RE: VERY strange problem? HELP!
On 27 Jun 2004, at 9:40, CoJaBo wrote:
>
>
> posted by: CoJaBo <cojabo at suscom.net>
>
> irv mullins wrote:
> >
> > CoJaBo wrote:
> > >
> > > I already have AdAware and I just ran a scan, and found nothing.
> > > The time that the hacker took control of my computer and hacked my
> > > accounts it had found well over 800. No, that is not a misteak.
> > > I had to reformat the hard drive to get rid of them...
> > > I also have SpyBot S&D, it just found the normal:
> > > a what's related link and a bunch of cookies (Mmmm... cookies!)
You realise cookies can be made executeable too?
> > 800 must be some kind of record!
> Sorry, I forgot to include the additial 300 that SpyBot S&D found.
> I had also fuond the source: an active X super-virus, it got past
> 2 firewalls and my virus scanner. This one alone was the reason I
> had to reformat and reinstall; no mater what it would reinstall
> itself and at least 500 others.
Yes, isn't ActiveX great? The thing is: *ALL* scripting languages run thru
firewalls like rain thru clouds. That includes ActiveX, VB, VBS, Java, JS,
everything on an html "link" tag (great for hiding java/script downloads!). And
it's true IE will execute html in a .jpg or other pic file, and while i haven't
tried
it, i imagine netscrape will also execute html in a web url ending in .jpg.
> > Anyway, three of the symptoms you mentioned are common signs of infection:
> > > > -Mouse moves on its own
> > > > -Browser opens up random page
> > > > -Internet connection is extremely slow
> >
> > If that's still happening, then perhaps something is still there, but
> > not recognized by Ad-aware/SpyBot. Do you have a really good firewall
> > in place? How about a way to monitor outgoing traffic to see if your
> > computer is busy sending out spam?
> I use Norton Internet Security and a router with a hardware firewall.
> None are reporting anything odd except connections to unknown computers:
> 192.168.100.1
> 10.150.1.103
Pop open mirc, and type:
/dns 192.168.100.1
and you should see yourself. Errr,, your computer's name, or something else
you'd recognise.
Those are both LAN addresses. I suspect the 192.168... is your computer or
router, and the 10.150.. (unless it's you) is on your isp. Neither address
should be on the internet, and you should firewall the following to/from the
internet:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
Kat
|
Not Categorized, Please Help
|
|
