114016

March 26th, 2000 11:45 AM

Awhile back a friend of mine thought he was going to be real cool and send my a little trojan. It was some program that allows him to control my computers funcitons remotly from his computer, so basicly he used me a server and (i unknowingly) installed alittle remote program. This thing was pretty clever and didnt show up as running at all untill i was running a shell program and it showed this window running that was just titled with a bunch of random seeming numbers. I tried to close it and it crashed my computer. So when i rebooted i ran Spy++ (heh : )) and found where the source of that window was. It was a file called MSREXE.exe or sumthin and i had to unclick some stuff in properties, reboot to dos, delete it, reboot to windows, rem out the command in my win.ini that loaded it. Well i told my friend all this and he found out that the remote was on his computer, and consequntly he had to tell like 20 other people how to remove that and no one else had figured it out but me i guess. oh well

114017

March 26th, 2000 12:26 PM

Moosoft... makers of The Cleaner... finds and cleans Trojans

Well, I tried that one, and Trojan Defense Suite... and nothing came up. No Trojans found... whoo-hoo! I think it's gone, but my system will never feel the same again (it feels a bit faster, though, when I'm online... that's because of the Network tweaking, though, and upgrading to Netscape 4.72).

Danziger :^)

[This message has been edited by Danziger (edited 03-26-2000).]

114018

March 26th, 2000 01:18 PM

Oh yeah... sleep would be nice.

Danziger :^)

114019

KingCobra_

March 26th, 2000 04:03 PM

No,no,no BEWARE of Sub7. Its one bad ass trogan that can alter between ports each time you connect. Its raked to be the worse case, due to its easy use. I have Sub7 right now. I just use it on friends

114020

March 27th, 2000 11:22 AM

http://www.nohack.net/sub7.html

This link supposedly removes the Sub7 trojan.

I tried going to Moosoft's website, but it seems to be down.

Danziger :^)

P.S. Is it just me, or has Voodoo Extreme's server been slow lately... to connect, not to download all the gif's, jpegs, html... etc.


[This message has been edited by Danziger (edited 03-27-2000).]

114021

KingCobra_

March 27th, 2000 12:08 PM

That hack will only get rid of a reg setup Sub7 server. I use non-standered setup which makes it a bitch to find. It all depends on if the hacker is a Lamer or more advanced

114022

March 27th, 2000 07:49 PM

http://www.webtrends.com/products/wsa/

Has anybody tried Webtrends Security Analyzer?

Danziger :^)

114023

howdyDoDee

April 2nd, 2000 08:00 AM

ZoneAlarm is the ONLY firewall you need!!!!

114024

nytcrawlr

April 2nd, 2000 09:04 AM

Your NETBios port 139 is a very touchy matter indeed. Even if an attacker can't share your resources directly through your shares, there is a little thing Micro$oft forgets to tell people thats in Windows NT called your Interprocesses Share (IPC). Its a hidden share, but I'm not going into detail into how to connect to it. An attacker can connect to this share directly most times bypassing any NETBios protection you have. Once connected a simple netstat easily confirms whether or not your on. At this point all of the "target"'s shares can be viewed and consequently mapped to, allowing access to your machine. There are two things I would do to help prevent this.

1) Password protect ALL your shares, even if your only on home network. This can make the difference on whether your attacked or you just piss of the attacker and they leave.

2) Open regedt32 and goto the following:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA

Choose edit | Add Value and enter the following data:

Value Name: RestrictAnonymous
Data Type: REG_DWORD
Value: 1

Exit the Registry Editors and restart the computer for the change to take effect.

Believe it or not this key doesn't actually block anonymous connections, but it should prevent most of the information leaks that are inherent with a null connection, such as the viewing of share names.

Remember no one is ever 100% safe, but this should protect you from majority of c0de kiddies out there. If though you have something on your machine that someone wants, with time and patience you could break into anything. Hope this helps all. Later!

-nyt

114025

April 2nd, 2000 09:20 AM

Here's more network discipline for WinNT.

http://grc.com/su-rebindingnt.htm

This *should* close all your NetBIOS ports on WinNT.

Danziger :^)