Results 1 to 7 of 7

Thread: Who gave U permission to connect

  1. #1
    Junior Member
    Join Date
    Jul 2003

    Who gave U permission to connect

    Hi people,

    The lan/wan we have at work recently caught the Welch virus (worm?) and we are presently removing it. Most likely, I am told, the virus was introduced into our system internally.

    Computers (internally on our lan) are connected to each other through a hub and we all have internet connections. Everyone is using Win 2K.

    While trying to remove the virus, I noticed that the netstat -a command produced some weird (unauthorized) connections on this one computer. Is this a sign that someone had hacked this particular computer? The connections are from AT&T and a couple of other communication agencies.

    Also and without logging on to the internet, popups (casino and travel ads, etc.) appear from nowhere. I had to go to Task Manager in order to stop/close the popups. Is this another sign of a computer being "owned" by someone, other than the authorized owner? Would appreciate any insights you have on what you think is going on with that computer. Would also be thankful for any advise on ways to prevent/stop the computer from making connections to other computers, without permission.

    P.S. Our wan has a firewall. No firewalls, however, on individual computers on the lan.

  2. #2
    Junior Member
    Join Date
    Jul 2003
    Well, the random pop-ups could be spyware or something like that. Get Ad-Aware from www.lavasoftusa.com ( I am not completely sure about the URL, but google it if that one doesnt work). And run a in-depth scan. Also, does the computer in question have anything that would cause extra ports to be open? (KaZaA, AIM, etc?) It may have come from there as well.

    Hope that helps.
    Release a bomb filled with Ritalin and Pharmacy death. Keep the rich above in the hills where the impact will not reach them. Then go for the ironic statement and call it a cure for pollution.

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington

    I you have a particular machine in mind, can you isolate, reformat the hard drive, and re-install the software on it?

    You have to be careful of back ups, as you may just re-install the problem

    A " clean" re-installation is the ideal

    As for detection software, please also try Spybot Search & Destroy, and Swat It!......they all tend to find different things at any one point in time, so make sure that you update them first!!!

    Also try a run in safe mode, this may negate some stealthing features of the scumware.

    Good luck

  4. #4
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    PEBKAC - Problem exists between keyboard and chair.

    I'd have a long chat with the user with the re-education stick.

    I would imagine they have been irresponsible with their internet use.

    AV Scan
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  5. #5
    Senior Member
    Join Date
    Oct 2001
    Also when you get everything back up and running it would not be a bad idea to set up more stringent user policies to disalow installation of anything except by the administrator, which i assume is you.
    Ben Franklin said it best. \"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.\"

  6. #6
    Junior Member
    Join Date
    Jul 2003
    Cyanosis, nihil, steve.milner, EaseZE

    Thank you all for your responses. Each of your responses were appropriate.

    FYI...I stopped the unwanted connections by uninstalling iMesh; took out spy data with Spybot, etc. Think I'll finally resort to nihil's reformatting option to give the computer an overhaul. Am seriously thinking about EaseZE's suggestion about lowering the privileges of the computer user...we'll see.

  7. #7
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    One extra thought..

    Have only one internet connection.. have it Firewalled (ala Smoothwall etc).. then all users connect via this one connection..

    I know here, this idea has cost savings in the connection (ISP Accounts) alone, then the associated hardware , dialup costs.. but also you have security improvements..
    This idea may not be suitable with Hi-volume multi users.. (I don't know the purpose of your work) ..
    Just a thought..

    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts