• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

about msn messenger problem

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Goto page 1, 2  Next
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
Madeline_13
Just Arrived
Just Arrived


Joined: 10 Jan 2003
Posts: 0


Offline

PostPosted: Fri Jan 10, 2003 10:06 am    Post subject: about msn messenger problem Reply with quote

i don't have it one and someone on my list i didnt know was a hackeris still sending this little pop up messages that I have to close out and he is talking through them. I turned off the file/printer sharing thing because he told me what kind of printer I had and he knew my systems name etc etc. What should I do?
Back to top
View user's profile Send private message
TheKingster
Link Spammer
Link Spammer


Joined: 03 May 2002
Posts: 0
Location: UK

Offline

PostPosted: Fri Jan 10, 2003 11:16 am    Post subject: Reply with quote

Get a virus scanner that is up to date and scan for the latest viruses and trojans.

Try http://www.bitdefender.com and download the trial version and have a scan.
Back to top
View user's profile Send private message
Madeline_13
Just Arrived
Just Arrived


Joined: 10 Jan 2003
Posts: 0


Offline

PostPosted: Fri Jan 10, 2003 11:28 am    Post subject: Reply with quote

alright i am checking. I think i did already but this person seems to be able to look into my shared folder which is empty anyway put he wrote a word document in there and he can see specs of pc etc.


edit*** I actually did grab this earlier different site same version ...nothing came up.
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Fri Jan 10, 2003 11:34 am    Post subject: Reply with quote

Might be nice if you gave us a little info about your system, e.g what is it?

Win98, Win2k, WinXP.


Sounds like you haven't turned off the Messenger service in Win2k/XP.

What kind of personal firewall do you have and what other precautions have you taken?


Last edited by ShaolinTiger on Fri Jan 10, 2003 11:44 am; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
Madeline_13
Just Arrived
Just Arrived


Joined: 10 Jan 2003
Posts: 0


Offline

PostPosted: Fri Jan 10, 2003 11:38 am    Post subject: Reply with quote

xp -
-and I have that sygate firewall now.

Didn't have it on before when he did this stuff. He was sending these messages in a gray box(not the normal chat window for the messenger), and he kept saying "this is your ip" to me, which it was but i denied. That got him mad so he wrote a notepad file in my shared folder with some threats. I use msn but i don't want people like him, being able to get into my pc.

-i turned off file and printer sharing (since he told me what kind of printer i had)

-in wins i checked disable (default was on before)


Last edited by Madeline_13 on Fri Jan 10, 2003 11:45 am; edited 1 time in total
Back to top
View user's profile Send private message
TheKingster
Link Spammer
Link Spammer


Joined: 03 May 2002
Posts: 0
Location: UK

Offline

PostPosted: Fri Jan 10, 2003 11:44 am    Post subject: Reply with quote

Sounds like you have a trojan. Try using netstat to see what p0rts are open and paste onto here.

Think the syntax is netstat -a

Start run, type cmd, click ok. Then in the DOS box type netstat -a
Back to top
View user's profile Send private message
Madeline_13
Just Arrived
Just Arrived


Joined: 10 Jan 2003
Posts: 0


Offline

PostPosted: Fri Jan 10, 2003 11:46 am    Post subject: Reply with quote

i typed that command it shows active conenctions , correct? name of my pc and other info. you want to see this?
Back to top
View user's profile Send private message
TheKingster
Link Spammer
Link Spammer


Joined: 03 May 2002
Posts: 0
Location: UK

Offline

PostPosted: Fri Jan 10, 2003 11:59 am    Post subject: Reply with quote

Yes, don't PM it to me, you will find you will get more help and more opinions by posting on a public post.
Back to top
View user's profile Send private message
Madeline_13
Just Arrived
Just Arrived


