View previous topic :: View next topic |
Author |
Message |
Madeline_13 Just Arrived
Joined: 10 Jan 2003 Posts: 0
|
Posted: Fri Jan 10, 2003 10:06 am Post subject: about msn messenger problem |
|
|
i don't have it one and someone on my list i didnt know was a hackeris still sending this little pop up messages that I have to close out and he is talking through them. I turned off the file/printer sharing thing because he told me what kind of printer I had and he knew my systems name etc etc. What should I do?
|
|
Back to top |
|
|
TheKingster Link Spammer
Joined: 03 May 2002 Posts: 0 Location: UK
|
Posted: Fri Jan 10, 2003 11:16 am Post subject: |
|
|
Get a virus scanner that is up to date and scan for the latest viruses and trojans.
Try http://www.bitdefender.com and download the trial version and have a scan.
|
|
Back to top |
|
|
Madeline_13 Just Arrived
Joined: 10 Jan 2003 Posts: 0
|
Posted: Fri Jan 10, 2003 11:28 am Post subject: |
|
|
alright i am checking. I think i did already but this person seems to be able to look into my shared folder which is empty anyway put he wrote a word document in there and he can see specs of pc etc.
edit*** I actually did grab this earlier different site same version ...nothing came up.
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Fri Jan 10, 2003 11:34 am Post subject: |
|
|
Might be nice if you gave us a little info about your system, e.g what is it?
Win98, Win2k, WinXP.
Sounds like you haven't turned off the Messenger service in Win2k/XP.
What kind of personal firewall do you have and what other precautions have you taken?
Last edited by ShaolinTiger on Fri Jan 10, 2003 11:44 am; edited 1 time in total |
|
Back to top |
|
|
Madeline_13 Just Arrived
Joined: 10 Jan 2003 Posts: 0
|
Posted: Fri Jan 10, 2003 11:38 am Post subject: |
|
|
xp -
-and I have that sygate firewall now.
Didn't have it on before when he did this stuff. He was sending these messages in a gray box(not the normal chat window for the messenger), and he kept saying "this is your ip" to me, which it was but i denied. That got him mad so he wrote a notepad file in my shared folder with some threats. I use msn but i don't want people like him, being able to get into my pc.
-i turned off file and printer sharing (since he told me what kind of printer i had)
-in wins i checked disable (default was on before)
Last edited by Madeline_13 on Fri Jan 10, 2003 11:45 am; edited 1 time in total |
|
Back to top |
|
|
TheKingster Link Spammer
Joined: 03 May 2002 Posts: 0 Location: UK
|
Posted: Fri Jan 10, 2003 11:44 am Post subject: |
|
|
Sounds like you have a trojan. Try using netstat to see what p0rts are open and paste onto here.
Think the syntax is netstat -a
Start run, type cmd, click ok. Then in the DOS box type netstat -a
|
|
Back to top |
|
|
Madeline_13 Just Arrived
Joined: 10 Jan 2003 Posts: 0
|
Posted: Fri Jan 10, 2003 11:46 am Post subject: |
|
|
i typed that command it shows active conenctions , correct? name of my pc and other info. you want to see this?
|
|
Back to top |
|
|
TheKingster Link Spammer
Joined: 03 May 2002 Posts: 0 Location: UK
|
Posted: Fri Jan 10, 2003 11:59 am Post subject: |
|
|
Yes, don't PM it to me, you will find you will get more help and more opinions by posting on a public post.
|
|
Back to top |
|
|
Madeline_13 Just Arrived
Joined: 10 Jan 2003 Posts: 0
|
Posted: Fri Jan 10, 2003 12:00 pm Post subject: |
|
|
Active Connections
Proto Local Address Foreign Address State
TCP Valentine:epmap Valentine:0 LISTENING
TCP Valentine:microsoft-ds Valentine:0 LISTENING
TCP Valentine:1025 Valentine:0 LISTENING
TCP Valentine:1027 Valentine:0 LISTENING
TCP Valentine:2869 Valentine:0 LISTENING
TCP Valentine:3162 Valentine:0 LISTENING
TCP Valentine:3216 Valentine:0 LISTENING
TCP Valentine:3219 Valentine:0 LISTENING
TCP Valentine:3220 Valentine:0 LISTENING
TCP Valentine:3221 Valentine:0 LISTENING
TCP Valentine:3569 Valentine:0 LISTENING
TCP Valentine:4258 Valentine:0 LISTENING
TCP Valentine:5000 Valentine:0 LISTENING
TCP Valentine:14368 Valentine:0 LISTENING
TCP Valentine:3162 a-10.vpn.lyford.net:6667 ESTABLISHED
TCP Valentine:3216 baym-cs69.msgr.hotmail.com:1863 ESTABLISHED
TCP Valentine:3220 xp.mcafee.com:http CLOSE_WAIT
TCP Valentine:3569 205.188.1.24:5190 ESTABLISHED
TCP Valentine:4258 www.google.com:http CLOSE_WAIT
TCP Valentine:9141 Valentine:0 LISTENING
TCP Valentine:3001 Valentine:0 LISTENING
TCP Valentine:3002 Valentine:0 LISTENING
TCP Valentine:3003 Valentine:0 LISTENING
TCP Valentine:3004 Valentine:0 LISTENING
UDP Valentine:epmap *:*
UDP Valentine:microsoft-ds *:*
UDP Valentine:isakmp *:*
UDP Valentine:1026 *:*
UDP Valentine:3005 *:*
UDP Valentine:3019 *:*
UDP Valentine:3025 *:*
UDP Valentine:3210 *:*
UDP Valentine:3861 *:*
UDP Valentine:domain *:*
UDP Valentine:ntp *:*
UDP Valentine:1900 *:*
UDP Valentine:10627 *:*
UDP Valentine:56194 *:*
UDP Valentine:ntp *:*
UDP Valentine:1900 *:*
UDP Valentine:3006 *:*
UDP Valentine:3014 *:*
UDP Valentine:3018 *:*
UDP Valentine:3021 *:*
UDP Valentine:3031 *:*
UDP Valentine:3217 *:*
UDP Valentine:3403 *:*
UDP Valentine:3565 *:*
|
|
Back to top |
|
|
TheKingster Link Spammer
Joined: 03 May 2002 Posts: 0 Location: UK
|
Posted: Fri Jan 10, 2003 12:15 pm Post subject: |
|
|
Seems to be listening on a lot of TCP ports.
