Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Message From Sygate Firewall - Somebody Is Scanning Your Computer


  • Please log in to reply
12 replies to this topic

#1 emm

emm

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 01 June 2006 - 07:00 PM

Hi there - again (lol)

Just been chatting to a friend on MSN... after our conversation had finished I signed out as 'Appear Offline'

Then I recevied a message from my firewall stating that;

'Somebody is scanning your computer.
Your computer's UDP ports:
25291, 6774, 49417, and 37285 have been scanned'

On checking the backtrace utility the culprit was broadband.bt.net

Now the person to whom I was speaking to is on msn with a bt.openworld addy.

Is this co-incidence or could this be them scanning my puter and if so how can I find out? They seem to have an unusual knack of knowing what I've been upto - eg. any chatrooms I've been in - good guess or spyware I don't know, but I'd like to stay one step ahead!

Therefore - apart from my firewall and all the other secure (one hopes) programs I have running - what can I do to try and not only keep my pc secure but also safe.

Am running my lappie from a Linksys router b-t-w

Cheers

emm

BC AdBot (Login to Remove)

 


m

#2 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:03:22 AM

Posted 01 June 2006 - 07:25 PM

After googling both broadband.bt.net & bt.openworld addy, it seems as though bt.openworld is a valid internet provider, but broadband.bt.net is un-related to this because googling broadband.bt.net gets you nothing; however, their might be some connection between them. Also, if your ports are being scanned via your friends connection, there is a possibility that your friends is infected with some sort of malware that is using his computer as a zombie computer. Methods to prevent a possible invasion:

1. Keep a fully functional and modern firewall (Sygate is suitable).
2. Use a functioning, updated, and real-time monitoring anti-virus program. Once again, please specify your anti-virus.
3. Use anti-spyware programs. Ad-Aware SE, Spybot S&D, Ewido Anti-Malware, and A-Squared Anti-Malware are all excellent, free programs that will keep your computer clean.
4. Use preventive software. Spyware Blaster, Spyware Guard, and SocketShield are a few preventive programs that are meant to keep infections from entering your computer.

Also, check out Grinler's Prevention post:

http://www.bleepingcomputer.com/forums/t/44675/how-did-i-get-infected/

Don't hesistate to post/reply with any comments, questions, etc.!

Edited by Elendil, 01 June 2006 - 07:37 PM.

Stanford '14
B.S. Candidate | Computer Science

#3 emm

emm
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 01 June 2006 - 08:13 PM

Hey there - quick reply!!!

Have all of the items listed except SocketShield - am using AVG also. I do a complete check once a week on my pc - update and scan - including TrendMicro. Although my pc is set to install updates, I also check these on a regular basis.

Mmmm, methinks he is certainly up to something because as said, he ALWAYS seems to know which sites I've visited.... to the extent I have stopped accepting files from him. Especially after a comment from him that he 'hates having to look in my file to see what sites I have visited' :thumbsup:

So whatever is on his computer is there due to his sayso and and I feel he's using it to spy on me - tis hacking (pardon the pun) me off now.

One thing I noticed with TrendMicro is that it bought up 'PAR_SE.116646'... after doing a google on this, I couldn't find anything, but then it occured to me that the 'SE' are my initials. This was found after I had received a file from him (wasn't thinking and stupidly accepted), so I immediately did a scan with TrendMicro and that was the result (baring in mind that it had been clear prior to this).

Initally thought he was gathering info from when I was chatting to him on Yahoo, so I told him I'd uninstalled it (he seemed too keen for me to re-install it for my liking lol).

Am I paranoid? Hell YES!

Oh how I'd love to find out how he's getting this info.

emm

#4 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:02:22 AM

Posted 02 June 2006 - 07:50 AM

1. Your computer is scanned more often than you might think. As long as Sygate is blocking your scan, you will be in "stealth mode" which means the scan will not return ANY information.
2. Be way of accepting ANY file from people you do not know well and also trust. Your firewall, if properly configured should have blocked any "strange" outgoing packets.
3. Thoroughly scan your hard drive with your resident anti-virus and be sure to quarantine anything it finds; this will make sure that PAR_SE.116646 is completely off your computer.
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#5 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:03:22 AM

Posted 02 June 2006 - 09:05 AM

From the tools/procedures you use, it appears that you'll be fine. Also, follow jgweed's tips as he is extremely experienced with anti-malware practices and removal. Good luck with securing your computer! :thumbsup:
Stanford '14
B.S. Candidate | Computer Science

#6 graveangel

graveangel

  • Members
  • 399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham England Home to the Hood of Robin
  • Local time:08:22 AM

Posted 02 June 2006 - 01:26 PM

Hi emm,

Just a quick add to whats already been said by elendil and jgweed. Are you actually running your broadband through bt? If the answer is yes,you may find they are checking your connection,i have had a similar thing with ntl doing it to me,luckily it was ok,but it is better to be safe than sorry. I suggest,if you are with BT,to send them an email to there tech department and quote the broadband.bt.net scanner and everything you have mentioned here. You may find its all ok.I do suggest keeping a close eye on your firewall for a little while though,to see what it reports, and if anything else, report back here.
....And on the 8th day God said, "When my children are intelligent, and create the Computer, for my sake may they never screw around with the registry or subscribe to AOL"Posted Image

#7 emm

emm
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 02 June 2006 - 06:04 PM

Thanks for your replies peeps,

I'm running my pc through NTL and often check my firewall logs to see whats been happening. That's why I was concerned when the broadband.bt.net message popped up - especially after I had been talking to my friend (ok it's my boyfriend - but if he's spying on me - he will soon be ex-boyfriend) on MSN.

I don't mind doing the spying (if only I knew how...), but I don't want to be spyed on (double standards I know - but hey lol)

emm

#8 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:02:22 AM

Posted 02 June 2006 - 06:13 PM

Checking your logs from time to time is a good idea, especially if you have Sygate's popup warning disabled. I regularly find all sorts of strange "pings" that go bump in the night.
Cheers,
John
Whereof one cannot speak, thereof one should be silent.

#9 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:02:22 AM

Posted 02 June 2006 - 10:51 PM

Try running the following two online trojan scans using Internet Explorer:

Sygate Trojanscan
http://scan.sygatetech.com/pretrojanscan.html


Windows Security Trojanscan
http://windowsecurity.com/trojanscan
See instructions for it here:
http://www.windowsecurity.com/trojanscan/trojanscan.asp

#10 emm

emm
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 04 June 2006 - 01:47 PM

Hi there

Have scanned my puter from A-Z...

Spybot found 'Keyboard Spectator' listed, which I have now removed. Don't know where this has come from as I have not accepted any files for a while and have scanned since then anyway.

Also checked my ports with Sygate - all came up as 'Closed' - have not scanned them yet with Sygate disabled (as they suggest).

I also downloaded TrendMicros Anti-Syware evaluation program, whic found a few things as well.

Hopefully I am pretty secure now

Many thanks for your help guys & gals

emm

P.S - Tried to scan with the Trojan Scan, but the box remained 'empty'? I did check my Active X Controls as suggested on the site, but no luck - maybe just a glitch???

#11 graveangel

graveangel

  • Members
  • 399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham England Home to the Hood of Robin
  • Local time:08:22 AM

Posted 06 June 2006 - 08:43 AM

Hi emm, quick update for you!

NTL are updating there broadband connections and security,work began w/c 29 May and is on going until further stated,check out the ntl home page and somewhere on there, theres an option to read about connections (stupidly hidden and not on the home page itself,maybe a drop down box) which depending on your region will be suspended between certain times.

A friend of mine has already had hers done and her firewall came up with several unknown warnings when turned back on,so it maybe ntl you need to contact to make sure,hope this helps.
....And on the 8th day God said, "When my children are intelligent, and create the Computer, for my sake may they never screw around with the registry or subscribe to AOL"Posted Image

#12 emm

emm
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 08 June 2006 - 01:42 PM

Hey graveangel - thanks for the info - kinda puts my mind at rest...!

Laptop seems to be clear of any ''nasties' at the mo, so here's hoping.

Cheers

emm

#13 graveangel

graveangel

  • Members
  • 399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham England Home to the Hood of Robin
  • Local time:08:22 AM

Posted 08 June 2006 - 02:09 PM

No problem emm :thumbsup:
To be safe i would still keep my eyes out for anything,and run your scanners again. But i hope all runs well now. If anymore problems,you know where to find us! Stay happy :flowers:
....And on the 8th day God said, "When my children are intelligent, and create the Computer, for my sake may they never screw around with the registry or subscribe to AOL"Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users