FileFront Forums
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page

FileFront Forums (http://forums.filefront.com/)
-   General Gaming (http://forums.filefront.com/general-gaming-384/)
-   -   I'm really pissed off this week! My computer has been invaded by SpyWare! (http://forums.filefront.com/general-gaming/20172-im-really-pissed-off-week-my-computer-has-been-invaded-spyware.html)

Enigmatic Shade March 26th, 2000 11:45 AM
Awhile back a friend of mine thought he was going to be real cool and send my a little trojan. It was some program that allows him to control my computers funcitons remotly from his computer, so basicly he used me a server and (i unknowingly) installed alittle remote program. This thing was pretty clever and didnt show up as running at all untill i was running a shell program and it showed this window running that was just titled with a bunch of random seeming numbers. I tried to close it and it crashed my computer. So when i rebooted i ran Spy++ (heh : )) and found where the source of that window was. It was a file called MSREXE.exe or sumthin and i had to unclick some stuff in properties, reboot to dos, delete it, reboot to windows, rem out the command in my win.ini that loaded it. Well i told my friend all this and he found out that the remote was on his computer, and consequntly he had to tell like 20 other people how to remove that and no one else had figured it out but me i guess. oh well

Danziger March 26th, 2000 12:26 PM
Moosoft... makers of The Cleaner... finds and cleans Trojans

Well, I tried that one, and Trojan Defense Suite... and nothing came up. No Trojans found... whoo-hoo! I think it's gone, but my system will never feel the same again (it feels a bit faster, though, when I'm online... that's because of the Network tweaking, though, and upgrading to Netscape 4.72).

Danziger :^)

[This message has been edited by Danziger (edited 03-26-2000).]

Danziger March 26th, 2000 01:18 PM
Oh yeah... sleep would be nice.

Danziger :^)

KingCobra_ March 26th, 2000 04:03 PM
No,no,no BEWARE of Sub7. Its one bad ass trogan that can alter between ports each time you connect. Its raked to be the worse case, due to its easy use. I have Sub7 right now. I just use it on friends http://www.voodooextreme.com/forums/smile.gif

Danziger March 27th, 2000 11:22 AM
http://www.nohack.net/sub7.html

This link supposedly removes the Sub7 trojan.

I tried going to Moosoft's website, but it seems to be down.

Danziger :^)

P.S. Is it just me, or has Voodoo Extreme's server been slow lately... to connect, not to download all the gif's, jpegs, html... etc.


[This message has been edited by Danziger (edited 03-27-2000).]

KingCobra_ March 27th, 2000 12:08 PM
That hack will only get rid of a reg setup Sub7 server. I use non-standered setup which makes it a bitch to find. It all depends on if the hacker is a Lamer or more advanced http://www.voodooextreme.com/forums/smile.gif

Danziger March 27th, 2000 07:49 PM
http://www.webtrends.com/products/wsa/

Has anybody tried Webtrends Security Analyzer?

Danziger :^)

howdyDoDee April 2nd, 2000 08:00 AM
ZoneAlarm is the ONLY firewall you need!!!!

nytcrawlr April 2nd, 2000 09:04 AM
Your NETBios port 139 is a very touchy matter indeed. Even if an attacker can't share your resources directly through your shares, there is a little thing Micro$oft forgets to tell people thats in Windows NT called your Interprocesses Share (IPC). Its a hidden share, but I'm not going into detail into how to connect to it. An attacker can connect to this share directly most times bypassing any NETBios protection you have. Once connected a simple netstat easily confirms whether or not your on. At this point all of the "target"'s shares can be viewed and consequently mapped to, allowing access to your machine. There are two things I would do to help prevent this.

1) Password protect ALL your shares, even if your only on home network. This can make the difference on whether your attacked or you just piss of the attacker and they leave.

2) Open regedt32 and goto the following:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA

Choose edit | Add Value and enter the following data:

Value Name: RestrictAnonymous
Data Type: REG_DWORD
Value: 1

Exit the Registry Editors and restart the computer for the change to take effect.

Believe it or not this key doesn't actually block anonymous connections, but it should prevent most of the information leaks that are inherent with a null connection, such as the viewing of share names.

Remember no one is ever 100% safe, but this should protect you from majority of c0de kiddies out there. If though you have something on your machine that someone wants, with time and patience you could break into anything. Hope this helps all. Later!

-nyt

Danziger April 2nd, 2000 09:20 AM
Here's more network discipline for WinNT.

http://grc.com/su-rebindingnt.htm

This *should* close all your NetBIOS ports on WinNT.

Danziger :^)


All times are GMT -7.
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page

Powered by vBulletin®
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.