Author: Madeline_13, Posted: Fri Jan 10, 2003 10:06 am Post subject: about msn messenger problem ---- i don't have it one and someone on my list i didnt know was a hackeris still sending this little pop up messages that I have to close out and he is talking through them. I turned off the file/printer sharing thing because he told me what kind of printer I had and he knew my systems name etc etc. What should I do?
Author: TheKingster, Location: UKPosted: Fri Jan 10, 2003 11:16 am Post subject: ---- Get a virus scanner that is up to date and scan for the latest viruses and trojans.
Author: Madeline_13, Posted: Fri Jan 10, 2003 11:28 am Post subject: ---- alright i am checking. I think i did already but this person seems to be able to look into my shared folder which is empty anyway put he wrote a word document in there and he can see specs of pc etc.
edit*** I actually did grab this earlier different site same version ...nothing came up.
Author: ShaolinTiger, Location: Kuala Lumpur, MalaysiaPosted: Fri Jan 10, 2003 11:34 am Post subject: ---- Might be nice if you gave us a little info about your system, e.g what is it?
Win98, Win2k, WinXP.
Sounds like you haven't turned off the Messenger service in Win2k/XP.
What kind of personal firewall do you have and what other precautions have you taken?
Last edited by ShaolinTiger on Fri Jan 10, 2003 11:44 am; edited 1 time in total
Author: Madeline_13, Posted: Fri Jan 10, 2003 11:38 am Post subject: ---- xp -
-and I have that sygate firewall now.
Didn't have it on before when he did this stuff. He was sending these messages in a gray box(not the normal chat window for the messenger), and he kept saying "this is your ip" to me, which it was but i denied. That got him mad so he wrote a notepad file in my shared folder with some threats. I use msn but i don't want people like him, being able to get into my pc.
-i turned off file and printer sharing (since he told me what kind of printer i had)
-in wins i checked disable (default was on before)
Last edited by Madeline_13 on Fri Jan 10, 2003 11:45 am; edited 1 time in total
Author: TheKingster, Location: UKPosted: Fri Jan 10, 2003 11:44 am Post subject: ---- Sounds like you have a trojan. Try using netstat to see what p0rts are open and paste onto here.
Think the syntax is netstat -a
Start run, type cmd, click ok. Then in the DOS box type netstat -a
Author: Madeline_13, Posted: Fri Jan 10, 2003 11:46 am Post subject: ---- i typed that command it shows active conenctions , correct? name of my pc and other info. you want to see this?
Author: TheKingster, Location: UKPosted: Fri Jan 10, 2003 11:59 am Post subject: ---- Yes, don't PM it to me, you will find you will get more help and more opinions by posting on a public post.
Author: Madeline_13, Posted: Fri Jan 10, 2003 12:00 pm Post subject: ---- Active Connections
Author: TheKingster, Location: UKPosted: Fri Jan 10, 2003 12:15 pm Post subject: ---- Seems to be listening on a lot of TCP ports.
Shaolin knows more about this so over to him!
Author: Madeline_13, Posted: Fri Jan 10, 2003 12:19 pm Post subject: ---- i do have the firewall up if that might be a reason i can turn it off and redo the netstat. Or would anything i'm running cause it to be listening on the TCP ports?
Last edited by Madeline_13 on Fri Jan 10, 2003 12:26 pm; edited 1 time in total
Author: ShaolinTiger, Location: Kuala Lumpur, MalaysiaPosted: Fri Jan 10, 2003 12:25 pm Post subject: ---- Ok then.
To make it easier for me, please do a clean reboot after doing the above security procedures and before you open anything, do a netstat -aon paste it to a text file.
Author: Madeline_13, Posted: Fri Jan 10, 2003 12:44 pm Post subject: ---- ok i read over the second document especially. I am just a little worried it will affect something related to my job. I'm sorry that's hard to explain, but the first url you posted, I had checked that one out and done most of that, aside from the admin account which gave me some major problems with writing to directories before. I would turn read only off and it would come back on and it was a problem. I hope none of that angers you or anything. I just want to make sure I am functional for work. Hang on though I will reboot and run those tests again. -a and -an ?
Author: ShaolinTiger, Location: Kuala Lumpur, MalaysiaPosted: Fri Jan 10, 2003 12:50 pm Post subject: ---- netstat -aon please and fport output.
Author: Madeline_13, Posted: Fri Jan 10, 2003 1:05 pm Post subject: ---- Ok not to sure if i included the fport output, i'm new to this, but let me know, I will do it again. This is what i DID do -
Author: Madeline_13, Posted: Fri Jan 10, 2003 1:08 pm Post subject: ---- wait nevermind. i think i got it. i clicked for a demo to be shown and not the download. I was looking over the entire page. hold on ill do the scan. sorry about that
Last edited by Madeline_13 on Fri Jan 10, 2003 2:31 pm; edited 1 time in total