RE: VERY strange problem? HELP!
Kat wrote:
>
> On 27 Jun 2004, at 9:40, CoJaBo wrote:
>
> >
> > posted by: CoJaBo <cojabo at suscom.net>
> >
> > irv mullins wrote:
> > >
> > > CoJaBo wrote:
> > > >
> > > > I already have AdAware and I just ran a scan, and found nothing.
> > > > The time that the hacker took control of my computer and hacked my
> > > > accounts it had found well over 800. No, that is not a misteak.
> > > > I had to reformat the hard drive to get rid of them...
> > > > I also have SpyBot S&D, it just found the normal:
> > > > a what's related link and a bunch of cookies (Mmmm... cookies!)
>
> You realise cookies can be made executeable too?
>
> > > 800 must be some kind of record!
> > Sorry, I forgot to include the additial 300 that SpyBot S&D found.
> > I had also fuond the source: an active X super-virus, it got past
> > 2 firewalls and my virus scanner. This one alone was the reason I
> > had to reformat and reinstall; no mater what it would reinstall
> > itself and at least 500 others.
>
> Yes, isn't ActiveX great? The thing is: *ALL* scripting languages run thru
> firewalls like rain thru clouds. That includes ActiveX, VB, VBS, Java, JS,
> everything on an html "link" tag (great for hiding java/script downloads!).
> And
> it's true IE will execute html in a .jpg or other pic file, and while i
> haven't tried
>
> it, i imagine netscrape will also execute html in a web url ending in .jpg.
>
> > > Anyway, three of the symptoms you mentioned are common signs of infection:
> > > > > -Mouse moves on its own
> > > > > -Browser opens up random page
> > > > > -Internet connection is extremely slow
> > >
> > > If that's still happening, then perhaps something is still there, but
> > > not recognized by Ad-aware/SpyBot. Do you have a really good firewall
> > > in place? How about a way to monitor outgoing traffic to see if your
> > > computer is busy sending out spam?
> > I use Norton Internet Security and a router with a hardware firewall.
> > None are reporting anything odd except connections to unknown computers:
> > 192.168.100.1
> > 10.150.1.103
>
> Pop open mirc, and type:
> /dns 192.168.100.1
None of the 3 computers or the router use 192.168.100.1, also,
the router only assigns addresses in the 192.168.2.1-100 range.
192.168.100.1 doesn't respond to a PING, but 10.150.1.103 does.
I have confirmed 10.150.1.103 isn't part of the LAN, the ISP
probably uses it for somthing. The LAN addresses are:
192.168.2.1 (router)
192.168.2.30 (this one)
192.168.2.8
192.168.2.44
> and you should see yourself. Errr,, your computer's name, or something else
> you'd recognise.
>
> Those are both LAN addresses. I suspect the 192.168... is your computer or
> router, and the 10.150.. (unless it's you) is on your isp. Neither address
> should be on the internet, and you should firewall the following to/from the
> internet:
>
> 10.0.0.0 - 10.255.255.255
> 172.16.0.0 - 172.31.255.255
> 192.168.0.0 - 192.168.255.255
>
> Kat
>
>
|
Not Categorized, Please Help
|
|
