Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: hack attempt?

  1. #1
    Junior Member
    Join Date
    Jun 2002

    Question hack attempt?

    I think some jerk might be trying to hack me. Has anyone else had any intrusion attempts on their machine from IP I traced the address on RIPE.net and it came back to some ISP in the Ukraine. My firewall stopped it trying to use something called "HTTP MS IE Dbl Backslash Local Zone Exec". After that, my AVS program got Download.Trojan and some other random trojan horse program in my Internet Explorer temporary files. So far, this IP address has tried to hit me twice, once while using my laptop at home, and once while using it at school. Has anybody else had a problem from this source? If so, what can be done about it?

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Are you sure you dont have something on your laptop calling the IP address..."calling home"

    so when you are connected to the internet the IP is alerted and tries to come back at you.

    Sounds like a piece of malware "calling home"

    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    Join Date
    Jan 2004
    Block that IP address in your firewall and see if this keeps up.

  4. #4
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Button Moon
    I would say you definatley have something installed that you shouldnt have!

    If you think about it, When your at home you will have a different IP address than when you are at school, so if he has managed to find you in two different locations, you definatley have something 'calling home' as MLF said!
    Drugs have taught an entire generation of kids the metric system.


  5. #5
    Senior Member
    Join Date
    Feb 2002
    Why don't you post your firewall log entries which contain this ip address? Make sure you remove or obscure your own ip address.
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  6. #6
    Senior Member
    Join Date
    Dec 2004
    Block that IP address in your firewall and see if this keeps up.
    Not gonna work if he has a dynamic IP address which is what 99.9% of home users have.

    Also, Downloader.Trojan is exactly that. A trojan that downloads other spyware/adware/virii nasty type stuff. I would say that this is a 'calling home' situation for sure. Let's see those FW logs though, (obscuring your own info of course)
    The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare

  7. #7
    Senior Member
    Join Date
    Mar 2005

    I found the server at in Amsterdam in the Netherlands. And he is running using Apache version 1.3.34 and PHP 4.40.

    I've included a jpg listing a few ports under 200 that he's vulnerable with.

    Have fun.

    (The RIPE Whois resolves to Ukraine, but I don't trust it.)
    Beta tester of "0"s and "1"s"

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington
    Might I recommend that you install all the current MS security patches?

    This is what might be on your machine:


    Good luck

    Yes, I agree that the Ukraine does sound a bit suspicious

  9. #9
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Shawnee country
    Here's a couple of pages on Downloader.trojan:



    These threats are constantly evolving, you've got a full blown case of spyware. You got your work cut out for you.

    Fwiw, it got in via an unsecured Internet Explorer. You need to tighten up IE or switch browsers.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  10. #10
    Senior Member
    Join Date
    Dec 2003
    Pacific Northwest
    Don't forget to shut off system restore before all the cleansing and then establish a new restore point when your box is squeaky clean. There's several thorough malware cleaning posts in AO, Ole Fox put together a cleaning tutorial so you might want to take a peek at it Foxyloxley

    If I may add two cents, also include Ewido in your tool bag.

    Connection refused, try again later.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.