Joined: 10 Jan 2003
Posts: 0


Offline

PostPosted: Fri Jan 10, 2003 12:00 pm    Post subject: Reply with quote

Active Connections

Proto Local Address Foreign Address State
TCP Valentine:epmap Valentine:0 LISTENING
TCP Valentine:microsoft-ds Valentine:0 LISTENING
TCP Valentine:1025 Valentine:0 LISTENING
TCP Valentine:1027 Valentine:0 LISTENING
TCP Valentine:2869 Valentine:0 LISTENING
TCP Valentine:3162 Valentine:0 LISTENING
TCP Valentine:3216 Valentine:0 LISTENING
TCP Valentine:3219 Valentine:0 LISTENING
TCP Valentine:3220 Valentine:0 LISTENING
TCP Valentine:3221 Valentine:0 LISTENING
TCP Valentine:3569 Valentine:0 LISTENING
TCP Valentine:4258 Valentine:0 LISTENING
TCP Valentine:5000 Valentine:0 LISTENING
TCP Valentine:14368 Valentine:0 LISTENING
TCP Valentine:3162 a-10.vpn.lyford.net:6667 ESTABLISHED
TCP Valentine:3216 baym-cs69.msgr.hotmail.com:1863 ESTABLISHED
TCP Valentine:3220 xp.mcafee.com:http CLOSE_WAIT
TCP Valentine:3569 205.188.1.24:5190 ESTABLISHED
TCP Valentine:4258 www.google.com:http CLOSE_WAIT
TCP Valentine:9141 Valentine:0 LISTENING
TCP Valentine:3001 Valentine:0 LISTENING
TCP Valentine:3002 Valentine:0 LISTENING
TCP Valentine:3003 Valentine:0 LISTENING
TCP Valentine:3004 Valentine:0 LISTENING
UDP Valentine:epmap *:*
UDP Valentine:microsoft-ds *:*
UDP Valentine:isakmp *:*
UDP Valentine:1026 *:*
UDP Valentine:3005 *:*
UDP Valentine:3019 *:*
UDP Valentine:3025 *:*
UDP Valentine:3210 *:*
UDP Valentine:3861 *:*
UDP Valentine:domain *:*
UDP Valentine:ntp *:*
UDP Valentine:1900 *:*
UDP Valentine:10627 *:*
UDP Valentine:56194 *:*
UDP Valentine:ntp *:*
UDP Valentine:1900 *:*
UDP Valentine:3006 *:*
UDP Valentine:3014 *:*
UDP Valentine:3018 *:*
UDP Valentine:3021 *:*
UDP Valentine:3031 *:*
UDP Valentine:3217 *:*
UDP Valentine:3403 *:*
UDP Valentine:3565 *:*
Back to top
View user's profile Send private message
TheKingster
Link Spammer
Link Spammer


Joined: 03 May 2002
Posts: 0
Location: UK

Offline

PostPosted: Fri Jan 10, 2003 12:15 pm    Post subject: Reply with quote

Seems to be listening on a lot of TCP ports.

Shaolin knows more about this so over to him!
Back to top
View user's profile Send private message
Madeline_13
Just Arrived
Just Arrived


Joined: 10 Jan 2003
Posts: 0


Offline

PostPosted: Fri Jan 10, 2003 12:19 pm    Post subject: Reply with quote

i do have the firewall up if that might be a reason i can turn it off and redo the netstat. Or would anything i'm running cause it to be listening on the TCP ports?

Last edited by Madeline_13 on Fri Jan 10, 2003 12:26 pm; edited 1 time in total
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Fri Jan 10, 2003 12:25 pm    Post subject: Reply with quote

Ok then.

Look at this:

http://www.uksecurityonline.com/husdg/wxpp2.php

And this to disable all unneeded services:

http://www.darknet.org.uk/content/files/securewin2k.txt

Please pay special attention to UPnP and RDS.

To make it easier for me, please do a clean reboot after doing the above security procedures and before you open anything, do a netstat -aon paste it to a text file.

Then also give us the output from fport here:

http://www.foundstone.com/knowledge/proddesc/fport.html

In the same way, without opening anything else.
Back to top
View user's profile Send private message Visit poster's website
Madeline_13
Just Arrived
Just Arrived


Joined: 10 Jan 2003
Posts: 0


Offline

PostPosted: Fri Jan 10, 2003 12:44 pm    Post subject: Reply with quote

ok i read over the second document especially. I am just a little worried it will affect something related to my job. I'm sorry that's hard to explain, but the first url you posted, I had checked that one out and done most of that, aside from the admin account which gave me some major problems with writing to directories before. I would turn read only off and it would come back on and it was a problem. I hope none of that angers you or anything. I just want to make sure I am functional for work. Hang on though I will reboot and run those tests again. -a and -an ?
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Fri Jan 10, 2003 12:50 pm    Post subject: Reply with quote

netstat -aon please and fport output.
Back to top
View user's profile Send private message Visit poster's website
Madeline_13
Just Arrived
Just Arrived


