Good grief.....don't wait untill the 'next' time. Do it long befor there can be a next time.
Printable View
Good grief.....don't wait untill the 'next' time. Do it long befor there can be a next time.
One thing I would recommend, since you say you have broadband, is to not allow any connections, that were no initiated by your computer. If your not running any type of servers, there is no reason that you would want to allow any incoming connections.
--PuRe
here's a idea, check your file and printer sharing.
Make sure that none of the boxes are ticked.
I had a similiar problem and it turned out to be my best friend that was hacking my computer, and just causing one problem after another..
So cheak it you never now that could be the problem
True, it *may* be a trojan but without getting infront of the box, none of us will ever know. Like I mentioned, the only sure solution that can be offered is to reload the OS if he can't figure out what is going on.Quote:
If you still believe you have a trojan, try fport from http://www.foundstone.com
Run it, and see if any peculiar programs are binding to peculiar port numbers.
A good attacker will surely upload hacked versions of netstat so I wouldn't rely on *any* system info (ports and services) using the local netstat exe or such. I keep a recovery disk with known clean versions of exes like this so that when stuff like this happens I have at least a decent shot of finding the cause.
Again, trying to pinpoint the issue from here is like asking someone to guess what is clogging your toilet - it could be anything.
--TH13
:)
yah thats pretty sick dude :) About my shutting down any unwanted processes, i intended that the user knew what processes you needed to keep your machine running, but if the user is a n00b then here is a nice list of what processes do what (http://www.3iii.dk/pc-mod/tasks+services.htm)...by the way what os are you running?Quote:
what is clogging your toilet - it could be anything.
To expand on what Hoss said. When you reload the box do _not_ have it attached to the internet. Download Zonealarm and cut it to CD prior. Load the box, make the recovery disks, load Zonealarm then attach the box and go immediately to windows update and do all patches. Then make the disks again..... Now you have a clean install and patched recovery disks and you are at a known starting point. From there follow M$'s recommendations for hardening a box and you will be in business......
Then; Be careful out there......
It would help to know what chat program you are using. All these suggestions are great and good tips, but most likely none of them will work. Are you in IRC? are you useing mIRC or some scripted version of mIRC or what? or are you in MSN? Did you install any plugins on it? It is most likely a script kiddie program that they are using and no firewall or anything else will work because it is exploiting your chat program directly.
thanks again for all your advice...like i think i may have mentioned before am really new to all this.. (and i mean really new!!!) so I have to admit I didnt quite understand all of it (sad but true but, hey, we all have to start somewhere.....)havent had any probs for a few days now, but like i said being new am trying to learn, so have printed off all your tips for future refernce and will try a couple of the dls you suggested just to double check i dont have any nastys lurking.... cheers all!!! x
Do NOT use mirc v. 6.01 anymore !!!
Do NOT trust any mirc versions not downloaded from official site.
Do NOT trust any scripts given to you.
Disable auto-get dcc
check out: http://www.moosoft.com/thecleaner/download.php
Disable auto-get dcc
i got hacked last month and that piece of **** named zonealarm asked me
when they tried to ftp with a script.
zonealarm did not save me from intrusion.
(i'm using kerio now but this won`t save you from intrusion by sripting, too)
the file downloaded automatically and was then executed after downloading,
i never set up to execute downloaded files .
so take care.
Do NOT trust anyone on IRC ;)