LAN hacked ! Ahh!

[MrLinus]

I don't believe Uconn endorses the software, but from my understanding it does not take up any bandwith because it allows no outside users at all.

Go check UConn's AUP. I wouldn't be surprised if this is the software they are having issue with. Most Universities and Colleges won't allow P2P software not because of bandwidth issues but because of copyright issues. Try uninstalling that and asking them again. Also, you should do the netstat command just in case something else is running.

[DanT118]

Well would that program be considered and FTP server? All of my friends use the same program I use and no one else has ever been blocked from using the internet connection here on the server. What could be the problem?

[DjM]

Can you contact anyone there and ask exactly what it is that they don't want on your computer/network. With this info we should be able to help you uninstall it?

Cheers:

[DanT118]

I contacted Uconn and they told me that the only way, for security reasons, that I would have a server on here would be if I connected to a P2P network that was outside of the schools server, which I do have but never use or leave connected, or that someone had set up an server on my computer by hacking into it. I dont understand how someone could have hacked past my updated antivirus software and somehow set this up on my computer but i really want it off, whatever it is, so that when i go home and use cable modem at home someone still doesnt use my IP address at all. I am so lost, please help a lil more!

[DjM]

Now lets see here, you say you do use P2P outside the schools network? Now they say they don't want you using P2P, so I think it stands, the application they want to delete is your P2P application. (even if you don't use it on their network).

Now am I reading this right?

Cheers:

[DanT118]

I used the P2P nearly a year ago, I dont believe this would constitute the immediate block i've received.

[Tiger Shark]

Anti virus doesn't stop anything but viruses...... Trojans, malware, spyware and other hacks are generally not detected by Anti Virus programs..... So, having AV doens't mean you can;t be hacked..... It's actually irrelevant until someone uploads a virus to your machine....

[MrLinus]

I used the P2P nearly a year ago, I dont believe this would constitute the immediate block i've received.

Doesn't mean that you should be able to use it. It just means they have potentially detected it. (if we go along the lines of it being a P2P issue). Sometimes random checks are done and perhaps they found you. Removing it for now at least might get you back your high speed access. You also need to figure out if there are excess processes running (potential trojans?). You might want to look into TheCleaner from Moosoft.com as many AVs miss some trojans.

In addition, I have to agree with Tiger Shark. Anti-virus is just a layer of security that looks for malicious programs. This won't identify attacks (usually an IDS) or prevent attacks (usually a firewall). You need to spend some time locking down your machine before you go and put a firewall on (putting a firewall on a machine is like putting a bandaid in front of a dam with multiple leaks --- it only deals with one issue). You might want to look at the NSA's Windows XP Security Configuration Guide (don't let the fact that it's the NSA fool you... it is a good guide) as a "recipe guide" on securing your box before you add the additional layer of a firewall and, possibly, an IDS.

[DanT118]

Thanks so much for your help. The Cleaner from Moosoft.com helped remove 3 viruses and the description of one of the viruses was exactly what was happening on my computer. I greatly appreciate everything.

[h.a.c.k.]

1...go to this site http://www.iss.net/security_center/a...xploits/Ports/
and check your open ports.

2...also, this site http://www.simovits.com/nyheter9902.html
will give you most commonly used ports for trojans and worms.

3...next, in a cmd prompt, run nbtstat -s... this will give you your netbios connection table and you can check to see if there are any remote hosts connected.

if you notice that you have an open port that is a commonly used port for trojans, post a reply here and someone will help you remove the trojan.

late