Somebody is taking control of my computer
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Somebody is taking control of my computer

  1. #1
    Junior Member
    Join Date
    Nov 2004
    Posts
    3

    Angry Somebody is taking control of my computer

    Somebody is taking control of my computer, he closes my windows or open my start menu and tries to start an application

    i ran the netstat -an command and this is what i get:

    Active Connections

    Proto Local Address Foreign Address State
    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:3011 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:3725 0.0.0.0:0 LIST
    TCP 0.0.0.0:3011 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:3725 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:3728 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:3729 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:3992 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:3994 0.0.0.0:0 LISTENING
    TCP 10.0.0.2:3725 207.46.107.170:1863 ESTABLISHED
    TCP 10.0.0.2:3728 64.215.171.57:80 CLOSE_WAIT
    TCP 10.0.0.2:3729 64.215.171.57:80 CLOSE_WAIT
    TCP 10.0.0.2:3992 207.68.178.16:80 CLOSE_WAIT
    TCP 10.0.0.2:3994 63.209.221.228:80 CLOSE_WAIT
    TCP 10.0.0.2:3995 207.46.108.31:1863 ESTABLISHED
    TCP 10.0.0.2:3994 63.209.221.228:80 CLOSE_WAIT
    TCP 10.0.0.2:3995 207.46.108.31:1863 ESTABLISHED
    TCP 127.0.0.1:3001 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:3002 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:3003 0.0.0.0:0 LISTENING
    UDP 0.0.0.0:445 *:*
    UDP 0.0.0.0:500 *:*
    UDP 0.0.0.0:1025 *:*
    UDP 0.0.0.0:3004 *:*
    UDP 0.0.0.0:3396 *:*
    UDP 0.0.0.0:3404 *:*
    UDP 0.0.0.0:3407 *:*
    UDP 0.0.0.0:3734 *:*
    UDP 0.0.0.0:9370 *:*
    UDP 10.0.0.2:9 *:*
    UDP 10.0.0.2:123 *:*
    UDP 10.0.0.2:137 *:*
    UDP 10.0.0.2:138 *:*
    UDP 10.0.0.2:1831 *:*
    UDP 10.0.0.2:1900 *:*
    UDP 127.0.0.1:123 *:*
    UDP 127.0.0.1:1900 *:*
    UDP 127.0.0.1:3014 *:*
    UDP 127.0.0.1:3030 *:*
    UDP 127.0.0.1:3084 *:*
    UDP 127.0.0.1:3363 *:*
    UDP 127.0.0.1:3878 *:*
    UDP 127.0.0.1:3996 *:*
    UDP 127.0.0.1:4542 *:*


    i'm not sure how he connects to my pc..
    maybe somebody can help me find what port he connects to

  2. #2
    Senior Member
    Join Date
    May 2004
    Posts
    519
    It is probably a trojan .. Scan your computer with an uptodate virus scanner like AVG and it will hopefully detect it and delete it for you.. or once you find out what it is you can surf the net for an answer on how to clean it

  3. #3
    Unplug your computer from the network, bring in an AntiVirus like ClamWin or AVG on a CD, plug back in and quickly update the AV's, reboot into safe mode (F8 at boot) and scan. Here is a doc to help out:

    http://www.antionline.com/attachment...achmentid=4913

    When you are done, update windows from Internet Explorer. Go to tools and select windows update, it is very important that you do this.

  4. #4
    Banned
    Join Date
    Sep 2004
    Posts
    305
    What are you talking about? You have MSN running and you have an internet browswer of some sort running... I don't see anything out of the usual... anybody mind pointing out what's wrong there?!

  5. #5
    Somebody is taking control of my computer, he closes my windows or open my start menu and tries to start an application
    I think that screams [strike]sub7.[/strike] a typical trojan.

  6. #6
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466

    Re: Somebody is taking control of my computer

    Originally posted here by Adrenaline
    Somebody is taking control of my computer, he closes my windows or open my start menu and tries to start an application
    There is nothing seems to be wrong with the active connections, but there are trojans which can use some well unkown ports. To detect the trojan simple browse the following registry and paste its values in th thread.

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices-

    Sure you know how to open the registry, if not its regedit command run it and you will see a nw window. When u reach the desire regsitry copy the contents on right hand n paste them here.

    Also u can download a scanner from
    http://www.glocksoft.com/download.htm which will help u scanning the trojab urself.

    Soda_Popinsky
    I think that screams sub7.

    Well there isn't any Sub7 port open i think all are safe. The normal ports used by sub7 are 1243, 1999, 2773, 2774, 6667, 6711, 6712, 6713, 6776, 7000, 7215, 16959, 27374, 27573, 54283 normally, do u have a special one.
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  7. #7
    1. My point was that there is a trojan that allows mouse control. Doesn't really matter what the name is, this person is severely owned.
    2. Recent trojans include an option to choose the port the hacker would like to operate on (to avoid firewalls or whatever), so using open ports to ID the trojan is pretty much useless.

