RE: VERY strange problem? HELP!
- Posted by "Kat" <gertie at visionsix.com> Jun 27, 2004
- 455 views
On 27 Jun 2004, at 9:40, CoJaBo wrote: > > > posted by: CoJaBo <cojabo at suscom.net> > > irv mullins wrote: > > > > CoJaBo wrote: > > > > > > I already have AdAware and I just ran a scan, and found nothing. > > > The time that the hacker took control of my computer and hacked my > > > accounts it had found well over 800. No, that is not a misteak. > > > I had to reformat the hard drive to get rid of them... > > > I also have SpyBot S&D, it just found the normal: > > > a what's related link and a bunch of cookies (Mmmm... cookies!) You realise cookies can be made executeable too? > > 800 must be some kind of record! > Sorry, I forgot to include the additial 300 that SpyBot S&D found. > I had also fuond the source: an active X super-virus, it got past > 2 firewalls and my virus scanner. This one alone was the reason I > had to reformat and reinstall; no mater what it would reinstall > itself and at least 500 others. Yes, isn't ActiveX great? The thing is: *ALL* scripting languages run thru firewalls like rain thru clouds. That includes ActiveX, VB, VBS, Java, JS, everything on an html "link" tag (great for hiding java/script downloads!). And it's true IE will execute html in a .jpg or other pic file, and while i haven't tried it, i imagine netscrape will also execute html in a web url ending in .jpg. > > Anyway, three of the symptoms you mentioned are common signs of infection: > > > > -Mouse moves on its own > > > > -Browser opens up random page > > > > -Internet connection is extremely slow > > > > If that's still happening, then perhaps something is still there, but > > not recognized by Ad-aware/SpyBot. Do you have a really good firewall > > in place? How about a way to monitor outgoing traffic to see if your > > computer is busy sending out spam? > I use Norton Internet Security and a router with a hardware firewall. > None are reporting anything odd except connections to unknown computers: > 192.168.100.1 > 10.150.1.103 Pop open mirc, and type: /dns 192.168.100.1 and you should see yourself. Errr,, your computer's name, or something else you'd recognise. Those are both LAN addresses. I suspect the 192.168... is your computer or router, and the 10.150.. (unless it's you) is on your isp. Neither address should be on the internet, and you should firewall the following to/from the internet: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 Kat