Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: I've been taken Over

  1. #1

    I've been taken Over

    I think I have been attacked and backdoored. I have ran NAV and S&D and Ad-Aware, but they pick up nothing. Once in a while I'll come back to my compute and files that were not there before were created, or my other AIM names are online and they should not be. I think someone is also reading my mail... What should/can I do?

  2. #2
    Senior Member
    Join Date
    Jan 2004
    Location
    Hawaii
    Posts
    350

    Try These:

    http://www.trojanscan.com/

    That is an online based trojan scanner, requires small download, but is web hosted and free.


    You should also run msconfig, check to see what kind of crap is starting on your PC.
    Geek isn't just a four-letter word; it's a six-figure income.

  3. #3
    Junior Member
    Join Date
    Feb 2004
    Posts
    10
    Hmm, there's lots of possibilities, but run this program and see if anything else is starting quietly, a lot better than msconfig -
    http://www.spywareinfo.com/~merijn/f...tartupList.exe

    Are you using a firewall? Any sort of suspicious connections or activity? Get back to us with more information, we'll find out what's going on.

  4. #4
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752

    Re: Try These:

    Originally posted here by AxessTerminated
    http://www.trojanscan.com/

    That is an online based trojan scanner, requires small download, but is web hosted and free.


    You should also run msconfig, check to see what kind of crap is starting on your PC.
    Hhmmm....never tried that one, I'll have to check it out.
    PM8228, Moosoft offers the Cleaner which is probably the best trojan cleaner I have found. It has a 30 day evaluation period to it so you can decide if you wish to purchase it as well. Found Here
    Also I would suggest you update you AV and run it in safe mode. (Also your Spybot & AdAware)
    Then also run an online AV such as Trend Microsystems: Here
    And Hyjackthis from Merlin could tell you what your registry is doing: Here
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  5. #5
    Senior Member
    Join Date
    Jun 2002
    Posts
    311
    Check your running processes and see if anything that shouldnt be there is there.

    And do a netstat - see what connections are active and which port its on. You might want to look a a program called fport-
    http://www.foundstone.com/resources/proddesc/fport.htm

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    definitly check into fport. netstat is a fine tool buts its often replaced during an attack with one that keeps the attacker hidden.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  7. #7
    Install www.mepis.org linux and cut your worries by 9/10ths. (Easier than WinXp to install and auto configures itself with a firewall, other security programs on by default).
    Were you running any kind of a firewall? Was windows messenger disabled/deleted? Switch from AIM to trillian, gaim or another client.

  8. #8
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    Another thing you could do is if you have a spare box that you can get on the net, run nessus against your infected box. The reason I suggest nessus is that it's a brilliant program to run a security audit against yourself. If you don't have a spare box, get Tenable Newt which is basically a port of nessus to windows.

    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  9. #9
    There are nothing unusual on netstat..

  10. #10
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,534
    I'm just getting over my latest 'attack', if you think there is something there, then there probably is, if so, it has probably worked it's charms ? on your AV. mine (Norton netsec 2004) was corrupted from within, I found new accounts opening ( I was just getting over a previous attack, clean install, so few files to watch, W2K Pro ) and new mail accounts as well. recycler files in the system were being filled with unopenable ? files. I went down the long winded way,
    1 - disconnect from web.
    2 - as I couldn't delete them, I changed the security access, and denied them.
    3 - on start up I was getting a pagefile.sys error, not enough virtual memory, deleted this on each trip round the O/S, as it is a .sys file it rebuilds on bootup, then just set the values the same for high and low, this stops the computer from managing the virtual memory.
    4 - Task Manager had 40+ apps running, I didn't recognise half, and so was shutting these down as well.
    unfortunately for me, another clean install was required.
    This time round ALL AV settings are high security, and I am getting hits 6 or 7 times a minute.
    have tracked and recorded the IP addresses that are profiled as hitting ports used by trojans, and so far there appears to be a French and German conspiracy against me ??
    I wish I could have accessed the help from this site as I ran out of ideas and hope PDQ.
    Still no idea what or how I got hit ?
    But at least now I have a fighting chance, courtesy of the above links. My thanks to the suppliers of the links, and I hope that you (PM8228) gets clean soon.

    I've just re-read this post , and can only apologise for the slight off thread direction it ended up at
    so now I'm in my SIXTIES FFS
    WTAF, how did that happen, so no more alterations to the sig, it will remain as is now

    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •