Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Connection Is Hijacked


  • Please log in to reply
4 replies to this topic

#1 grannypj

grannypj

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Location:WI
  • Local time:07:54 PM

Posted 04 May 2006 - 04:56 PM

The machine was getting slower and slower; an unfamiliar connection box kept popping up with a 16 dot password to the server. Ours is 7 dots. We run XP Home edition with NIS 2005; Ad-Aware SE; Spybot; and use the XP Firewall as well.

Last night Spybot hit an error 00FC1C61 in the module tools.dll Just going to Q in the alphabet there were more than 70 addresses/sites logged most of them repeatedly, some a few hundred times. Locations are all over the planet. These are largely different connection and dialer sites and of course porn.

I did find a box checked on XP Firewall to allow remote use of the machine and I fixed that!!!!

My disk space is not being used up. They are somehow connecting with this machine from what I can tell. I ran a HijackThis today. Items I use on a regular basis include Java, various surveys i.e. NPDOR; Skinkers Alert Manager etc

Of course I can't find anything in the list from Spybot with a Search. Our ISP is a small private company - Tomah.com - a guy in his basement. The service is usually fantastic, very personal. But when I notified him of the strange connection box he was clueless.

The mouse started acting up yesterday. I cannot use the mouse to highlight, copy then paste the hijackthis log! IS THERE ANY OTHER WAY TO DO THAT?

HELP ??? GRANNYPJ


Mod Edit: Modified and closed an open tag ~ Animal

Edited by Animal, 04 May 2006 - 09:42 PM.


BC AdBot (Login to Remove)

 


m

#2 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:08:54 PM

Posted 04 May 2006 - 09:38 PM

Sometimes, the little pips denoting a password are not the same as the actual length of the password. That's Windows way of further confusing anyone trying to crack it.

To copy and paste, click Edit, Select All; then Edit, Copy. Focus on the other window and click Paste. Or, use keyboard commands - ctrl-A to select all, ctrl-C to copy, ctrl-v to paste.

Windows XP's firewall is OK for about five minutes until you can install something better.

Good idea to read the preparation guide for posting a hijack log in our Hijack This forum. It could solve some of your problems.

#3 grannypj

grannypj
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Location:WI
  • Local time:07:54 PM

Posted 04 May 2006 - 10:21 PM

Thankyou for the info on the pips etc. By the way NIS is Norton Internet Security. It has a firewall.

#4 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:08:54 PM

Posted 05 May 2006 - 11:44 AM

Just going to Q in the alphabet there were more than 70 addresses/sites logged most of them repeatedly, some a few hundred times. Locations are all over the planet. These are largely different connection and dialer sites and of course porn.


I don't understand this in the context of Spybot. What are you looking at that starts with Q? Spybot immunizes against sites, it doesn't record the sites attacking your computer. Are you looking at the immunization list?

#5 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:07:54 PM

Posted 05 May 2006 - 04:06 PM

Is this the "Teatimer" component of Spybot issuing these warnings or if not, what is?

If your computer is transmitting a data stream or streams without an application you are aware of being open, your computer may be operating as a zombie, have phone-home malware, a keylogger, or worse.

The Windows firewall gives you no protection against any of the above - just against incoming threats. If you have a Norton firewall running, make sure the Windows Firewall is shut off. Two software firewalls will cause conflicts.

Look in the settings in Norton Firewall and see what is allowed to send out.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users