PLEASE HELP! My System is Hijaked!

[Guest Bryan Elwood]

My Windows 2000 system has begun to spontaneously dial a foreign country

through my dial-up modem. It occurs at random times throughout the day. If

I am dialed in, the offending entity will hang up with my ISP, then begin

dialing on its own. The bug will make 11 or so attempts before giving up

until later.

 

Watching Task Manager closely during an episode, there is no noticeable

activity under Processes. However, I believe I have halted the bug in

mid-stream by closing all instances of Internet Explorer 6, unless of course

the bug simply reached its set number of attempts.

 

My Norton AV expired some time ago, but I am up to date with Windows

Updates. I didn't think anything like this would creep in before I renewed

my license. I have some experience removing viruses manually through the

registry, but this bug has alluded me thus far.

 

Can anyone suggest a resource for identifying and removing this bug? Or do

you have a preferred software for removing this particular type of bug?

 

Thanks for any help!

Bryan

[Guest Quaestor]

Re: PLEASE HELP! My System is Hijaked!

 

Bryan Elwood wrote:

>My Windows 2000 system has begun to spontaneously dial a foreign country

>through my dial-up modem.

>

 

 

You have a virus/trojan/worm. Get something to scan for it, and if the

first thing you try doesn't find it, keep getting others till one of

them does (I found Kasparsky [with a free trial period] catches things

the others don't notice). Believe me, it's there, probably a rootkit

(very tough to find or remove). Once you know what you have, it will

probably take a removal tool (see symantec and mcaffee sites for those)

to remove it. If all else fails, fdisk, format, and reinstall everything.

 

AND DON'T LET THIS HAPPEN AGAIN. Do NOT connect to the internet without

a Hardware firewall running (an nforce mobo with separate fw processor

works fine, contrary to what the shills will tell you), do NOT run any

of the fancy crap that comes with IE (in fact, do not run IE, use a real

browser), do NOT run html in mail or news, do NOT open attachments, do

NOT run java, java script, flash, or anything else you don't really

need, and do NOT let anyone else use your machine. DO run anti-virus

protection, email-scanning, etc, and Take No Chances. If you stick to

these rules you May avoid more of this kind of thing in the future.

 

Also, you want to check your bank accounts, credit cards, game accounts,

everthing else that uses a password, and change those passwords AFTER

you get the machine clean, since it is likely all your personal

information has already been stolen.

 

Oh, and send billgates a big thankyou for perpetrating the insecure OS

which makes all this horror possible.

 

--

Those who try to hide behind Godwin are the real net-nazis.

Philosophy: Joking about why we cuss so much.

Learn about spam: http://www.seige-perilous.org/spam/spam.html

[fourth line intentionally left blank]

[Guest Pegasus \(MVP\)]

Re: PLEASE HELP! My System is Hijaked!

 

 

"Bryan Elwood" <belwood1grass@airmail.net> wrote in message

news:eykN8f$zHHA.3600@TK2MSFTNGP04.phx.gbl...

> My Windows 2000 system has begun to spontaneously dial a foreign country

> through my dial-up modem. It occurs at random times throughout the day.

> If

> I am dialed in, the offending entity will hang up with my ISP, then begin

> dialing on its own. The bug will make 11 or so attempts before giving up

> until later.

>

> Watching Task Manager closely during an episode, there is no noticeable

> activity under Processes. However, I believe I have halted the bug in

> mid-stream by closing all instances of Internet Explorer 6, unless of

> course

> the bug simply reached its set number of attempts.

>

> My Norton AV expired some time ago, but I am up to date with Windows

> Updates. I didn't think anything like this would creep in before I

> renewed

> my license. I have some experience removing viruses manually through the

> registry, but this bug has alluded me thus far.

>

> Can anyone suggest a resource for identifying and removing this bug? Or

> do

> you have a preferred software for removing this particular type of bug?

>

> Thanks for any help!

> Bryan

>

>

 

I fully agree with what Quaestor writes but I am concerned about

your statement "I have some experience removing viruses". It

suggests one of two things:

 

- You have a casual approach towards maintaining your virus

defences and/or your firewall.

- You frequently visit sits and open EMails that are known to

be risky.

 

If you pay attention to maintaining your protection up-to-date

and if you adopt safe computing habits then your system should

never suffer an infection. I am responsible for the maintenance

of a few hundred machines and they have been totally virus-free

for many years.

[Guest Quaestor]

Re: PLEASE HELP! My System is Hijaked!

 

Pegasus (MVP) wrote:

>I fully agree with what Quaestor writes but I am concerned about

>your statement "I have some experience removing viruses". It

>suggests one of two things:

>

>- You have a casual approach towards maintaining your virus

> defences and/or your firewall.

>- You frequently visit sits and open EMails that are known to

> be risky.

>

>If you pay attention to maintaining your protection up-to-date

>and if you adopt safe computing habits then your system should

>never suffer an infection. I am responsible for the maintenance

>of a few hundred machines and they have been totally virus-free

>for many years.

