February 6th, 2004, 01:37 AM
(*ponders*) AngelicKnight brought up an interesting points. There are many other AIM clients out there. I'm not quite sure if the security hole is Windows, AIM network, or AIM client. Might be interesting to try some of the others. If it is, indeed, the client, definitely go for an open source client, now. They have the lowest amount of security risks, because everyone sees them. Google AIM +client. A good one I know of is gAIM.
Geek isn't just a four-letter word; it's a six-figure income.
February 6th, 2004, 02:34 PM
I think that Cybr1d may have a point with the spyware............not the marketing kind but the professional eavesdropping sort.
There was one being spammed a while back called "LoverSpy" which claimed to forward P2P conversations and e-mails. I believe that there are similar applications available on the market.
Unfortunately AdAware and SpyBot do not detect these, at least not when I ran a test on LoverSpy. I reported it to McAfee, who say that their product now does. If they still do an online scan you might both try that, or get a trial of the full product.
You also need a firewall that is blocking unauthorised outgoing connection attempts?
February 6th, 2004, 03:08 PM
Use Zone Alarm. If the scan and all that does not turn anything up. Reformat.
February 6th, 2004, 03:23 PM
nihil the reason why spybot or adaware wont catch them is because they're often installed physicaly by a user, and generaly the user will have the setup file either on a CD or on the PC (If downloaded). Most of them also run in stealth mode, so chances of you seeing it as a running process is next to none. When using public computers, I have the tendency to hold CTRL, SHIFT, ALT down, while going through all the keys on the keyboard. A program that i've used, you needed to press CTRL ALT SHIFT M to bring up a menu, which was password protected. If you press all those keys, and you see a menu or a password promt come up, then you def have something installed in your PC. Even if you dont see anything, do not disregard the chance of something being installed in there. Try TheCleaner, and run it on your PC. If nothing else works, then reformat your HDD. Would it be possible for you to put a screenshot of your running processes?
ALSO: WHY ARE PEOPLE GETTING NEGGED? GO EVEN YOUR APs SOMEWHERE ELSE. I dont see anything wrong with axesterminated's post, so why the negs? If you have a grudge againts the person, THEN SAVE IT FOR SOME OTHER BLOODY TIME WHEN HE SCREWS UP! sheesh, people cannot even offer their help in this place without getting negged up the ass.
February 6th, 2004, 03:53 PM
Run a sniffer on your machine while this is occuring and go through the collected data
Don't just do a straight netstat, try something like this "netstat -nao 3 > temp.txt".
This will run netstat every 3 seconds and log it to the file temp.txt.
What type of network on you on ?
Do you use Wireless ?
February 6th, 2004, 04:32 PM
Is it possible the 'intruder' has compromised the AIM main system ?
I have seen similar situations on chat rooms where 'intruders' monitor everyone's chat at the source.
Have you registered a complaint with AIM ?
February 6th, 2004, 05:22 PM
Compromising the AIM system is a huge feat now. In the olden days, the servers were centralized. Now, however, there are fewer servers and they only create the initial directions of the packets. IMs are sent directly between machines now. (Don't believe me? Send IMs with the Timestamp on, and then correlate that the outgoing packets on your machine. The IPs will match up every time.)
If someone were to succeed in doing this, they would be able to shut down the system or completely screw up accounts, take over whatever they wanted. Someone who got into the system would probably have more interesting things to do than eavesdrop on one person's conversations.
It seems most likely to me that its a keylogger, since it sounded like only one side of the conversation was being reported. The keylogger could easily be running on your system. Try taking a look at your running processes, and then take a look at the start-up processes (msconfig, here we come.)
If that turns up nothing, then I'm not sure I know what's going on or what might work.
Hope that helps...
February 6th, 2004, 06:58 PM
Is your AV updated?
You might want to check these sites out-
Free trojan scan:
AIM 5.2+ encryption certificate:
February 6th, 2004, 07:00 PM
Cyber1d is correct in that this stuff is stealthy, it is also technically "legitimate" depending on how it is used, so countermeasures providers have to be a bit careful?
That might help you catch anything that kicks off in the background.
February 7th, 2004, 05:26 AM
A long time ago, I once asked some one if they could get me a fire wall. There responce was,"what do you want one of those for". then they said do you use any of the chat clients or do you go to chat rooms. At that time i did frequent both chat rooms and IM. So i answered yes. The reply i got was ok have this. ( Norton Internet Security ).
My point is this. If you use IM, of any flavour there is a direct link from someone to your computer. You may think you are talking to lushes lips from heaven. When in reality you are talking to, hairy assed hacker from hell.
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry