I need desperate help... please?
Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: I need desperate help... please?

  1. #1

    I need desperate help... please?

    I'm not really a newbie, in fact, i think i know quite a bit about computer security, but this one incident just isn't making sense...

    Yesterday I was talking to a friend on aim to try to help him get rid of a trojan that was in his computer when all of a sudden a strange screename that I had never seen before started talking to me and saying some of the stuff I was sending to the other person.

    I tried the most obvious things, used a spyware scanner, ran antivirus(both which i have multiple programs I use), went into the command prompt and typed "netstat -n" to look for suspicious ports. All of this stuff did nothing.

    How is this person able to see what i am typing? Any help would be greatly appreciated.

  2. #2
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    OMG.... are you serious??

    Let's look at the facts.

    Your friend has a trojan. You are talking to your friend. Someone else knows what you are typing. Your computer checks out. Seems pretty obvious to me. It was someone using the trojan on your friends computer...
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    Member
    Join Date
    Dec 2003
    Posts
    59
    Did you have your friend run netstat on his computer?
    What trojan was it?
    Is it possible your friend was playing a joke on you? (him having another aim screenname)

  4. #4
    Member
    Join Date
    Feb 2004
    Posts
    33
    It sounds like they were intercepting the data somewhere in the network which means they could be tapped in anywhere. Your friend didn't have any of this happen at their end did they? Or maybe the worm/virus/trojan on your friends computer was sending the data.

  5. #5
    Well it isn't just with that one person, it happens to EVERYONE i ever talk to using aim. No matter which screename i instant message, he always knows exactly what im saying.

  6. #6
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    Go with HTRegz's idea. Its extremely unlikely that somewhere along the way someone is intercepting your traffic so don`t worry about that. Get your friend to run a virus scanner, do a netstat etc... and see what is happening on their computer (they should espcecially do this if the same things happens again - do it while its happening).

    Although, reading your last post again, are you sure you don`t have the trojan? Do you have a personal firewall? try blocking all out bound traffic except your aim chat.
    Quis custodiet ipsos custodes

  7. #7
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    I'll have to default to those with more knowledge about those messaging systems, but in less than one month, I have taken my son's hd and cleansed it of all kinds of virii, trojans etc. , because he loves chatting with his pals on the instant msg programs. I have one of his drives just sitting on the shelf because I want to check out all the crud and see what it has done. We now have his AV always on and it intercepts them. (2 this week!) The next time it happens, I'll make note of the critters and pass it on. He visits anema (spelling?) sites as well, so that may be a source also.


    You didn't say it, but is this your computer at home, or is it a computer at work? The reason I ask, as stated earlier, the odds of someone sniffing your packets is really slim unless they are on the same network as you. If it's a work, that opens other possibilities.


  8. #8
    Senior Member
    Join Date
    Jan 2004
    Location
    Hawaii
    Posts
    351

    Exclamation And The Truth Is Expelled

    No matter how much people tell you that there is no way; there are ways to monitor AIM convos. The person may be using a trojan, or something similar, like remote anything. But there are otehr programs, I have seen them in action...gotta test the new merchandise and such. It depends on who's messing with you, but he could be a developer, or just some script-kiddie messing with some new-found prog. The programs are very under-developed at this time, but all you do is enter a screenname, and an IP if you have it, and it searches for the user online. After a few moments, assuming the person is online and logged on, it, one way or another, intercepts and filters packets. They are reassembled to a quite readable HTML file. Sometimes there are parts of the conversation missing, and sometimes, there is useless crap that was filtered incorrectly. I'm not sure where I found the one I tested some 6 months ago, but they are out there, just still "underwraps", or so to speak.

    Geek isn't just a four-letter word; it's a six-figure income.

  9. #9

    Lightbulb

    Could he try switching to something like Trillian? Trillian isn't AIM but sends AIM messages. Or would it share the same security holes? Just a shot in the dark...

  10. #10
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    It might be a spy software. Either someone has installed it on your buddy's PC or your PC, and they're getting all your convos. Not likely but it could be. Most likely it could be a trojan in both your computer and your friends computer. To clean that up use thecleaner, instead of just using your AV software. Using spybot s&D and adaware wouldn't hurt neither.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides