Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 08-11-2005, 05:06 AM   #21
Solid State Member
 
Join Date: Aug 2005
Posts: 18
Default Re: netstat.txt please help me?

I mean i log into a site......so each time i login they hack it.....so could they have hacked the site..yes it is not a https connection normal site?
__________________

ananthan is offline   Reply With Quote
Old 08-11-2005, 08:48 AM   #22
Solid State Member
 
Join Date: Aug 2005
Posts: 18
Default Re: netstat.txt please help me?

anyway thanks for clearing my doubt all of u.....thanks a lot

Ananthan
__________________

ananthan is offline   Reply With Quote
Old 08-11-2005, 10:57 AM   #23
Solid State Member
 
Join Date: Aug 2005
Posts: 18
Default Re: netstat.txt please help me?

In my backup of Norton Antivirus I had 45 trojan and virus....oops....thank God....I hope Dyserq, these files wouldnot have attacked me.....why they are backing it up.....In the options I have "restore" and "delete" shall I permanently keep it "delete" for the backup files in the Norton Antivirus?
Does it sound any good? I can manually change to restore if I want during the scan, right?

Sorry for whole lot of questions.....seeing so much of trojans is a very funny feeling ..hope you can understand :-)

I got unauthorized access -winlogon.exe

The location were it resides are
C:\WINDOWS\$NtUninstallKB841533$
C:\WINDOWS\$NtServicePackUninstall$
C:\WINDOWS\ServicePackFiles\i386
C:\WINDOWS\System32


Is it ok if it remains in all places I read somewhere that it need to be in only C:\WINDOWS\System32. Please clarify my never ending issues..:-)

Event Details:
Time: 8/11/2005 8:47:29 AM
Actor: C:\WINDOWS\system32\winlogon.exe (PID=812)
Target: C:\Program Files\Norton AntiVirus\SAVScan.exe
Action: Unauthorized access
Reaction: Unauthorized access stopped




Ananthan
ananthan is offline   Reply With Quote
Old 08-11-2005, 11:51 AM   #24
Solid State Member
 
Join Date: Aug 2005
Posts: 18
Default Re: netstat.txt please help me?

I deleted all 3 of them apart from the system32 one...hope that is right?
ananthan is offline   Reply With Quote
Old 08-12-2005, 02:12 AM   #25
Fully Optimized
 
dyserq's Avatar
 
Join Date: Jul 2005
Posts: 2,281
Default Re: netstat.txt please help me?

Quote:
Originally Posted by ananthan
In my backup of Norton Antivirus I had 45 trojan and virus....oops....thank God....I hope Dyserq, these files wouldnot have attacked me.....why they are backing it up.....In the options I have "restore" and "delete" shall I permanently keep it "delete" for the backup files in the Norton Antivirus?
Does it sound any good? I can manually change to restore if I want during the scan, right?

Sorry for whole lot of questions.....seeing so much of trojans is a very funny feeling ..hope you can understand :-)

I got unauthorized access -winlogon.exe

The location were it resides are
C:\WINDOWS\$NtUninstallKB841533$
C:\WINDOWS\$NtServicePackUninstall$
C:\WINDOWS\ServicePackFiles\i386
C:\WINDOWS\System32


Is it ok if it remains in all places I read somewhere that it need to be in only C:\WINDOWS\System32. Please clarify my never ending issues..:-)

Event Details:
Time: 8/11/2005 8:47:29 AM
Actor: C:\WINDOWS\system32\winlogon.exe (PID=812)
Target: C:\Program Files\Norton AntiVirus\SAVScan.exe
Action: Unauthorized access
Reaction: Unauthorized access stopped




Ananthan
What the ... winlogon.exe is a windows process
Norton backs up your files so that if you need to restore it, for example if a program can not function without it, you can, it is in quarantine so it will definately not harm your computer, it is like a trojan, virus and malware vault ...
dyserq is offline   Reply With Quote
Old 08-12-2005, 03:31 PM   #26
Solid State Member
 
Join Date: Aug 2005
Posts: 18
Default

Hello dyserq,

Well regarding winlogon.exe I removed which is unwanted and suspicious not the win32 one....all others had diffrent kilobytes which is dubious.

My firewall is helping me now...See what Iam getting...this guy is poking me a lot....Buddy can I change my IP address so he cant trace me...the ISP guys told the IP will be different each time transmitted through them.But this guy is trying to intrude my pc ....from many days....

Can you help me changing my IP address......


See what I got the warning from the Norton.

Protecting your connection to a newly detected network on adapter "Cable Modem" (IP address: xxx.xx.xx.xxx).


ethernet adapter ADL

IP address :xxx.xx.xx.1
default gateway :xxx.xx.xx.1
subnetmask :xxx.255.252.0


The above IP is trying to attack me from many days.......I strongly feel I should change my IP so he will miss me. He traced my IP from my email or registeration to his site.....Good heavens people are so dirty these days.....:-)

Thanks in advance

Ananthan
ananthan is offline   Reply With Quote
Old 08-12-2005, 07:54 PM   #27
Fully Optimized
 
dyserq's Avatar
 
Join Date: Jul 2005
Posts: 2,281
Default

Quote:
the ISP guys told the IP will be different each time transmitted through them
That is only true if you have a dynamic ip address
But from what i see, you should have a static ip address seeing as though there has been repetitive attacks on your computer
You can always set up a proxy servers of some sort but my best bet is to go tell the ISP to change your ip address
dyserq is offline   Reply With Quote
Old 08-16-2005, 05:24 PM   #28
Baseband Member
 
thecoolkid's Avatar
 
Join Date: Feb 2005
Posts: 91
Default open ports

I find that the ports: 81, 82, and 83 look really weird. If you have a router, then you could block those and see what happens. But everything looks legit. Although, I think that you should have erased you ip address (unless it's dynamic) because a malicious user now has your ip. You might want to erase it...

-thecoolkidontheblock
__________________
"Computers are one per cent inspiration and ninety-nine per cent perspiration. Accordingly, a 'computer' is often merely a talented machine who has done all of its homework."

-Thomas Edison, Modern Day.
thecoolkid is offline   Reply With Quote
Old 08-18-2005, 12:05 PM   #29
Solid State Member
 
Join Date: Aug 2005
Posts: 18
Default Re: netstat.txt please help me?

Hello guys,
sorry for late reply....I talked to my ISP....they told it is dynamic and each time it changes so no worries..the above shown ip is mine itself...dynamically formed by ISP....not my static...so It is just that site got hacked as Dyserq said..all is well that ends well..thanks to coolkid also....
Have a good weekend soon..
Ananthan
ananthan is offline   Reply With Quote
Old 08-18-2005, 12:08 PM   #30
Solid State Member
 
Join Date: Aug 2005
Posts: 18
Default Re: netstat.txt please help me?

Thanku coolkid for the ip thing..anyway it is dynamic....
__________________

ananthan is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 03:18 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0