my computer infected? - dslreports.com

Author	All Replies
VerumEst join:2002-05-09 Daly City, CA	my computer infected? i just got this from norton alert Details: Attempted Intrusion "MSSQL_Null_Packet_DoS" from your machine against 80.203.67.163 was detected and blocked Intruder: my ip 49152) Risk Level: Low Protocol: TCP Attacked IP: 80.203.67.163 Attacked Port: ms-sql-s(1433) How can i prevent this happening again?. My ip havent changed for like 2years. -- 17inch TFT5000, Epoc 8k7a, 1600XP+ @ 2300XP+, WaterCooler, 60HDD, ATI 9800 Pro 128MB DDR
	to forum · permalink · · 2004-07-03 14:30:49 ·
Cudni La Merma - Vigilado Premium,MVM join:2003-12-20 Someshire	see »[AL] Got no support when I called about an IDS attack Is your machine fully scanned and patched? useful guide »Security »I think my computer is infected or hijacked. What should I do? Cudni -- Would you Adam and Eve it? Help yourself so God can help you..it does exactly what it says on the sig
	to forum · permalink · · 2004-07-03 16:26:52 ·
NetFixer Freedom is NOT Free Premium join:2004-06-24 Murfreesboro, TN ·AT&T Southeast ·Vonage ·Cingular Wireless ·AT&T CallVantage 1 edit	reply to VerumEst It looks as if you may be infected with some variant of an MSSQL Worm. Luckily your firewall seems to have stopped it from using your PC to launch an attack. I would suggest that you go through the steps at I think my computer is infected or hijacked. What should I do? and report back the results if you are unable to remove this malware using those procedures. OOPS! My old fingers are getting a bit slow, it seems that cudni sent you the same advice while I was typing.
	to forum · permalink · · 2004-07-03 16:32:56 ·
VerumEst join:2002-05-09 Daly City, CA 1 edit	reply to VerumEst online virus scanner didnt detect anything tds-3 = no virus spybot = nothing serious trojan hunter = nothing Logfile of HijackThis v1.98.0 Scan saved at 11:37:09 PM, on 7/3/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\The Cleaner\tca.exe C:\Program Files\The Cleaner\tcm.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\VCool\VCool.exe C:\Program Files\MYIE2\MyIE.exe C:\Program Files\TDS3\tds-3.exe C:\WINDOWS\msagent\AgentSvr.exe C:\Program Files\MYIE2\MyIE.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\r00t\LOCALS~1\Temp\Rar$EX00.576\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O1 - Hosts: 64.91.255.87 www.dcsresearch.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE O4 - Startup: VCool.lnk = C:\Program Files\VCool\VCool.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Download All by FlashGet - C:\FlashGet\jc_all.htm O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: Download using FlashGet - C:\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - »pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - »www.fileplanet.com/fpdlmgr/cabs/···0_42.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - »a1540.g.akamai.net/7/1540/52/200···ller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - »security.symantec.com/sscv6/Shar···absa.cab O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - »support.vugames.com/betasubmissi···o/Si.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - »a840.g.akamai.net/7/840/537/2004···an53.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - »www3.ca.com/securityadvisor/viru···scan.cab O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - »pcpitstop.com/mhLbl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - »www.pandasoftware.com/activescan···inst.cab O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - »everquest2.station.sony.com/beta···info.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - »us.dl1.yimg.com/download.yahoo.c···lete.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - »security.symantec.com/sscv6/Shar···absa.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - »https://www-secure.symantec.com/techsupp···Data.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - »ax.phobos.apple.com.edgesuite.ne···ctor.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - »https://www-secure.symantec.com/techsupp···Data.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - »download.mcafee.com/molbin/iss-l···scan.cab -- 17inch TFT5000, Epoc 8k7a, 1600XP+ @ 2300XP+, WaterCooler, 60HDD, ATI 9800 Pro 128MB DDR
	to forum · permalink · · 2004-07-04 03:02:13 ·
spamd Premium join:2001-04-22 Rockford, IL ·Insight Communicat..	reply to VerumEst Let me guess.. You are running Norton Personal Firewall? If this is correct then you have nothing to worry about. Norton is just informing you that someone "Attempted" an Intrusion, and that Norton "BLOCKED" the attack. Everything is ok no need to panic. Try reading the help file from Norton.
	to forum · permalink · · 2004-07-04 03:26:41 ·
VerumEst join:2002-05-09 Daly City, CA	it came from me tho..
	to forum · permalink · · 2004-07-04 04:13:32 ·
NetFixer Freedom is NOT Free Premium join:2004-06-24 Murfreesboro, TN ·AT&T Southeast ·Vonage ·Cingular Wireless ·AT&T CallVantage	reply to VerumEst Looking at the HijackThis log, I do not see anything that I would suspect would cause your PC to try to execute a 'MSSQL_Null_Packet_DoS' exploit. It would have helped if the norton alert had pointed to the application which originated the exploit. If you had a browser window open when this happened, perhaps the page you were displaying had some imbedded code which was attempting to use your PC as a proxy. If this was a one-time thing, then it is probably nothing to worry about, if it is a recurring event, then you may need to dig a bit deeper to find the source.
	to forum · permalink · · 2004-07-04 14:36:29 ·
VerumEst join:2002-05-09 Daly City, CA	well, did some testing and opening bt tornado cause the 'MSSQL_Null_Packet_DoS'
	to forum · permalink · · 2004-07-04 17:14:26 ·


Friday, 27-Nov 22:41:13	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF