-
May 18th, 2003, 12:35 AM
#1
Junior Member
Help im in Trojan Hell
Hello,
I am a security newbie. For the past coulple of days I have been getting heavy warnings that my system is being hacked using a backdoor/trojan horse. I would like to know how to close the ports and/or clean the trojans off of my system. I am being attacked (i think locally) by a 68.xx.xxx.67 & a 68.xx.xxx.163. Are these local IP's and if so, how can I stop the attacks?
I am currently running:
Windows 2k w/ norton internet security
Moosoft's The cleaner
Norton Antivirus software
Imesh P2P client (is this unsafe?)
I have direct cable/dsl connection to my computer, should I also configure a router and/or proxy settings, and if so how do I do that? Thank you for any help at all.
-
May 18th, 2003, 12:49 AM
#2
First off are you on root? If you are, you need to create a limited account while on any p2p network.
Half of the trojans and viruses out there won't be able to get the correct permission's if you are primarily running on a limited account. To check and see if any trojans are already listening on your system run netstat -an in the command prompt, to determine which port's may be trojan ports find yourself a good trojan port's list. I noticed you said you have the cleaner, this should detect most trojans if you have any, but you could also try tauscan which can be found Here . And to answer your question about "is p2p safe" p2p is almost never safe and i would recommend strong antivirus and anti-trojan software if you are going to continue to use p2p. Good Luck.
-
May 18th, 2003, 01:36 AM
#3
If ur using a firewall and its saying something like, ip address ........ has tried to access your computer using [Trojan Name], but has been blocked...blah...blah..blah
This is just some gay lord scanning peoples computers for a trojan ALREADY on ppls systems. I get these messages all the time from Norton firewall, and i actually got pissed off and emailed the offenders ISP (normally abuse@ispname). If you send them all details with a whois search, the ISP will at least warn the offenders not to do it again and will hopefully ban them for being GAY !!!
Hope this helps.
If your really worried about trojans, use the cleaner to sweep your system to make sure, as this will pick up any trojans lurking around. Get it at http://www.moosoft.com/
-
May 18th, 2003, 02:31 AM
#4
The 68.xx.xxx.xxx is owned by cox communication...its an external ip address. Most internal addresses start with either 10 or 192.
It's like ChrisWuk said. What your seeing is kiddies looking for something to play with.Just because your FW is warning you of someone tring to make a connection doesn't mean there is something there for them to connect too. their scanning that port in an IP range thats all.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
May 18th, 2003, 02:36 AM
#5
Re: Help im in Trojan Hell
Originally posted here by neosamurai
Hello,
I am a security newbie. For the past coulple of days I have been getting heavy warnings that my system is being hacked using a backdoor/trojan horse. I would like to know how to close the ports and/or clean the trojans off of my system. I am being attacked (i think locally) by a 68.xx.xxx.67 & a 68.xx.xxx.163. Are these local IP's and if so, how can I stop the attacks?
I am currently running:
Windows 2k w/ norton internet security
Moosoft's The cleaner
Norton Antivirus software
Imesh P2P client (is this unsafe?)
I have direct cable/dsl connection to my computer, should I also configure a router and/or proxy settings, and if so how do I do that? Thank you for any help at all.
Well it would appear that those security programs would suffice, they have been emperically proven to do so.. however, if they aren't working, i recommend a reinstall of those, or of your operating system. I know it sounds harsh, but its simple and you dont have to worry about anything else, also, quit running p2p software.
as for the ip addresses, no those arent local, next time, get the ip and go to dos and type "nslookup iphere"
you will then get a result of who that person's Internet service provider is. Send an email to abuse@theirserver.whatever and tell them that that person has been consistently attacking you maliciously. See what happens there.
For some reason i have trouble believing that you are running all of those programs and still having problems, but i suppose it is possible. Always check www.symantec.com and several other sites for reference. >.<
-
May 18th, 2003, 02:56 AM
#6
Junior Member
Thank you so much for all of your help.
\"Cant sleep..... clown\'ll eat me..... cant sleep...... clown\'ll eat me.\"
-
May 18th, 2003, 03:05 AM
#7
-
May 18th, 2003, 03:11 AM
#8
Junior Member
I have also found that these IP's are both under comcast so do I email abuse@comcast.net if thats what nslookup says as the server name?
Thanks to all of you.
\"Cant sleep..... clown\'ll eat me..... cant sleep...... clown\'ll eat me.\"
-
May 18th, 2003, 09:56 AM
#9
Thats correct - u should recieve some response, but it may take some time - good luck (but really dont worry about it if you have AV sotware up to date and a good firewall) !!
If u need anymore help, just ask
-
May 18th, 2003, 10:37 AM
#10
I am surprised noone came up with the spy/adware thing.
Even though Imesh claims it is free of spy/adware it is loaded with it afaik.
Ad a spyware removal tool to that list og installed software.
Personnally I don't use p2p anymore but when I did I used WinMX which is free of spy/adware.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|