  8. #8
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    There is also a decent one this year that allows limited remote control via ICMP. Hows that for hard to detect? Show my a windows box that has that turned off?
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  9. #9
    Junior Member
    Join Date
    Nov 2004
    Posts
    3
    thanx for all your awnsers.
    i ran a procesmanager to see what proceses are running and here is the out put:
    i know i have a couple of spyware in there, but is it possible to use one of them to acces control over my pc.

    Process PID CPU Description Company Name
    System Idle Process 0 86
    Interrupts n/a Hardware Interrupts
    DPCs n/a Deferred Procedure Calls
    System 4
    smss.exe 512 Windows NT Session Manager Microsoft Corporation
    csrss.exe 576 2 Client Server Runtime Process Microsoft Corporation
    winlogon.exe 600 Windows NT Logon Application Microsoft Corporation
    services.exe 644 Services and Controller app Microsoft Corporation
    svchost.exe 804 Generic Host Process for Win32 Services Microsoft Corporation
    WISPTIS.EXE 3964 Microsoft Tablet PC Platform Component Microsoft Corporation
    svchost.exe 904 Generic Host Process for Win32 Services Microsoft Corporation
    svchost.exe 972 Generic Host Process for Win32 Services Microsoft Corporation
    wscntfy.exe 2484 Windows Security Center Notification App Microsoft Corporation
    Smc.exe 1084 3 Sygate Agent Firewall Sygate Technologies, Inc.
    svchost.exe 1300 Generic Host Process for Win32 Services Microsoft Corporation
    svchost.exe 1368 Generic Host Process for Win32 Services Microsoft Corporation
    spoolsv.exe 1484 Spooler SubSystem App Microsoft Corporation
    nhksrv.exe 204
    cisvc.exe 240 Content Index service Microsoft Corporation
    cidaemon.exe 3484 Indexing Service filter daemon Microsoft Corporation
    cidaemon.exe 1764 Indexing Service filter daemon Microsoft Corporation
    fpavupdm.exe 288 F-Prot Antivirus Update Monitor FRISK Software
    NPROTECT.EXE 452 Norton Protection Status Symantec Corporation
    nvsvc32.exe 580 NVIDIA Driver Helper Service, Version 43.45 NVIDIA Corporation
    NOPDB.exe 1052 NOPDB Symantec Corporation
    svchost.exe 1424 Generic Host Process for Win32 Services Microsoft Corporation
    symlcsvc.exe 1040 Symantec Core Component Symantec Corporation
    wdfmgr.exe 1844 Windows User Mode Driver Manager Microsoft Corporation
    symwsc.exe 2044 Norton Security Center Service Symantec Corporation
    alg.exe 3328 Application Layer Gateway Service Microsoft Corporation
    lsass.exe 656 LSA Shell (Export Version) Microsoft Corporation
    explorer.exe 1228 Windows Explorer Microsoft Corporation
    CTHELPER.EXE 2872 CtHelper Application Creative Technology Ltd
    mouse32a.exe 3000
    MsgPlus.exe 3032 Messenger Plus! Patchou
    jusched.exe 3052
    realsched.exe 3060 RealNetworks Scheduler RealNetworks, Inc.
    NetLimiter.exe 3084 NetLimiter LockTime
    F-Sched.exe 3096 Scheduler - Windows application FRISK Software International
    F-StopW.exe 3448 F-StopW Version 3.15B Frisk Software International
    ctfmon.exe 3560 1 CTF Loader Microsoft Corporation
    TeaTimer.exe 3700 1 System settings protector Safer Networking Limited
    msmsgs.exe 3788 Windows Messenger Microsoft Corporation
    firefox.exe 3392 Firefox Mozilla
    WINZIP32.EXE 1600 WinZip WinZip Computing, Inc.
    procexp.exe 424 8 Sysinternals Process Explorer Sysinternals
    rundll32.exe 3752 Run a DLL as an App Microsoft Corporation
    msnmsgr.exe 3836 MSN Messenger Microsoft Corporation

    Process: Procexp Pid: -2

    Type Name


    i really want to know how he connects to my pc and can control it...
    how do they use the remote control via ICMP?

  10. #10
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Adrenaline,

    I noted in your thread that you had Norton and that may be some fairly reputable software. However, I never limit myself to just one AV or means of detecting Viruses and Trojans. Additionally, contrary to their claims, not all AVís are worth a hoot at detecting Trojans. Therefore, to detect some of the newer Trojans, you really need software that is current and written just for that purpose. Below are a few of the Trojan Cleaners I have used and would recommend. Some are free and some have a 30 day trail. Be sure to write the name of it down verbatim before quarantining or deleting it though. If itís not detected there are other possibilities.

    Swat it
    http://swatit.org/

    The Cleaner
    http://www.moosoft.com/

    TDS-3
    http://tds.diamondcs.com.au/

    Pc Doorguard
    http://www.astonsoft.com/whypdg2ultra.htm


    In addition to your Norton, surf on over to either HouseCall - Trend Micro or BitDefender for an online scan.

    Trend Micro - Free online virus Scan
    http://housecall.trendmicro.com/

    BitDefender ScanOnline
    http://www.bitdefender.com/scan/license.php
    Connection refused, try again later.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •