about msn messenger problem
Goto page 1, 2  Next  :||:
Networking/Security Forums -> Exploits // System Weaknesses

Author: Madeline_13 PostPosted: Fri Jan 10, 2003 10:06 am    Post subject: about msn messenger problem
    ----
i don't have it one and someone on my list i didnt know was a hackeris still sending this little pop up messages that I have to close out and he is talking through them. I turned off the file/printer sharing thing because he told me what kind of printer I had and he knew my systems name etc etc. What should I do?

Author: TheKingsterLocation: UK PostPosted: Fri Jan 10, 2003 11:16 am    Post subject:
    ----
Get a virus scanner that is up to date and scan for the latest viruses and trojans.

Try http://www.bitdefender.com and download the trial version and have a scan.

Author: Madeline_13 PostPosted: Fri Jan 10, 2003 11:28 am    Post subject:
    ----
alright i am checking. I think i did already but this person seems to be able to look into my shared folder which is empty anyway put he wrote a word document in there and he can see specs of pc etc.


edit*** I actually did grab this earlier different site same version ...nothing came up.

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Fri Jan 10, 2003 11:34 am    Post subject:
    ----
Might be nice if you gave us a little info about your system, e.g what is it?

Win98, Win2k, WinXP.


Sounds like you haven't turned off the Messenger service in Win2k/XP.

What kind of personal firewall do you have and what other precautions have you taken?


Last edited by ShaolinTiger on Fri Jan 10, 2003 11:44 am; edited 1 time in total

Author: Madeline_13 PostPosted: Fri Jan 10, 2003 11:38 am    Post subject:
    ----
xp -
-and I have that sygate firewall now.

Didn't have it on before when he did this stuff. He was sending these messages in a gray box(not the normal chat window for the messenger), and he kept saying "this is your ip" to me, which it was but i denied. That got him mad so he wrote a notepad file in my shared folder with some threats. I use msn but i don't want people like him, being able to get into my pc.

-i turned off file and printer sharing (since he told me what kind of printer i had)

-in wins i checked disable (default was on before)


Last edited by Madeline_13 on Fri Jan 10, 2003 11:45 am; edited 1 time in total

Author: TheKingsterLocation: UK PostPosted: Fri Jan 10, 2003 11:44 am    Post subject:
    ----
Sounds like you have a trojan. Try using netstat to see what p0rts are open and paste onto here.

Think the syntax is netstat -a

Start run, type cmd, click ok. Then in the DOS box type netstat -a

Author: Madeline_13 PostPosted: Fri Jan 10, 2003 11:46 am    Post subject:
    ----
i typed that command it shows active conenctions , correct? name of my pc and other info. you want to see this?

Author: TheKingsterLocation: UK PostPosted: Fri Jan 10, 2003 11:59 am    Post subject:
    ----
Yes, don't PM it to me, you will find you will get more help and more opinions by posting on a public post.

Author: Madeline_13 PostPosted: Fri Jan 10, 2003 12:00 pm    Post subject:
    ----
Active Connections

Proto Local Address Foreign Address State
TCP Valentine:epmap Valentine:0 LISTENING
TCP Valentine:microsoft-ds Valentine:0 LISTENING
TCP Valentine:1025 Valentine:0 LISTENING
TCP Valentine:1027 Valentine:0 LISTENING
TCP Valentine:2869 Valentine:0 LISTENING
TCP Valentine:3162 Valentine:0 LISTENING
TCP Valentine:3216 Valentine:0 LISTENING
TCP Valentine:3219 Valentine:0 LISTENING
TCP Valentine:3220 Valentine:0 LISTENING
TCP Valentine:3221 Valentine:0 LISTENING
TCP Valentine:3569 Valentine:0 LISTENING
TCP Valentine:4258 Valentine:0 LISTENING
TCP Valentine:5000 Valentine:0 LISTENING
TCP Valentine:14368 Valentine:0 LISTENING
TCP Valentine:3162 a-10.vpn.lyford.net:6667 ESTABLISHED
TCP Valentine:3216 baym-cs69.msgr.hotmail.com:1863 ESTABLISHED
TCP Valentine:3220 xp.mcafee.com:http CLOSE_WAIT
TCP Valentine:3569 205.188.1.24:5190 ESTABLISHED
TCP Valentine:4258 www.google.com:http CLOSE_WAIT
TCP Valentine:9141 Valentine:0 LISTENING
TCP Valentine:3001 Valentine:0 LISTENING
TCP Valentine:3002 Valentine:0 LISTENING
TCP Valentine:3003 Valentine:0 LISTENING
TCP Valentine:3004 Valentine:0 LISTENING
UDP Valentine:epmap *:*
UDP Valentine:microsoft-ds *:*
UDP Valentine:isakmp *:*
UDP Valentine:1026 *:*
UDP Valentine:3005 *:*
UDP Valentine:3019 *:*
UDP Valentine:3025 *:*
UDP Valentine:3210 *:*
UDP Valentine:3861 *:*
UDP Valentine:domain *:*
UDP Valentine:ntp *:*
UDP Valentine:1900 *:*
UDP Valentine:10627 *:*
UDP Valentine:56194 *:*
UDP Valentine:ntp *:*
UDP Valentine:1900 *:*
UDP Valentine:3006 *:*
UDP Valentine:3014 *:*
UDP Valentine:3018 *:*
UDP Valentine:3021 *:*
UDP Valentine:3031 *:*
UDP Valentine:3217 *:*
UDP Valentine:3403 *:*
UDP Valentine:3565 *:*

Author: TheKingsterLocation: UK PostPosted: Fri Jan 10, 2003 12:15 pm    Post subject:
    ----
Seems to be listening on a lot of TCP ports.

Shaolin knows more about this so over to him!

Author: Madeline_13 PostPosted: Fri Jan 10, 2003 12:19 pm    Post subject:
    ----
i do have the firewall up if that might be a reason i can turn it off and redo the netstat. Or would anything i'm running cause it to be listening on the TCP ports?

Last edited by Madeline_13 on Fri Jan 10, 2003 12:26 pm; edited 1 time in total

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Fri Jan 10, 2003 12:25 pm    Post subject:
    ----
Ok then.

Look at this:

http://www.uksecurityonline.com/husdg/wxpp2.php

And this to disable all unneeded services:

http://www.darknet.org.uk/content/files/securewin2k.txt

Please pay special attention to UPnP and RDS.

To make it easier for me, please do a clean reboot after doing the above security procedures and before you open anything, do a netstat -aon paste it to a text file.

Then also give us the output from fport here:

http://www.foundstone.com/knowledge/proddesc/fport.html

In the same way, without opening anything else.

Author: Madeline_13 PostPosted: Fri Jan 10, 2003 12:44 pm    Post subject:
    ----
ok i read over the second document especially. I am just a little worried it will affect something related to my job. I'm sorry that's hard to explain, but the first url you posted, I had checked that one out and done most of that, aside from the admin account which gave me some major problems with writing to directories before. I would turn read only off and it would come back on and it was a problem. I hope none of that angers you or anything. I just want to make sure I am functional for work. Hang on though I will reboot and run those tests again. -a and -an ?

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Fri Jan 10, 2003 12:50 pm    Post subject:
    ----
netstat -aon please and fport output.

Author: Madeline_13 PostPosted: Fri Jan 10, 2003 1:05 pm    Post subject:
    ----
Ok not to sure if i included the fport output, i'm new to this, but let me know, I will do it again. This is what i DID do -

Active Connections

Proto Local Address Foreign Address State PID
TCP Valentine:epmap Valentine:0 LISTENING 604
TCP Valentine:microsoft-ds Valentine:0 LISTENING 4
TCP Valentine:1026 Valentine:0 LISTENING 4
TCP Valentine:2869 Valentine:0 LISTENING 1200
TCP Valentine:5000 Valentine:0 LISTENING 1200
TCP Valentine:1025 Valentine:0 LISTENING 1328
TCP Valentine:3001 Valentine:0 LISTENING 1256
TCP Valentine:3002 Valentine:0 LISTENING 628
TCP Valentine:3003 Valentine:0 LISTENING 628
UDP Valentine:microsoft-ds *:* 4
UDP Valentine:isakmp *:* 440
UDP Valentine:3006 *:* 628
UDP Valentine:3016 *:* 768
UDP Valentine:domain *:* 628
UDP Valentine:ntp *:* 628
UDP Valentine:1900 *:* 1200
UDP Valentine:ntp *:* 628
UDP Valentine:1900 *:* 1200
UDP Valentine:3007 *:* 628
UDP Valentine:3013 *:* 628






C:\>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP Valentine:epmap Valentine:0 LISTENING
TCP Valentine:microsoft-ds Valentine:0 LISTENING
TCP Valentine:1026 Valentine:0 LISTENING
TCP Valentine:2869 Valentine:0 LISTENING
TCP Valentine:5000 Valentine:0 LISTENING
TCP Valentine:1025 Valentine:0 LISTENING
TCP Valentine:3001 Valentine:0 LISTENING
TCP Valentine:3002 Valentine:0 LISTENING
TCP Valentine:3003 Valentine:0 LISTENING
UDP Valentine:microsoft-ds *:*
UDP Valentine:isakmp *:*
UDP Valentine:3006 *:*
UDP Valentine:3016 *:*
UDP Valentine:domain *:*
UDP Valentine:ntp *:*
UDP Valentine:1900 *:*
UDP Valentine:ntp *:*
UDP Valentine:1900 *:*
UDP Valentine:3007 *:*
UDP Valentine:3013 *:*





C:\>netstat -n

Active Connections

Proto Local Address Foreign Address State

C:\>netstat -aon

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 604
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 1200
TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING 1200
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING 1328
TCP 127.0.0.1:3001 0.0.0.0:0 LISTENING 1256
TCP 127.0.0.1:3002 0.0.0.0:0 LISTENING 628
TCP 127.0.0.1:3003 0.0.0.0:0 LISTENING 628
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 440
UDP 0.0.0.0:3006 *:* 628
UDP 0.0.0.0:3016 *:* 768
UDP 12.248.248.53:53 *:* 628
UDP 12.248.248.53:123 *:* 628
UDP 12.248.248.53:1900 *:* 1200
UDP 127.0.0.1:123 *:* 628
UDP 127.0.0.1:1900 *:* 1200
UDP 127.0.0.1:3007 *:* 628
UDP 127.0.0.1:3013 *:* 628

Author: Madeline_13 PostPosted: Fri Jan 10, 2003 1:08 pm    Post subject:
    ----
wait nevermind. i think i got it. i clicked for a demo to be shown and not the download. I was looking over the entire page. hold on ill do the scan. sorry about that

Last edited by Madeline_13 on Fri Jan 10, 2003 2:31 pm; edited 1 time in total



Networking/Security Forums -> Exploits // System Weaknesses


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Goto page 1, 2  Next  :||:
Page 1 of 2

Powered by phpBB 2.0.x © 2001 phpBB Group