Re: [OT] Re: VERY strange problem? HELP!
- Posted by CoJaBo <cojabo at suscom.net> Jun 28, 2004
- 482 views
Al Getz wrote: > > CoJaBo wrote: > > Yes, I know. The cracker wasn't too happy when I decoded that > > and posted "What do you mean "I am the end!"?"! > > Also the strangest value ?time() displayed (-3812688), when > > you remove the '-' and convert it into hexadecimal, it is the ASCII > > code for ""! This is where I got "54484520454E44" to call the > > cracker, I don't even know what the cracker actually wants to be called. > > > > I get hit about once per week too so i know the problems that can > come up. > > I've had all kinds of funny stuff going on...from installing > 'toolbars' in my IE to deleting programs. The desktop compuyter gets a "toolbar" installing itself at least monthly, so I run a scan every week, it has never found less than 10 things... > > One time i went to open a simple text file using Notepad and > got the error message something like > "Unable to open file, cant find Notepad.exe" > Now why on earth would a web site want to delete your Notepad???? That happend to me, I had to copy it from another computer. > > A little investigation turned up a program that was installed > overtop of Notepad (theirs) but when they deleted Notepad versions > (which BTW were in about three directories which they had to hunt down > to accomplish) they forgot to reinstall THEIR program in that one > directory...which happend to be the one that was called to open > the text file. If it wasnt for that, THEIR replacement file would > have ran on my machine and who knows that else from there > > I also found that they also replaced the Windows media player, and > during the time of the attack the were able to stop the firewall > log from recording transactions! There was a void in the times > between which they were doing this attack. I think somone messed up my logs too, it says that 64.224.18.21 did a ddK`~~soWlyyyy attack at 12:00 AM 06/88/1900 which makes no sense at all! 64.224.18.21 appears to be a webserver, and the router reports no communication with 64.224.18.21. > > This wasnt the first time and i know it wont be the last. > I dont know what they think they will accomplish, but it > wont be a heck of a lot! Even if my comp goes down it's not > going to do any good for them right? Well, mine was once used to launch an attack on thesims.ea.com BBS, slowing my internet connection down quite a bit untill I found out what was happenning (which, unfortunatly, was after they had banned me, and none of the tech support links work...). > > I've developed some software to deal with these idiots over > the years, but unfortunately this is a catch-as-catch-can > situation--if i post anything to the web and it gets learned > by would-be attackers, that makes it less effective for me. > > I've even considered posting .exe versions of the software, > but once it gets into the wrong hands it allows experimentation > with what passes undetected and what doesnt--so it's effectiveness > still declines. > > Only thing i can say is run a virus detector of some kind. > > Take care and good luck with it, > Al > > > And, good luck with your Euphoria programming! > > My bumper sticker: "I brake for LED's" >