Shaolin knows more about this so over to him!
|
|
Back to top |
|
|
Madeline_13 Just Arrived
Joined: 10 Jan 2003 Posts: 0
|
Posted: Fri Jan 10, 2003 12:19 pm Post subject: |
|
|
i do have the firewall up if that might be a reason i can turn it off and redo the netstat. Or would anything i'm running cause it to be listening on the TCP ports?
Last edited by Madeline_13 on Fri Jan 10, 2003 12:26 pm; edited 1 time in total |
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
|
Back to top |
|
|
Madeline_13 Just Arrived
Joined: 10 Jan 2003 Posts: 0
|
Posted: Fri Jan 10, 2003 12:44 pm Post subject: |
|
|
ok i read over the second document especially. I am just a little worried it will affect something related to my job. I'm sorry that's hard to explain, but the first url you posted, I had checked that one out and done most of that, aside from the admin account which gave me some major problems with writing to directories before. I would turn read only off and it would come back on and it was a problem. I hope none of that angers you or anything. I just want to make sure I am functional for work. Hang on though I will reboot and run those tests again. -a and -an ?
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Fri Jan 10, 2003 12:50 pm Post subject: |
|
|
netstat -aon please and fport output.
|
|
Back to top |
|
|
Madeline_13 Just Arrived
Joined: 10 Jan 2003 Posts: 0
|
Posted: Fri Jan 10, 2003 1:05 pm Post subject: |
|
|
Ok not to sure if i included the fport output, i'm new to this, but let me know, I will do it again. This is what i DID do -
Active Connections
Proto Local Address Foreign Address State PID
TCP Valentine:epmap Valentine:0 LISTENING 604
TCP Valentine:microsoft-ds Valentine:0 LISTENING 4
TCP Valentine:1026 Valentine:0 LISTENING 4
TCP Valentine:2869 Valentine:0 LISTENING 1200
TCP Valentine:5000 Valentine:0 LISTENING 1200
TCP Valentine:1025 Valentine:0 LISTENING 1328
TCP Valentine:3001 Valentine:0 LISTENING 1256
TCP Valentine:3002 Valentine:0 LISTENING 628
TCP Valentine:3003 Valentine:0 LISTENING 628
UDP Valentine:microsoft-ds *:* 4
UDP Valentine:isakmp *:* 440
UDP Valentine:3006 *:* 628
UDP Valentine:3016 *:* 768
UDP Valentine:domain *:* 628
UDP Valentine:ntp *:* 628
UDP Valentine:1900 *:* 1200
UDP Valentine:ntp *:* 628
UDP Valentine:1900 *:* 1200
UDP Valentine:3007 *:* 628
UDP Valentine:3013 *:* 628
C:\>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP Valentine:epmap Valentine:0 LISTENING
TCP Valentine:microsoft-ds Valentine:0 LISTENING
TCP Valentine:1026 Valentine:0 LISTENING
TCP Valentine:2869 Valentine:0 LISTENING
TCP Valentine:5000 Valentine:0 LISTENING
TCP Valentine:1025 Valentine:0 LISTENING
TCP Valentine:3001 Valentine:0 LISTENING
TCP Valentine:3002 Valentine:0 LISTENING
TCP Valentine:3003 Valentine:0 LISTENING
UDP Valentine:microsoft-ds *:*
UDP Valentine:isakmp *:*
UDP Valentine:3006 *:*
UDP Valentine:3016 *:*
UDP Valentine:domain *:*
UDP Valentine:ntp *:*
UDP Valentine:1900 *:*
UDP Valentine:ntp *:*
UDP Valentine:1900 *:*
UDP Valentine:3007 *:*
UDP Valentine:3013 *:*
C:\>netstat -n
Active Connections
Proto Local Address Foreign Address State
C:\>netstat -aon
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 604
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 1200
TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING 1200
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING 1328
TCP 127.0.0.1:3001 0.0.0.0:0 LISTENING 1256
TCP 127.0.0.1:3002 0.0.0.0:0 LISTENING 628
TCP 127.0.0.1:3003 0.0.0.0:0 LISTENING 628
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 440
UDP 0.0.0.0:3006 *:* 628
UDP 0.0.0.0:3016 *:* 768
UDP 12.248.248.53:53 *:* 628
UDP 12.248.248.53:123 *:* 628
UDP 12.248.248.53:1900 *:* 1200
UDP 127.0.0.1:123 *:* 628
UDP 127.0.0.1:1900 *:* 1200
UDP 127.0.0.1:3007 *:* 628
UDP 127.0.0.1:3013 *:* 628
|
|
Back to top |
|
|
Madeline_13 Just Arrived
Joined: 10 Jan 2003 Posts: 0
|
Posted: Fri Jan 10, 2003 1:08 pm Post subject: |
|
|
wait nevermind. i think i got it. i clicked for a demo to be shown and not the download. I was looking over the entire page. hold on ill do the scan. sorry about that
Last edited by Madeline_13 on Fri Jan 10, 2003 2:31 pm; edited 1 time in total |
|
Back to top |
|
|
|