-
February 7th, 2004, 11:36 PM
#1
I've been taken Over
I think I have been attacked and backdoored. I have ran NAV and S&D and Ad-Aware, but they pick up nothing. Once in a while I'll come back to my compute and files that were not there before were created, or my other AIM names are online and they should not be. I think someone is also reading my mail... What should/can I do?
-
February 7th, 2004, 11:39 PM
#2
Try These:
http://www.trojanscan.com/
That is an online based trojan scanner, requires small download, but is web hosted and free.
You should also run msconfig, check to see what kind of crap is starting on your PC.
Geek isn't just a four-letter word; it's a six-figure income.
-
February 7th, 2004, 11:56 PM
#3
Junior Member
Hmm, there's lots of possibilities, but run this program and see if anything else is starting quietly, a lot better than msconfig -
http://www.spywareinfo.com/~merijn/f...tartupList.exe
Are you using a firewall? Any sort of suspicious connections or activity? Get back to us with more information, we'll find out what's going on.
-
February 7th, 2004, 11:57 PM
#4
Re: Try These:
Originally posted here by AxessTerminated
http://www.trojanscan.com/
That is an online based trojan scanner, requires small download, but is web hosted and free.
You should also run msconfig, check to see what kind of crap is starting on your PC.
Hhmmm....never tried that one, I'll have to check it out.
PM8228, Moosoft offers the Cleaner which is probably the best trojan cleaner I have found. It has a 30 day evaluation period to it so you can decide if you wish to purchase it as well. Found Here
Also I would suggest you update you AV and run it in safe mode. (Also your Spybot & AdAware)
Then also run an online AV such as Trend Microsystems: Here
And Hyjackthis from Merlin could tell you what your registry is doing: Here
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown
-
February 8th, 2004, 01:03 AM
#5
Check your running processes and see if anything that shouldnt be there is there.
And do a netstat - see what connections are active and which port its on. You might want to look a a program called fport-
http://www.foundstone.com/resources/proddesc/fport.htm
-
February 8th, 2004, 04:48 AM
#6
definitly check into fport. netstat is a fine tool buts its often replaced during an attack with one that keeps the attacker hidden.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
February 8th, 2004, 04:52 AM
#7
Install www.mepis.org linux and cut your worries by 9/10ths. (Easier than WinXp to install and auto configures itself with a firewall, other security programs on by default).
Were you running any kind of a firewall? Was windows messenger disabled/deleted? Switch from AIM to trillian, gaim or another client.
-
February 8th, 2004, 05:08 AM
#8
Another thing you could do is if you have a spare box that you can get on the net, run nessus against your infected box. The reason I suggest nessus is that it's a brilliant program to run a security audit against yourself. If you don't have a spare box, get Tenable Newt which is basically a port of nessus to windows.
Cheers,
cgkanchi
-
February 9th, 2004, 12:11 AM
#9
There are nothing unusual on netstat..
-
February 9th, 2004, 01:26 AM
#10
I'm just getting over my latest 'attack', if you think there is something there, then there probably is, if so, it has probably worked it's charms ? on your AV. mine (Norton netsec 2004) was corrupted from within, I found new accounts opening ( I was just getting over a previous attack, clean install, so few files to watch, W2K Pro ) and new mail accounts as well. recycler files in the system were being filled with unopenable ? files. I went down the long winded way,
1 - disconnect from web.
2 - as I couldn't delete them, I changed the security access, and denied them.
3 - on start up I was getting a pagefile.sys error, not enough virtual memory, deleted this on each trip round the O/S, as it is a .sys file it rebuilds on bootup, then just set the values the same for high and low, this stops the computer from managing the virtual memory.
4 - Task Manager had 40+ apps running, I didn't recognise half, and so was shutting these down as well.
unfortunately for me, another clean install was required.
This time round ALL AV settings are high security, and I am getting hits 6 or 7 times a minute.
have tracked and recorded the IP addresses that are profiled as hitting ports used by trojans, and so far there appears to be a French and German conspiracy against me ??
I wish I could have accessed the help from this site as I ran out of ideas and hope PDQ.
Still no idea what or how I got hit ?
But at least now I have a fighting chance, courtesy of the above links. My thanks to the suppliers of the links, and I hope that you (PM8228) gets clean soon.
I've just re-read this post , and can only apologise for the slight off thread direction it ended up at
so now I'm in my SIXTIES FFS
WTAF, how did that happen, so no more alterations to the sig, it will remain as is now
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|