1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Two Factor Authentication is now available on BeyondUnreal Forums. To configure it, visit your Profile and look for the "Two Step Verification" option on the left side. We can send codes via email (may be slower) or you can set up any TOTP Authenticator app on your phone (Authy, Google Authenticator, etc) to deliver codes. It is highly recommended that you configure this to keep your account safe.

This Morning...

Discussion in 'Other Stuff' started by digital-warrior, Feb 2, 2004.

  1. digital-warrior

    digital-warrior Awake...

    Joined:
    Nov 3, 2001
    Messages:
    732
    Likes Received:
    0
    my wife was on the computer, and noticed that someone was searching through my C drive. Instead of coming to let me look she disconnected from the net and turned the computer off. She then booted back up and reconnected to the net. THEN she finally came and got me because the desktop internet shortcut's were'nt working.

    Also I noticed clicking buttons, like the manage attachments button won't pop up the window unless I turn the firewalloff.

    Can anyone tell me what this means?
    Edit: This is what I get when clicking a desktop internet shortcut.
     

    Attached Files:

    Last edited by a moderator: Feb 2, 2004
  2. StoneViper

    StoneViper you can call me Mike

    Joined:
    Nov 3, 2001
    Messages:
    1,907
    Likes Received:
    0
    right click the file the shortcut points to and see if your username is in the list of permissions. i've have hackers remove admin permissions to files on my machine before.

    edit]] user level permissions not share level permissions.
     
  3. digital-warrior

    digital-warrior Awake...

    Joined:
    Nov 3, 2001
    Messages:
    732
    Likes Received:
    0
    actually, it's all internet shortcut's on my desktop.

    also found that web links on the net wont work with the firewall up either. Just started doing that today. Like anytime one of you link to another page, I click on it and nothing happen's.
     
  4. Dying_corpse

    Dying_corpse New Member

    Joined:
    May 12, 2002
    Messages:
    1,386
    Likes Received:
    0
    format c:
     
  5. Rukee

    Rukee Coffee overclocks the overclocker!!

    Joined:
    May 15, 2001
    Messages:
    6,644
    Likes Received:
    0
    I`ve been lucker then heck, haven`t picked up anything from the net sence the funlove virus.
     
  6. QUALTHWAR

    QUALTHWAR Baitshop opening soon.

    Joined:
    Apr 9, 2000
    Messages:
    6,394
    Likes Received:
    4
    It almost sounds like they were messing with the settings for your firewall. Like maybe they were trying to upload or download something from your PC and wasn't having any luck, so they started messing with settings so they could. That or they were just trying to screw stuff up as much as possible.

    I had somebody get on my machine like a year ago, and the good folks here told me to get a router. I bought a linksys router for about 10 bucks at best buy and that took care of the problem. I'm not running a firewall program anymore, just us the router as security. After using the router, i went to this site http://grc.com/intro.htm and all my connections to the PC showed up as Stealth. In other words, they were invisible as if they weren't even there.
     
  7. QUALTHWAR

    QUALTHWAR Baitshop opening soon.

    Joined:
    Apr 9, 2000
    Messages:
    6,394
    Likes Received:
    4
    You want to try the Shields Up and the Leak Test to check things.
     
  8. SpiritWalker

    SpiritWalker Tattooed Beat Messiah / Prime Mover

    Joined:
    Feb 20, 2002
    Messages:
    1,493
    Likes Received:
    0

    couple of questions for you;

    What was happening when your wife saw someone searching.?? Most firewall/anti virus programs do a system scan on occasion

    Are you on XP? and it's the XP firewall you have? I have tried taking that sucker apart.. hate it hate it hate it.
    Either way.. just run a system restore if you are on XP (or ME.. but you have wayyyy to much taste for that don't you:))


    try
    http://www.wilderssecurity.com/bhblaster.html

    but first..

    DL and run this.. post the log.. maybe we can see what's up.

    http://www.spychecker.com/program/hijackthis.html
     
  9. digital-warrior

    digital-warrior Awake...

