Posted 06 December 2010 - 02:54 AM
well, I see no one has touched this topic yet. (sadface)
I have some more information on this as well.
I was looking through my security history reports under my Norton 360 anti-virus.
I reviewed most of the entries that were 'eye-catching.'
And this could be good news but I have the IP address of the attacker when they iniated the attack on my computer which was Sunday, Dec 5th 2010, at 8 PM.
Other information provided by the Norton security history of this incident included:
The attacker's URL.
Is there anyway I can report this person with this information (Attacker's IP Adress, & URL.) to have justice brought upon this, and possibly help out the rest of the people whom have been infected by this.
And I saw something in there about my firewall making new rules for Java Web start launcher, which seems to be when the problems begin to happen, so I believe that's how he got through in the first place, through Java.
It has this in there \Device\hardiskvolume1\program files\Java\JRE6Bin\Java.Exe
Some of the history explained to me what he was doing.
It looked like he was trying to start there in Java and from there gain access so he could get remote control of my computer, but I don't think he succededed in getting any important personal files due to my quick thinking.
I read entries in there like he was trying to change settings, but was blocked, and one entry explained that I had allowed him access to my network resources, which is I why I was alarmed. There was actually two names that appeared to have gained entry, so it looks like two attacks, and it says '2' in the numbers of people attacking. Which I am guessing is what the trojan did for him, as I would never willingly let anyone into my computer to do harm obviously.
Also entries of my IDS detection statiscal submission alerting me of the intrusion.
Statiscal submissions of:
conhost.exe (which I don't really understand because I was reading about it and it is supposed to be some helpful tool used for windows 7, but my OS is windows xp, and I never noticed any entries about it until my computer got infected, so I think in this case it was bad, but again I don't have a lot of information on this.)
And the other executable was trojan.maljava.
Much more obvious, you see it's a trojan, and it is linked to java. Which is where I was saying this started. I got this information about it on google.
Trojan.Maljava is a detection name used by Symantec to identify malicious Java files that exploit one or more vulnerabilities.
So For now I think that is all the information I have about this. If anyone here can find some time to discuss this with me, and answer my questions, I would GREATLY appreciate it. Happy holidays to everyone.