-
April 18th, 2006, 08:59 PM
#1
Junior Member
hack attempt?
I think some jerk might be trying to hack me. Has anyone else had any intrusion attempts on their machine from IP 85.255.115.227? I traced the address on RIPE.net and it came back to some ISP in the Ukraine. My firewall stopped it trying to use something called "HTTP MS IE Dbl Backslash Local Zone Exec". After that, my AVS program got Download.Trojan and some other random trojan horse program in my Internet Explorer temporary files. So far, this IP address has tried to hit me twice, once while using my laptop at home, and once while using it at school. Has anybody else had a problem from this source? If so, what can be done about it?
-
April 18th, 2006, 09:07 PM
#2
Are you sure you dont have something on your laptop calling the IP address..."calling home"
so when you are connected to the internet the IP is alerted and tries to come back at you.
Sounds like a piece of malware "calling home"
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
April 18th, 2006, 09:08 PM
#3
Block that IP address in your firewall and see if this keeps up.
-
April 18th, 2006, 09:10 PM
#4
I would say you definatley have something installed that you shouldnt have!
If you think about it, When your at home you will have a different IP address than when you are at school, so if he has managed to find you in two different locations, you definatley have something 'calling home' as MLF said!
-
April 18th, 2006, 11:01 PM
#5
Why don't you post your firewall log entries which contain this ip address? Make sure you remove or obscure your own ip address.
For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
(Romans 6:23, WEB)
-
April 18th, 2006, 11:05 PM
#6
Block that IP address in your firewall and see if this keeps up.
Not gonna work if he has a dynamic IP address which is what 99.9% of home users have.
Also, Downloader.Trojan is exactly that. A trojan that downloads other spyware/adware/virii nasty type stuff. I would say that this is a 'calling home' situation for sure. Let's see those FW logs though, (obscuring your own info of course)
The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare
-
April 18th, 2006, 11:36 PM
#7
Ukraine??
I found the server at 85.255.115.227 in Amsterdam in the Netherlands. And he is running using Apache version 1.3.34 and PHP 4.40.
I've included a jpg listing a few ports under 200 that he's vulnerable with.
Have fun.
(The RIPE Whois resolves to Ukraine, but I don't trust it.)
ZT3000
Beta tester of "0"s and "1"s"
-
April 18th, 2006, 11:48 PM
#8
Might I recommend that you install all the current MS security patches?
This is what might be on your machine:
http://www.symantec.com/avcenter/att...gs/s21421.html
Good luck
Yes, I agree that the Ukraine does sound a bit suspicious
-
April 18th, 2006, 11:49 PM
#9
Here's a couple of pages on Downloader.trojan:
http://www.symantec.com/avcenter/ven...er.trojan.html
http://www.computing.net/security/ww...rum/14592.html
These threats are constantly evolving, you've got a full blown case of spyware. You got your work cut out for you.
Fwiw, it got in via an unsecured Internet Explorer. You need to tighten up IE or switch browsers.
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
April 19th, 2006, 01:20 AM
#10
Don't forget to shut off system restore before all the cleansing and then establish a new restore point when your box is squeaky clean. There's several thorough malware cleaning posts in AO, Ole Fox put together a cleaning tutorial so you might want to take a peek at it Foxyloxley
If I may add two cents, also include Ewido in your tool bag.
cheers
Connection refused, try again later.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|