Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hacking Attempt


  • Please log in to reply
6 replies to this topic

#1 gonsalves

gonsalves

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 12 January 2006 - 01:58 PM

Hi friends,
Whenever I log on to the net, within a few minutes my firewall ( Sygate free) pops up a message saying some one is scanning my ports and records a minor port scan in the security log.I checked the IP address in a WHOIS site. On three occassions I found that The IP address belongs to the same party. Now I check every time I get a pop up from my fire wall. I want to know how this guy knows that I have logged on. I have checked my machine with Norton 2004 which I keep regularily updated. I use Spybot S&D latest and updated version. I also scan my machine once a fortnight with sysclean. None of these softwares have shown any trojan or virus or spyware in the last four months. Am I infected? What can I do to prevent this portscan ?

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:18 PM

Posted 12 January 2006 - 02:12 PM

Hi There :thumbsup:

I have read your post and i think it would be wise for you to post a HijackThis log for an expert to review. I bet you are wondering what HijackThis is. Well it's a program that is simply able to show others what's going on inside your computer, in terms of infection etc..

I recommend you follow the HijackThis preparation guide which can be found here. It is important that you follow the guide closely. A number of scans will be run which may well fix your problem.

As the guide says, after you have completed the scans that are recommended, please post your "HijackThis" log in a new topic in the forum found here. Please add your system infomation and also what problems you are having. Please wait for a few days and one of our experts will get onto fixing your computer for you.

Please be aware that this new year we have been swamped so it may take a week for a reply.

David

#3 gonsalves

gonsalves
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 23 January 2006 - 01:14 PM

Hi,
I got my HJT scan posted and analysed. They say it is clear.Installed scanners say that my machine is free of malware. But I still get the distracting pop up from the firewall program that someone is scanning my ports. Anyone have any idea what to do? Iam still confused as to how the hacker knows that I have logged in when the firewal is supposed to keep me in stealth mode. Please help.

#4 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:03:18 PM

Posted 23 January 2006 - 01:49 PM

Automated port scans scan blocks of IP addresses at a time.
If you are on say Comcast or RoadRunner (ie always on) these are the
most popular IP's to scan. Worms also target IP blocks and the computer
at the other end could be infected.
Keep that firewall on and make sure you do a ShieldsUp scan at Gibson Research.
http://grc.com
If it says you pass then you have nothing to worry about...no one can connect
to your computer.

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#5 gonsalves

gonsalves
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 24 January 2006 - 01:23 PM

That link was of great help. I got my machine checked and found it to be solidly stealthy.Thanks, and Can I use that link , I mean send to one of my friend by email who is also experiencing a similar problem? Even though the attempt persist, I am sure that my machine is not compromised.
Thank you.

#6 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:03:18 PM

Posted 27 January 2006 - 05:39 PM

Yes...feel free to pass it on to anyone that needs it.

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#7 gonsalves

gonsalves
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 28 January 2006 - 12:29 PM

Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users