News ē UnrealEd ē Files ē Mods ē FragBU ē Liandri Archives
BeyondUnreal Forums

Go Back   BeyondUnreal Forums > Reviews > Nali City > Nali City - General Forums > Other Stuff

Reply
 
Thread Tools Display Modes
Old 2nd Feb 2004, 08:31 PM   #1
DigitalW
I see you...
 
DigitalW's Avatar
 
Join Date: Nov. 3rd, 2001
Location: Dislocated
Posts: 709
This Morning...

my wife was on the computer, and noticed that someone was searching through my C drive. Instead of coming to let me look she disconnected from the net and turned the computer off. She then booted back up and reconnected to the net. THEN she finally came and got me because the desktop internet shortcut's were'nt working.

Also I noticed clicking buttons, like the manage attachments button won't pop up the window unless I turn the firewalloff.

Can anyone tell me what this means?
Edit: This is what I get when clicking a desktop internet shortcut.
Attached Thumbnails
Click image for larger version

Name:	windowaccess.jpg
Views:	32
Size:	15.6 KB
ID:	72890  
__________________

Quote: roshis mammas so fat, she couldnt get the bent coathanger far enough up to perform the abortion that would have saved us all having to read this crap. Darth_Weasel

Last edited by DigitalW; 2nd Feb 2004 at 08:33 PM.
DigitalW is offline   Reply With Quote
Old 2nd Feb 2004, 08:45 PM   #2
StoneViper
you can call me Mike
 
StoneViper's Avatar
 
Join Date: Nov. 3rd, 2001
Location: N43į 03' 16" :::: W77į 36' 03"
Posts: 1,907
right click the file the shortcut points to and see if your username is in the list of permissions. i've have hackers remove admin permissions to files on my machine before.

edit]] user level permissions not share level permissions.
__________________
StoneViper is offline   Reply With Quote
Old 2nd Feb 2004, 08:57 PM   #3
DigitalW
I see you...
 
DigitalW's Avatar
 
Join Date: Nov. 3rd, 2001
Location: Dislocated
Posts: 709
actually, it's all internet shortcut's on my desktop.

also found that web links on the net wont work with the firewall up either. Just started doing that today. Like anytime one of you link to another page, I click on it and nothing happen's.
__________________

Quote: roshis mammas so fat, she couldnt get the bent coathanger far enough up to perform the abortion that would have saved us all having to read this crap. Darth_Weasel
DigitalW is offline   Reply With Quote
Old 2nd Feb 2004, 09:21 PM   #4
Dying_corpse
Registered User
 
Dying_corpse's Avatar
 
Join Date: May. 12th, 2002
Location: 73į 35' W 45į 30' N
Posts: 1,387
format c:
__________________
<Slimjim`> My parents caught me masturbating one day, and responded with making me a cake to celebrate my ascent into manhood. At the time I should have been "what the holy bejesusing ****" but instead I was like "hey, free cake."
Dying_corpse is offline   Reply With Quote
Old 2nd Feb 2004, 09:59 PM   #5
Rukee
Coffee overclocks the overclocker!!
 
Rukee's Avatar
 
Join Date: May. 15th, 2001
Location: Over here!!!
Posts: 6,642
I`ve been lucker then heck, haven`t picked up anything from the net sence the funlove virus.
__________________
"This is your life, good to the last drop. It doesn`t get any better then this, and it`s ending ~one minute at a time."
"Take care of your body, where else are you going to live"

My car ownz you!!
Restoration pictures password is 'GTO'
Rukee is offline   Reply With Quote
Old 2nd Feb 2004, 10:00 PM   #6
QUALTHWAR
Baitshop opening soon.
 
QUALTHWAR's Avatar
 
Join Date: Apr. 9th, 2000
Location: Nali City, Florida
Posts: 6,358
It almost sounds like they were messing with the settings for your firewall. Like maybe they were trying to upload or download something from your PC and wasn't having any luck, so they started messing with settings so they could. That or they were just trying to screw stuff up as much as possible.