    Joined:
    Nov 3, 2001
    Messages:
    732
    Likes Received:
    0
    She said that she had just sat down, and was fixing to check her e-mail(web based MSN). Then she noticed that a window opened, and It looked like someone was searching for something.
    All programs seem to work fine, I just can't use desktop internet shortcuts, or click on hyperlinks in web pages with the firewall running.

    I use HiJackThis regularly, I'm running XP, and use procexp instead of taskmanager. I have Kerio firewall, AVG antivirus, Adaware 6. (Note: I hate Norton antivirus)
     
  10. QUALTHWAR

    QUALTHWAR Baitshop opening soon.

    Joined:
    Apr 9, 2000
    Messages:
    6,394
    Likes Received:
    4
    Is it possible it could be due to the latest virus:

    W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip.

    When a computer is infected, the worm sets up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.

    In addition, the backdoor can download and execute arbitrary files.

    There is a 25% chance that a computer infected by the worm will perform a Denial of Service (DoS) on February 1, 2004 starting at 16:09:18 UTC, which is also the same as 08:09:18 PST, based on the machine's local system date/time. If the worm does start the DoS attack, it will not mass mail itself. It also has a trigger date to stop spreading/DoS-attacking on February 12, 2004. While the worm will stop on February 12, 2004, the backdoor component will continue to function after this date.
     
  11. QUALTHWAR

    QUALTHWAR Baitshop opening soon.

    Joined:
    Apr 9, 2000
    Messages:
    6,394
    Likes Received:
    4
    feb 1st

    denial of services

    sounds like it!
     
  12. QUALTHWAR

    QUALTHWAR Baitshop opening soon.

    Joined:
    Apr 9, 2000
    Messages:
    6,394
    Likes Received:
    4
    Last edited: Feb 3, 2004
  13. digital-warrior

    digital-warrior Awake...

    Joined:
    Nov 3, 2001
    Messages:
    732
    Likes Received:
    0
     
    Last edited by a moderator: Feb 3, 2004
  14. QUALTHWAR

    QUALTHWAR Baitshop opening soon.

    Joined:
    Apr 9, 2000
    Messages:
    6,394
    Likes Received:
    4
  15. digital-warrior

    digital-warrior Awake...

    Joined:
    Nov 3, 2001
    Messages:
    732
    Likes Received:
    0
    Yea I'm running it now just to check...

    Edit: say's it was'nt found on the computer, i'll try again later just to be sure...
     
    Last edited by a moderator: Feb 3, 2004
  16. QUALTHWAR

    QUALTHWAR Baitshop opening soon.

    Joined:
    Apr 9, 2000
    Messages:
    6,394
    Likes Received:
    4
    good luck. viruses suck
     
  17. digital-warrior

    digital-warrior Awake...

    Joined:
    Nov 3, 2001
    Messages:
    732
    Likes Received:
    0
    LOL, edited above post....
    and, I appreciate everyones help....:)
     
  18. QUALTHWAR

    QUALTHWAR Baitshop opening soon.

    Joined:
    Apr 9, 2000
    Messages:
    6,394
    Likes Received:
    4
    If you don’t have a virus, that’s great. It was just suspicious for several reasons: You talk about it looking like somebody was doing something while you (or your wife) was just sitting there, and the virus is supposed to open ports and sent out stuff on its own. You mention not being able to open stuff up and the virus is supposed to do some sort of denial of services. Then you just start having a problem now, and the virus is supposed to activate about now. Put all that together and it sounded like a good possibility.
     
  19. digital-warrior

    digital-warrior Awake...

    Joined:
    Nov 3, 2001
    Messages:
    732
    Likes Received:
    0
    That's scary.....

    So far everything is back to normal with the new firewall. Though I don't like it too much.

    Something else I did'nt realize was, when me and my brother play online together, I use No-Ip duc, but when we are not playing I cut it off. I realized that it was still up from a week ago, hidden in the taskbar. Probably an easy way for a hacker to keep coming back to my IP.
     
  20. Skorch

    Skorch Banned

    Joined:
    Feb 5, 2000
    Messages:
    1,818
    Likes Received:
    0

    did it, got this:

    Your Internet port 139 does not appear to exist!
    One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
    Unable to connect with NetBIOS to your computer.
    All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.


    And this:

    Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

    ;)
     

Share This Page