Re: A super trojan? - dslreports.com

Author	All Replies
kpatz MY HEAD A SPLODE Premium join:2003-06-13 Manchester, NH	reply to zmaugy Re: A super trojan? zmaugy , »Security »I think my computer is infected or hijacked. What should I do? How did you determine that your system is calling that IP? Zone Alarm? Netstat? I suggest following the steps above and post a Hijack This log. -- Robert Tappan Morris, Jr., got six months in jail for crashing 10% of the computers that Bill Gates made $100 million crashing last weekend.
	to forum · permalink · · 2004-07-12 08:28:32 ·
zmaugy join:2003-05-24 Slovenia 1 edit	Zone alarm. And my IE is not hijacked and the system is always patched, AV (NAV2004) is always updated, from time to time the system is checked with KAV 4.5 on demand, system is Spybot1.3 immunized and checked, running from behind a router with stateful packet inspection, also ZaPRO is installed and running - every application has to ask to connect (except IE6, OE6, NAV2004, ZaPRO). The only pages I'm surfing with the machine is my ISP's webmail, no other than business software is running. How the hell could I be infected? And my ISP checks email for viruses... -- French fries.
	to forum · permalink · · 2004-07-12 08:37:22 ·
kpatz MY HEAD A SPLODE Premium join:2003-06-13 Manchester, NH	Did Zone Alarm say what application was hitting that IP? As mentioned here: »www.geocities.com/technofundo/te···fip.html quote: Class D - This is a class meant for multicasting only, for sending multicast messages to other groups of host machines. First Octet - - The first octet is between 224 to 239. (Starts with binary bits - 1110). The class D is a special purpose reserved class, and addresses in this range are not assigned as IP addresses on an IP network, including Internet. In other words, 239.255.255.250 isn't even a routable address on the Internet. -- Robert Tappan Morris, Jr., got six months in jail for crashing 10% of the computers that Bill Gates made $100 million crashing last weekend.
	to forum · permalink · · 2004-07-12 08:45:28 ·
zmaugy join:2003-05-24 Slovenia	said by kpatz : Did Zone Alarm say what application was hitting that IP? Generic host process for win32 services. And it's logged only when automatic lock on ZA is turned on. -- French fries.
	to forum · permalink · · 2004-07-12 08:51:44 ·
kpatz MY HEAD A SPLODE Premium join:2003-06-13 Manchester, NH	said by zmaugy : Generic host process for win32 services. And it's logged only when automatic lock on ZA is turned on. Bingo... when ZA is locked, it blocks all traffic. Windows uses TCP/IP internally for certain interprocess communication (this traffic never goes out over the network), but Zone Alarm sees it, and blocks it when it's locked. Windows is likely using the 239. IP range for this purpose. I've seen instances, where when I was having network issues, and didn't have a valid IP, that certain Windows services would cause Zone Alarm prompts (the Spooler Subsystem is prone to doing this). I'm at work now so I can't see what IP it was trying to use though, but I wouldn't be surprised if it was a 239.* IP. -- Robert Tappan Morris, Jr., got six months in jail for crashing 10% of the computers that Bill Gates made $100 million crashing last weekend.
	to forum · permalink · · 2004-07-12 08:55:53 ·
zmaugy join:2003-05-24 Slovenia	Thanks, I know my question was off topic:), anyway I'm going to go step by step through the procedure just in case. -- French fries.
	to forum · permalink · · 2004-07-12 08:59:43 ·


Wednesday, 02-Dec 14:13:07	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF