Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Help im in Trojan Hell

  1. #1
    Junior Member
    Join Date
    Dec 2001
    Posts
    23

    Post Help im in Trojan Hell

    Hello,

    I am a security newbie. For the past coulple of days I have been getting heavy warnings that my system is being hacked using a backdoor/trojan horse. I would like to know how to close the ports and/or clean the trojans off of my system. I am being attacked (i think locally) by a 68.xx.xxx.67 & a 68.xx.xxx.163. Are these local IP's and if so, how can I stop the attacks?

    I am currently running:
    Windows 2k w/ norton internet security
    Moosoft's The cleaner
    Norton Antivirus software
    Imesh P2P client (is this unsafe?)

    I have direct cable/dsl connection to my computer, should I also configure a router and/or proxy settings, and if so how do I do that? Thank you for any help at all.

  2. #2
    Senior Member
    Join Date
    May 2003
    Posts
    747
    First off are you on root? If you are, you need to create a limited account while on any p2p network.
    Half of the trojans and viruses out there won't be able to get the correct permission's if you are primarily running on a limited account. To check and see if any trojans are already listening on your system run netstat -an in the command prompt, to determine which port's may be trojan ports find yourself a good trojan port's list. I noticed you said you have the cleaner, this should detect most trojans if you have any, but you could also try tauscan which can be found Here . And to answer your question about "is p2p safe" p2p is almost never safe and i would recommend strong antivirus and anti-trojan software if you are going to continue to use p2p. Good Luck.

  3. #3
    If ur using a firewall and its saying something like, ip address ........ has tried to access your computer using [Trojan Name], but has been blocked...blah...blah..blah

    This is just some gay lord scanning peoples computers for a trojan ALREADY on ppls systems. I get these messages all the time from Norton firewall, and i actually got pissed off and emailed the offenders ISP (normally abuse@ispname). If you send them all details with a whois search, the ISP will at least warn the offenders not to do it again and will hopefully ban them for being GAY !!!

    Hope this helps.

    If your really worried about trojans, use the cleaner to sweep your system to make sure, as this will pick up any trojans lurking around. Get it at http://www.moosoft.com/

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    The 68.xx.xxx.xxx is owned by cox communication...its an external ip address. Most internal addresses start with either 10 or 192.

    It's like ChrisWuk said. What your seeing is kiddies looking for something to play with.Just because your FW is warning you of someone tring to make a connection doesn't mean there is something there for them to connect too. their scanning that port in an IP range thats all.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #5
    er0k
    Guest

    Re: Help im in Trojan Hell

    Originally posted here by neosamurai
    Hello,

    I am a security newbie. For the past coulple of days I have been getting heavy warnings that my system is being hacked using a backdoor/trojan horse. I would like to know how to close the ports and/or clean the trojans off of my system. I am being attacked (i think locally) by a 68.xx.xxx.67 & a 68.xx.xxx.163. Are these local IP's and if so, how can I stop the attacks?

    I am currently running:
    Windows 2k w/ norton internet security
    Moosoft's The cleaner
    Norton Antivirus software
    Imesh P2P client (is this unsafe?)

    I have direct cable/dsl connection to my computer, should I also configure a router and/or proxy settings, and if so how do I do that? Thank you for any help at all.
    Well it would appear that those security programs would suffice, they have been emperically proven to do so.. however, if they aren't working, i recommend a reinstall of those, or of your operating system. I know it sounds harsh, but its simple and you dont have to worry about anything else, also, quit running p2p software.

    as for the ip addresses, no those arent local, next time, get the ip and go to dos and type "nslookup iphere"

    you will then get a result of who that person's Internet service provider is. Send an email to abuse@theirserver.whatever and tell them that that person has been consistently attacking you maliciously. See what happens there.

    For some reason i have trouble believing that you are running all of those programs and still having problems, but i suppose it is possible. Always check www.symantec.com and several other sites for reference. >.<

  6. #6
    Junior Member
    Join Date
    Dec 2001
    Posts
    23
    Thank you so much for all of your help.
    \"Cant sleep..... clown\'ll eat me..... cant sleep...... clown\'ll eat me.\"

  7. #7
    Banned
    Join Date
    Apr 2003
    Posts
    3,839
    http://www.comusolv.com/security/trojan.htm (trojan removal tools)

    http://www.freewarehome.com/System_U..._Trojan_t.html (Free Anti Trojan tools)

    http://www.surferbeware.com/free-downloads.htm (misc. security tools)

    http://www.symantec.com/techsupp/vir..._tutorial.html (virus removal tutorials)

    maybe some of these link can help you ... if u didnt already solve your problem.....

  8. #8
    Junior Member
    Join Date
    Dec 2001
    Posts
    23
    I have also found that these IP's are both under comcast so do I email abuse@comcast.net if thats what nslookup says as the server name?

    Thanks to all of you.
    \"Cant sleep..... clown\'ll eat me..... cant sleep...... clown\'ll eat me.\"

  9. #9
    Thats correct - u should recieve some response, but it may take some time - good luck (but really dont worry about it if you have AV sotware up to date and a good firewall) !!

    If u need anymore help, just ask

  10. #10
    I am surprised noone came up with the spy/adware thing.
    Even though Imesh claims it is free of spy/adware it is loaded with it afaik.
    Ad a spyware removal tool to that list og installed software.

    Personnally I don't use p2p anymore but when I did I used WinMX which is free of spy/adware.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •