS is 98SE
Thanks
-
February 24th, 2003, 09:38 PM
#4
I would check your startup locations on every machine to make sure that you don't have programs starting up that you don't want to.
If you are using 9x, ME or XP, from start, run type "msconfig" (w/o the "") and click on the startup tab. 2k doens't have this by default and you have to either copy the msconfig from another PC to your %systemroot%\system32 folder or check your most common startup locations in the registry.
start programs startup folder
HKLM\software\microsoft\windows\currentversion\run
HKLM\software\microsoft\windows\currentversion\runonce
HKLM\software\microsoft\windows\currentversion\services
I would also look at the same locations in HKCU.
Look through for anything that shouldn't be starting up. Check to make sure that you don't have remote access enabled on these PCs. You can install zone alarm firewall to find out what programs are trying to access the web at startup. You will most likely find your culprit there.
I would also look through you services and disable anything that you don't need.
Run antivirus to make sure that viruses wern't planted on your machine.
It is also likely that someone installed a trojan, so use a trojan scanner to check your machines and remove the trojan(s) if there are some.
EDIT: Can't get the formatting correct... sorry.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
February 24th, 2003, 09:52 PM
#5
Junior Member
ScanRegistry
SystemTray
SoundFusion
LexmarkPrintray
LoadPower Profile
RealTray
SmcService
XtreamLok Licence Manager
ccApp
cc RegVfy
LoadPower Profile
Scheduling Agent
WinProxy
SmcService
ccEvtmgr
ScriptBlocking
Thi is what shows up ...THanks
-
February 24th, 2003, 10:05 PM
#6
You're main problem is your OS I think, Win98 is not really that secure. You might want to think about picking up a version of Windows 2000 or XP, which are NT platforms. That's an expensive route to do though.
Personally you know what you should do, go find yourself a 486 with a working floppy drive and 16MB of RAM, then you can download software for Windows to create a bootable disk and turn the 486 into a router complete with a firewall. You can do a search on google for linux firewall distros. Http://www.coyotelinue.com is an example of something you could use (thats what I use, runs great).
486's are cheap, I bought 3 of them for like $40. A 486 is like the minmum repirements, if you've got a nice system as the Gateway between your other 3 computers and the Internet, no sence is wasting that for something that is simple but powerful. Or go out and buy yourself a router, but those can cost you about $80.
Bottom line is that you need security, you need some sort of firewall security hardware or software that will block the mail server port (I think it's port 110) so that you aren't a relay for spam. I know what's happening, I tried setting up a mail server on my system and got the same problem once I turned port 110 open. So I scraped that idea.
Plus with being on cable and not having a firewall, people will be trying to hack the crap out of your server. I know I've had cable since it came out, I was port of a few DDoS systems for awhile until I wised up and figured out what was going on. No need for you to loose Internet over an OS flaw or problem that is letting someone else take over your system right? Plus you don't want someone hacking in and formatting your hard drive so you loose all your stuff?
[shadow]There is no right and wrong, only fun and boring...
Formatting my server because someone hacked into it sounds pretty boring to me...
That\'s why it\'s all about AntiOnline.com![/shadow]
-
February 24th, 2003, 10:21 PM
#7
Junior Member
I just downloaded zonealarm and by the time I got this site back up it has shown 32 intrusion attempts what the heck is going on??
-
February 24th, 2003, 10:27 PM
#8
you're on cable, that is how it is, if people can ping your computer they will take a look and see if they can break into it. That's why you will hear about people trying to "stealth" their ports or computer. That makes the computer look like the specified IP doesn't have a computer connected to it. Well at least to the typical person who's just looking, but it's better than having those 32 people attacking your computer!
[shadow]There is no right and wrong, only fun and boring...
Formatting my server because someone hacked into it sounds pretty boring to me...
That\'s why it\'s all about AntiOnline.com![/shadow]
-
February 24th, 2003, 10:28 PM
#9
Junior Member
have you done an antivirus scan yet? My suggestion is to sort through each attempt and of course the above suggestions. If you have critical data and you can stand the down time I would log those 32 attempts and take it off the network.
That way if the hack is monitored by the hacker and he knows that he's been caught then he might fire your drive. But most of the time these are just spammers making money off your bandwidth...
Good luck to you...
-
February 24th, 2003, 10:37 PM
#10
Junior Member
OK, I've got zonealarm up and running and my problem seems to be gone..I started up that proxy server and I see no Nortons pop up screens showing that e-mail is being scaned..is this possible?
And yes, I'm running Nortons antivirus
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|