heres a nice free antivirus if you dont already have one http://www.grisoft.com/us/us_dwnl_free.php
Printable View
heres a nice free antivirus if you dont already have one http://www.grisoft.com/us/us_dwnl_free.php
Hmmm..... I've seen a couple of these "use netstat" replies..... That's all very well if the attacker connects to you or you connect to them all the time.... It doesn't do any good in a lot of situations.... If the connection isn't current it doesn't exist so you can be so pwn3d and never see it in netstat........
How about installing some sort of IDS such as snort. This would solve the netstat problem of only seeing connections when you type the command. But, since it sounds like the firewall is blocking the attempts there shouldn't be anyone connectioning to the computer, although you should never think that. I really think that someone had installed subseven before you installed the firewall and now all their connections are getting blocked. It would be nice to here some feedback from you, like if you checked the cables on your cd-rom, or did a scan for trojans. Hopefully you've solved your problem and that's why there is no update on the situation.
I like to do a periodic netstat, also. The netstat -o option is very good because it will identify
domains, etc that you may be using and dispel any doubt about the addresses that you commonly are using. If you notice higher activity on your cable modem lights, It is a good time to do a netstat -a and a netstat -o. Just don't do it when Kazaa is connected or you will have a heart attack.
:)
I forgot to mention in my post to check out www.grc.com's SheildsUp! feature, it's very useful.
Thank you very much for all of your replies, I'm still trying to decipher a lot of what was said. I'm not that "up" on computers. In the last 24 hours I have now had 82 SubSeven attempts; most of the IP addy's are different, but some are duplicated. I checked my records of the past 24 hours and compared them to my friends who frequents the forum I mentioned last night as well. Four of the IP Addy's matched mine where she had also had these attempted intrusions the past twenty four hours. In fact, in the three minutes I've been typing this my firewall has blocked three Trojan attempts.
Here is some more information for you:
I did do the netstat -a and it appears the only open connections are to 127.0.0.1 and 205.188.146.146 and, of course, my IP is there too.
My O/S is ME and I am on AOL
Every morning when I start the computer, it completely freezes. I can't even use the ctrl-alt-del function so I end up just turning it off manually, then allowing it to scandisk (or whatever that is called). Of course, this also wipes out my firewall logs so I am really careful to save the logs all the time.
I believe I am missing a driver to my CD Rom. My CD Rom has always worked fine, but around the time I realized one of my friends had been hacked and the virus email was sent out using an email addy close to mine, is when I started having problems. This may or may not be a coincidence. I can't figure out how to find the driver, let alone install it.
There are a few members who particiapte on the other forum with me who HAVE received Trojans and had to reformat their harddrive.
I have noticed the lights blinking on my computer when it is not in use.
I noticed today that some of the items in my tool bar are missing which has not happened before.
I have Norton Anti-Virus and Norton Firewall which I am religious in the Live Updates. I also use SpyCop and Spybot. All come up clean.
I am the only person who uses this computer.
Okay, this one is going to show my true lack of computer knowledge, but I can't remember how to get into my Device Manager. This is all so foreign to me. But at bootup, the CD Rom IS still there.
I'm scared to reinstall Windows because won't I lose everything? I also use this computer for work and because my CD Rom has not been working, I have everything on my hard drive. The place I bought the computer from said they can look at it, but they are running three to four weeks right now and I can't poossibly be without my computer as it's my only means of income.
I did a search on the IP's today and one is repeatedly showing as "Loopback". What does that mean? It's tracing to China, but the IP trying to Trojan me doesn't appear as a Chinese IP; it begins with 61. and the "Loopback" is going to a 218. IP.
I TRULY appreciate all of your help. If I have missed something I will post again. It's so difficult to even use the computer with all these Firewall flags going off, now, I've had 12 Trojan attempts since I began this post. Again, thank you very much :)
I believe the loopback ip is 127.0.0.1 which is the localhost ip which is the ip your computer uses for connections. It's nothing to worry about because it's an ip from your comp, not a remote machines ip. for the device manager right click my computer and select properties. go to one of the tabs, i'm not sure which on ME just check them all and you should see the device manager button. I have 98 and device manager has its own tab. I'm assuming your ip is available on the board you and your friend frequent. As for the connection attempts, i wouldn't worry about them if you have a firewall and all your a/v and other scans come up clean. Other than your cd-rom not working I would say your all clear. Another tip, get winXP pro or Home, I have heard ME is the worst of all windows OS's. Also, you could get an external hard drive to back up your data, or if you're on a network you could transfer what you need to another comp.
That's all for now.
Thank you for the instructions. I did go to Device Manager and my CD Rom is NOT there, but there is info at StartUp on it. I had found out that the 127.0.0.1 was not something to worry about. I just didn't understand why a "Loopback" was being reference in the IP trace. The IP that attempted an intrusion on my computer with a Trojan is 61.172.3.25 (also same IP ending in .23). When I did the trace it gave me a "Loopback" IP of 21.1.10.178 (and also .177) registering in China. I thought maybe whoever has been doing all these Trojans MAY be doing so through other people's computers in order to avoid getting caught. I am at an endless search as to how to figure out who it is or even prove it; especially with my lacking computer knowledge :)
Thank you again, I really appreciate everyone's help :)
I wouldn't worry about it as long as you're safe. Hopefully someone else will nail them. As far as your cdrom, I hope you get all that sorted out soon. When I replaced my old cdrom with a different one, I didn't have to install any drivers, it just worked. I'm sure yours used to work also. Have you tried unplugging and replugging in both the IDE and power supply cables(of course your comp will be off when you do this, put this in just to be safe). Hopefully, if all else fails you can try installing drivers from your manufacturers website.
Good luck.
Attacking back is never a good idea and for two reasons. First, the ISP (or machine) that the attack is orginiating from might just be another victim, someone the attacker is using as a launching point. Attacking back could just get innocent people caught in a crossfire. Second, it's legal and is less likely to get you into oodles of trouble. Attacking back with <enter attack name here> is likely to get you frowned upon by the source ISP, your ISP, and quite possibly, some scary looking guys in dark suits and dark sunglasses.Quote:
Originally posted here by Drakain Zeil
If you are being hacked you can always tracert the user and hope they aren't using a spoofed IP, this way you can keep the IP as refrence and if you see a constant attack from them on your PC, you can do one of these two things:
1. Fight fire with fire.
2. Report to their ISP.
Think first before engaging fingers...
alpha