Am i in deep doodoo?

[Goat Fucker]

The last month or so, my connection has been doing strange stuff, it seems its sending something every now and then, im afraid i may have a Trojan problem.

How do i find out if this is indeed true, is there any way to reveal the little f<b></b>ucker if it is indeed present?

Allso, more disturbingly, often when i access a page with anti EU or UN material, my system locks up for no apparent reason, even Ctrl+Alt+Del wont work, i dont like this one bit!

Stuff that displays in my Ctrl+Alt+Del screen:

Explorer (duh)
Lgevntrt
Point 32 (my mouse)
Mswheel (more mouse stuff)
Autochk
Aptezbp
Systray (duh)
Rnaapp

Allot of this i have no clue what is, Rnaapp i'we had for some time, but Autochk, Lgevntrt and Aptezbp are new

 

[DarkBls]

You can add process under any Win9x OS (Don't ask why I know that).

So ctrl+alt+del may cannot help you.

The best you can do is to install a firewall.

Take a look at all run run once etc microsoft resitry keys too. It may help.

But there are so many way to start a program everytime you start your os...

 

[Goat Fucker]

Many of thease things now attaches themselves to common programs, witch means we are all in trouble, without hax0ring youre entire system, you may never find them, and even if you do, theres no seartainty that you will find them.

I hope this is nothing more than my modem beeing an old POS, and Winblows just beeing winblows, but i want to be sure.

 

[RogueLeader]

First of all try a virus scanner they detect trojans. If you don't want to do that, goto Run and type "regedit"
Goto HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion

Under that you will find 3 folders, Run, RunOnce, RunOnceEx.
Anything in there runs on startup and will run trojans. Some, like Netbus, will simply say, Netbus, so they are easy to find. But Back Orifice can change its name. You should delete anything you don't recognize or arn't sure about to be on the same side.
Then reboot.

 

[Goat Fucker]

Problem is Rogue, i know Jack and S<b></b>hit about what should be in there, and Jack was just run over by a bus.

Does anyone know where to find a list of what should be there and what shouldent?

I hope this doesent mean that i will have to reinstall everything, i dont have a CD-R drive, so i will loose so much good stuff

 

[RogueLeader]

List what's there and I'll tell you what should be there.

I think that actually nothing there is essential, so you shouldn't worry about messing things up.

 

[Goat Fucker]

Ok, heres the list of "RUN".

(Standard)
AEZBProc
Configsafe
ESSolo
job-oversigt
LEGVENTRT
Loadpowerprofile
POINTER
Skan-Registreringsdatabase
SystemTray
TIPS

Heres whats in RUNonce\Dialer

(Standard)
Maindir
PRODUCT TITLE
TEMP

And heres the contents of RunonceEX

(Standard)

 

[Zundfolge]

You can get a free firewall program...

either here (this one is highly recommended by the guy at www.grc.com )
http://www.zonealarm.com/products/za/index.html

or here (this is the one I use)
http://www.sygate.com/free/spf_download.htm

 

[RogueLeader]

I don't suggest using ZoneAlarm.

I hate firewalls that set permissions based on programs.

 

[SuperDudeMan]

ICQ me at 120967583, I'll either clean your registry or give you a best firewall

 

[DarkBls]

Best dynamic firewall for me is the ore of @guard known nown as Internet personal firewall (norton).

Of course if you use only some port you can install a static one...

 

[AtomicAxis]

Dont get nervous goat but you could also have a bot. They are used as dumb programs that sit on your machine and when the bots master wants to he can get it to ping a server. They usually have thousands of these sitting on different PCs. These are used for DOS attacks. They dont do anything to the host machine tho they just ping large packets.

To see if you have a bot type this in a DOS window:

netstat -an | find ":6667"

if nothing is displayed then you dont have an IRC bot. If something similar to this is displayed

TCP 192.168.1.101:1026 70.13.215.89:6667 ESTABLISHED

You have one.

Try this one as well.

netstat -an | find ":113 "
blank line indicates nothing.

Just make sure that IRC is NOT running when you do these.

These commands are only for IRC Zombies/Bots. I posted this link about 2 months ago but this is where I got this info from and it is a very interesting read.....

www.grc.com

Just something to check. Probably unlikely that you will have a Zombie/Bot

 

[Zundfolge]

Make sure you don't have IRC on when you do the netstat or it will show up.

Go here and get the 30 day trial of AVX (it's the virus progie I use)
ftp://ftp.centralcommand.com/avedesktop/setupavepro.exe

 

[EndlessInfinity]

dude if your really worried about someone fookin with your system if you get a virus checker (this is if the guy says that he will toast your system if you get a virus checker/firewall) just do the most logical thing. Pester a friend to get a virus checker on a disc, then unhook your system from the net. Just hunt for the virus/worm/troj offline. Sorry if this doesn't apply to you, but you never know - in certain situations you might not think of the most reasonable path of action.

 

[funkstylz]

Explorer (duh) - Yes
Lgevntrt - Dunno...third part stuff. Do you have any LG hardware?
Point 32 (my mouse) - Yes
Mswheel (more mouse stuff) - Obvious
Autochk - Windows stuff...it's both harmless and useless
Aptezbp - Aptiva EZ buttons Software...Harmless
Systray (duh) - Yup
Rnaapp - Your Dialup software.

You have an Aptiva...or an Aptiva Keyboard. Good for you old chap, what model?! Have you run a virus checker that was updated 60 years before??

 

[Hadmar]

Mswheel (more mouse stuff) - Obvious

Maybe to obvious... I have a Intellymouse Explorer and the Point32 is normal but I don't have the Mswheel...

However, it's not so hard to hide a prog from the CTRL-ALT-DEL window so I doubt that this is the problem. BTW, I suggest the use of Sinfo. It's much better then the wannabee Task Manager from 9x

Maybe you have a Spyware problem, try Ad-aware.

And Rogue, I don't have any problems with ZoneAlarm. It works fine.