Joined: 10 Jan 2003
Posts: 0


Offline

PostPosted: Fri Jan 10, 2003 1:05 pm    Post subject: Reply with quote

Ok not to sure if i included the fport output, i'm new to this, but let me know, I will do it again. This is what i DID do -

Active Connections

Proto Local Address Foreign Address State PID
TCP Valentine:epmap Valentine:0 LISTENING 604
TCP Valentine:microsoft-ds Valentine:0 LISTENING 4
TCP Valentine:1026 Valentine:0 LISTENING 4
TCP Valentine:2869 Valentine:0 LISTENING 1200
TCP Valentine:5000 Valentine:0 LISTENING 1200
TCP Valentine:1025 Valentine:0 LISTENING 1328
TCP Valentine:3001 Valentine:0 LISTENING 1256
TCP Valentine:3002 Valentine:0 LISTENING 628
TCP Valentine:3003 Valentine:0 LISTENING 628
UDP Valentine:microsoft-ds *:* 4
UDP Valentine:isakmp *:* 440
UDP Valentine:3006 *:* 628
UDP Valentine:3016 *:* 768
UDP Valentine:domain *:* 628
UDP Valentine:ntp *:* 628
UDP Valentine:1900 *:* 1200
UDP Valentine:ntp *:* 628
UDP Valentine:1900 *:* 1200
UDP Valentine:3007 *:* 628
UDP Valentine:3013 *:* 628






C:\>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP Valentine:epmap Valentine:0 LISTENING
TCP Valentine:microsoft-ds Valentine:0 LISTENING
TCP Valentine:1026 Valentine:0 LISTENING
TCP Valentine:2869 Valentine:0 LISTENING
TCP Valentine:5000 Valentine:0 LISTENING
TCP Valentine:1025 Valentine:0 LISTENING
TCP Valentine:3001 Valentine:0 LISTENING
TCP Valentine:3002 Valentine:0 LISTENING
TCP Valentine:3003 Valentine:0 LISTENING
UDP Valentine:microsoft-ds *:*
UDP Valentine:isakmp *:*
UDP Valentine:3006 *:*
UDP Valentine:3016 *:*
UDP Valentine:domain *:*
UDP Valentine:ntp *:*
UDP Valentine:1900 *:*
UDP Valentine:ntp *:*
UDP Valentine:1900 *:*
UDP Valentine:3007 *:*
UDP Valentine:3013 *:*





C:\>netstat -n

Active Connections

Proto Local Address Foreign Address State

C:\>netstat -aon

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 604
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 1200
TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING 1200
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING 1328
TCP 127.0.0.1:3001 0.0.0.0:0 LISTENING 1256
TCP 127.0.0.1:3002 0.0.0.0:0 LISTENING 628
TCP 127.0.0.1:3003 0.0.0.0:0 LISTENING 628
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 440
UDP 0.0.0.0:3006 *:* 628
UDP 0.0.0.0:3016 *:* 768
UDP 12.248.248.53:53 *:* 628
UDP 12.248.248.53:123 *:* 628
UDP 12.248.248.53:1900 *:* 1200
UDP 127.0.0.1:123 *:* 628
UDP 127.0.0.1:1900 *:* 1200
UDP 127.0.0.1:3007 *:* 628
UDP 127.0.0.1:3013 *:* 628
Back to top
View user's profile Send private message
Madeline_13
Just Arrived
Just Arrived


Joined: 10 Jan 2003
Posts: 0


Offline

PostPosted: Fri Jan 10, 2003 1:08 pm    Post subject: Reply with quote

wait nevermind. i think i got it. i clicked for a demo to be shown and not the download. I was looking over the entire page. hold on ill do the scan. sorry about that

Last edited by Madeline_13 on Fri Jan 10, 2003 2:31 pm; edited 1 time in total
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Goto page 1, 2  Next
Page 1 of 2


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register