I had somebody get on my machine like a year ago, and the good folks here told me to get a router. I bought a linksys router for about 10 bucks at best buy and that took care of the problem. I'm not running a firewall program anymore, just us the router as security. After using the router, i went to this site http://grc.com/intro.htm and all my connections to the PC showed up as Stealth. In other words, they were invisible as if they weren't even there.
__________________
Qualthwar: "Friends don't let friends map drunk."

Homer: "Marge, Iím pulling an all-nighter for my little girl. Put on a pot of coffee, drink it, and start making burgers."

A quitter never wins, and donít trust whitey.
QUALTHWAR is offline   Reply With Quote
Old 2nd Feb 2004, 10:01 PM   #7
QUALTHWAR
Baitshop opening soon.
 
QUALTHWAR's Avatar
 
Join Date: Apr. 9th, 2000
Location: Nali City, Florida
Posts: 6,358
You want to try the Shields Up and the Leak Test to check things.
__________________
Qualthwar: "Friends don't let friends map drunk."

Homer: "Marge, Iím pulling an all-nighter for my little girl. Put on a pot of coffee, drink it, and start making burgers."

A quitter never wins, and donít trust whitey.
QUALTHWAR is offline   Reply With Quote
Old 2nd Feb 2004, 10:48 PM   #8
SpiritWalker
Tattooed Beat Messiah / Prime Mover
 
SpiritWalker's Avatar
 
Join Date: Feb. 20th, 2002
Location: NC
Posts: 1,507
Quote:
Originally Posted by DigitalW
my wife was on the computer, and noticed that someone was searching through my C drive. Instead of coming to let me look she disconnected from the net and turned the computer off. She then booted back up and reconnected to the net. THEN she finally came and got me because the desktop internet shortcut's were'nt working.

Also I noticed clicking buttons, like the manage attachments button won't pop up the window unless I turn the firewalloff.

couple of questions for you;

What was happening when your wife saw someone searching.?? Most firewall/anti virus programs do a system scan on occasion

Are you on XP? and it's the XP firewall you have? I have tried taking that sucker apart.. hate it hate it hate it.
Either way.. just run a system restore if you are on XP (or ME.. but you have wayyyy to much taste for that don't you)


try
http://www.wilderssecurity.com/bhblaster.html

but first..

DL and run this.. post the log.. maybe we can see what's up.

http://www.spychecker.com/program/hijackthis.html
__________________
Copyright 2004 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
Acknowledgements

First off, I would like to thank myself for creating such a wonderful post, and being such a supportive
source of inspiration to myself. Thank you, me.


MCSE -Minesweeper Consultant & Solitaire Expert

A computer lets you make more mistakes faster than any other invention, with the possible exceptions of handguns and Tequilla.
SpiritWalker is offline   Reply With Quote
Old 3rd Feb 2004, 12:48 AM   #9
DigitalW
I see you...
 
DigitalW's Avatar
 
Join Date: Nov. 3rd, 2001
Location: Dislocated
Posts: 709
She said that she had just sat down, and was fixing to check her e-mail(web based MSN). Then she noticed that a window opened, and It looked like someone was searching for something.
All programs seem to work fine, I just can't use desktop internet shortcuts, or click on hyperlinks in web pages with the firewall running.

I use HiJackThis regularly, I'm running XP, and use procexp instead of taskmanager. I have Kerio firewall, AVG antivirus, Adaware 6. (Note: I hate Norton antivirus)
__________________

Quote: roshis mammas so fat, she couldnt get the bent coathanger far enough up to perform the abortion that would have saved us all having to read this crap. Darth_Weasel
DigitalW is offline   Reply With Quote
Old 3rd Feb 2004, 01:19 AM   #10
QUALTHWAR
Baitshop opening soon.
 
QUALTHWAR's Avatar
 
Join Date: Apr. 9th, 2000
Location: Nali City, Florida
Posts: 6,358
Is it possible it could be due to the latest virus:

W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip.

When a computer is infected, the worm sets up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.

In addition, the backdoor can download and execute arbitrary files.

There is a 25% chance that a computer infected by the worm will perform a Denial of Service (DoS) on February 1, 2004 starting at 16:09:18 UTC, which is also the same as 08:09:18 PST, based on the machine's local system date/time. If the worm does start the DoS attack, it will not mass mail itself. It also has a trigger date to stop spreading/DoS-attacking on February 12, 2004. While the worm will stop on February 12, 2004, the backdoor component will continue to function after this date.
__________________
Qualthwar: "Friends don't let friends map drunk."

Homer: "Marge, Iím pulling an all-nighter for my little girl. Put on a pot of coffee, drink it, and start making burgers."

A quitter never wins, and donít trust whitey.
QUALTHWAR is offline   Reply With Quote
Old 3rd Feb 2004, 01:20 AM   #11
QUALTHWAR
Baitshop opening soon.
 
QUALTHWAR's Avatar
 
Join Date: Apr. 9th, 2000
Location: Nali City, Florida
Posts: 6,358
feb 1st

denial of services

sounds like it!
__________________
Qualthwar: "Friends don't let friends map drunk."

Homer: "Marge, Iím pulling an all-nighter for my little girl. Put on a pot of coffee, drink it, and start making burgers."

A quitter never wins, and donít trust whitey.
QUALTHWAR is offline   Reply With Quote
Old 3rd Feb 2004, 01:24 AM   #12
QUALTHWAR
Baitshop opening soon.
 
QUALTHWAR's Avatar
 
Join Date: Apr. 9th, 2000
Location: Nali City, Florida
Posts: 6,358
after looking at what you have and reading the stuff from norton, i think it's very possible that this is your problem. however, i'll be the first to admit that i'm not an expert.

EDIT: Here's where i found the info:

http://securityresponse.symantec.com...varg.a@mm.html
__________________
Qualthwar: "Friends don't let friends map drunk."

Homer: "Marge, Iím pulling an all-nighter for my little girl. Put on a pot of coffee, drink it, and start making burgers."

A quitter never wins, and donít trust whitey.

Last edited by QUALTHWAR; 3rd Feb 2004 at 01:25 AM.
QUALTHWAR is offline   Reply With Quote
Old 3rd Feb 2004, 01:28 AM   #13
DigitalW
I see you...
 
DigitalW's Avatar
 
Join Date: Nov. 3rd, 2001
Location: Dislocated
Posts: 709
[QUOTE=QUALTHWAR]It almost sounds like they were messing with the settings for your firewall.QUOTE]

Taking this advice, I disabled the firewall....worked. d/led zone alarm for the time being, till I can figure out exactly what all they messed with.
Hope this does'nt happen to often. kinda sux...

Gonna check out that virus info as well....
edit:What kinda eases my mind is, me and my wife both use web based e-mail, and we never open attachments.
__________________

Quote: roshis mammas so fat, she couldnt get the bent coathanger far enough up to perform the abortion that would have saved us all having to read this crap. Darth_Weasel

Last edited by DigitalW; 3rd Feb 2004 at 01:38 AM.
DigitalW is offline   Reply With Quote
Old 3rd Feb 2004, 01:35 AM   #14
QUALTHWAR
Baitshop opening soon.
 
QUALTHWAR's Avatar
 
Join Date: Apr. 9th, 2000
Location: Nali City, Florida
Posts: 6,358
sounds like you have this new virus to me from everything you're telling me. i know you hate norton, but they have a fix for it. don't know if you can use it, or even want to use anything from them:

Removel tool:

http://securityresponse.symantec.com...oval.tool.html
__________________
Qualthwar: "Friends don't let friends map drunk."

Homer: "Marge, Iím pulling an all-nighter for my little girl. Put on a pot of coffee, drink it, and start making burgers."

A quitter never wins, and donít trust whitey.
QUALTHWAR is offline   Reply With Quote
Old 3rd Feb 2004, 01:39 AM   #15
DigitalW
I see you...
 
DigitalW's Avatar
 
Join Date: Nov. 3rd, 2001
Location: Dislocated
Posts: 709
Yea I'm running it now just to check...

Edit: say's it was'nt found on the computer, i'll try again later just to be sure...
__________________

Quote: roshis mammas so fat, she couldnt get the bent coathanger far enough up to perform the abortion that would have saved us all having to read this crap. Darth_Weasel

Last edited by DigitalW; 3rd Feb 2004 at 01:48 AM.
DigitalW is offline   Reply With Quote
Old 3rd Feb 2004, 01:47 AM   #16
QUALTHWAR
Baitshop opening soon.
 
QUALTHWAR's Avatar
 
Join Date: Apr. 9th, 2000
Location: Nali City, Florida
Posts: 6,358
good luck. viruses suck
__________________
Qualthwar: "Friends don't let friends map drunk."

Homer: "Marge, Iím pulling an all-nighter for my little girl. Put on a pot of coffee, drink it, and start making burgers."

A quitter never wins, and donít trust whitey.
QUALTHWAR is offline   Reply With Quote
Old 3rd Feb 2004, 01:49 AM   #17
DigitalW
I see you...
 
DigitalW's Avatar
 
Join Date: Nov. 3rd, 2001
Location: Dislocated
Posts: 709
LOL, edited above post....
and, I appreciate everyones help....
__________________

Quote: roshis mammas so fat, she couldnt get the bent coathanger far enough up to perform the abortion that would have saved us all having to read this crap. Darth_Weasel
DigitalW is offline   Reply With Quote
Old 3rd Feb 2004, 12:56 PM   #18
QUALTHWAR
Baitshop opening soon.
 
QUALTHWAR's Avatar
 
Join Date: Apr. 9th, 2000
Location: Nali City, Florida
Posts: 6,358
If you donít have a virus, thatís great. It was just suspicious for several reasons: You talk about it looking like somebody was doing something while you (or your wife) was just sitting there, and the virus is supposed to open ports and sent out stuff on its own. You mention not being able to open stuff up and the virus is supposed to do some sort of denial of services. Then you just start having a problem now, and the virus is supposed to activate about now. Put all that together and it sounded like a good possibility.
__________________
Qualthwar: "Friends don't let friends map drunk."

Homer: "Marge, Iím pulling an all-nighter for my little girl. Put on a pot of coffee, drink it, and start making burgers."

A quitter never wins, and donít trust whitey.
QUALTHWAR is offline   Reply With Quote
Old 3rd Feb 2004, 10:15 PM   #19
DigitalW
I see you...
 
DigitalW's Avatar
 
Join Date: Nov. 3rd, 2001
Location: Dislocated
Posts: 709
That's scary.....

So far everything is back to normal with the new firewall. Though I don't like it too much.

Something else I did'nt realize was, when me and my brother play online together, I use No-Ip duc, but when we are not playing I cut it off. I realized that it was still up from a week ago, hidden in the taskbar. Probably an easy way for a hacker to keep coming back to my IP.
__________________

Quote: roshis mammas so fat, she couldnt get the bent coathanger far enough up to perform the abortion that would have saved us all having to read this crap. Darth_Weasel
DigitalW is offline   Reply With Quote
Old 3rd Feb 2004, 10:39 PM   #20
Skorch
Banned
 
Skorch's Avatar
 
Join Date: Feb. 5th, 2000
Posts: 1,826
Quote:
Originally Posted by QUALTHWAR
You want to try the Shields Up and the Leak Test to check things.

did it, got this:

Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.


And this:

Your system has achieved a perfect "TruStealth" rating. Not a single packet ó solicited or otherwise ó was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

Skorch is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 09:23 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.

Copyright ©1998 - 2012, BeyondUnreal, Inc.
Privacy Policy | Terms of Use
Bandwidth provided by AtomicGamer