>

 

All I run is a hardware firewall, occasional scanning for any file I DL,

avoiding dangerous sites, and not running the garbage that comes with MS

browser and email programs. When on occasion I do DL a file, I only get

it from a trusted site, and then do nothing with it until it has been

scanned with a fully updated scanner (AVAST!). I do not run real-time

anti-virus or email checking, because the firewall stops the worms, the

scanning of files stops the trojans & virus, and I simply do not open

attachments to email unless they are from a friend and I was expecting

it. The result is that, other than the 2 times I got hit when I first

went to win2k (which shot right past the software firewall), I have

never had a virus/trojan/worm. IOW, good sense and a good firewall are

the real protectors.

 

--

Those who try to hide behind Godwin are the real net-nazis.

Philosophy: Joking about why we cuss so much.

Learn about spam: http://www.seige-perilous.org/spam/spam.html

[fourth line intentionally left blank]

[Guest Andrew Rossmann]

Re: PLEASE HELP! My System is Hijaked!

 

In article <13aj0h543dh1mf0@news.supernews.com>, no.spam@my.place

says...

> Bryan Elwood wrote:

>

> >My Windows 2000 system has begun to spontaneously dial a foreign country

> >through my dial-up modem.

^^^^^^^^^^^^^

> AND DON'T LET THIS HAPPEN AGAIN. Do NOT connect to the internet without

> a Hardware firewall running (an nforce mobo with separate fw processor

> works fine, contrary to what the shills will tell you

 

How many HW firewalls support dial-up? Typically, the modem is internal

to the computer (especially if it's a laptop.) The only firewall really

possible in that case is a software one. Not every can afford, or can

even get, broadband.

 

--

If there is a no_junk in my address, please REMOVE it before replying!

All junk mail senders will be prosecuted to the fullest extent of the

law!!

http://home.att.net/~andyross

[Guest Quaestor]

Re: PLEASE HELP! My System is Hijaked!

 

Andrew Rossmann wrote:

>In article <13aj0h543dh1mf0@news.supernews.com>, no.spam@my.place

>says...

>

>

>>Bryan Elwood wrote:

>>

>>

>>

>>>My Windows 2000 system has begun to spontaneously dial a foreign country

>>>through my dial-up modem.

>>>

>>>

> ^^^^^^^^^^^^^

>

>

>

>>AND DON'T LET THIS HAPPEN AGAIN. Do NOT connect to the internet without

>>a Hardware firewall running (an nforce mobo with separate fw processor

>>works fine, contrary to what the shills will tell you

>>

>>

>

>How many HW firewalls support dial-up? Typically, the modem is internal

>to the computer (especially if it's a laptop.) The only firewall really

>possible in that case is a software one. Not every can afford, or can

>even get, broadband.

>

 

Is there some reason you cannot connect a firewall to a modem?

 

--

Those who try to hide behind Godwin are the real net-nazis.

Philosophy: Joking about why we cuss so much.

Learn about spam: http://www.seige-perilous.org/spam/spam.html

[fourth line intentionally left blank]

[Guest Andrew Rossmann]

Re: PLEASE HELP! My System is Hijaked!

 

In article <13al7ma7drnt788@news.supernews.com>, no.spam@my.place

says...

> Andrew Rossmann wrote:

> Is there some reason you cannot connect a firewall to a modem?

 

The HW firewall would need to support a serial (or maybe USB) port, and

support dialing the ISP, and handling the login information. For a home

user, that could be messy as it may be online when you don't want it to

be.

 

Most HW firewalls just go in-line between the broadband connection

(cable or DSL modem, T1, etc...) and the internal router or hub or

switch. Many routers have some basic firewall in them. You still need an

Ethernet input to the firewall/router.

 

--

If there is a no_junk in my address, please REMOVE it before replying!

All junk mail senders will be prosecuted to the fullest extent of the

law!!

http://home.att.net/~andyross

[Guest Quaestor]

Re: PLEASE HELP! My System is Hijaked!

 

Andrew Rossmann wrote:

>In article <13al7ma7drnt788@news.supernews.com>, no.spam@my.place

>says...

>

>

>>Andrew Rossmann wrote:

>>Is there some reason you cannot connect a firewall to a modem?

>>

>>

>

>The HW firewall would need to support a serial (or maybe USB) port, and

>support dialing the ISP, and handling the login information.

>

 

Why can't the modem handle that?

>For a home

>user, that could be messy as it may be online when you don't want it to

>be.

>

>Most HW firewalls just go in-line between the broadband connection

>(cable or DSL modem, T1, etc...) and the internal router or hub or

>switch.

>

 

Most == All?

>Many routers have some basic firewall in them. You still need an

>Ethernet input to the firewall/router.

>

 

My first firewall was an older PC running redhat linux and an esmith

server (free for download). Dialup modem connected that to the net, and

ethernet connected to the other pc. Later switched to DSL, easy and

quick. This sort of thing is hardly a difficult setup to achieve.

 

If it is true that no combination of dialup modem and firewall can be

found that works together, the only solution to the constant barrage of

haking and probing is to stay off the net. Software firewalls are not

even bandaids.

 

--

Those who try to hide behind Godwin are the real net-nazis.

Philosophy: Joking about why we cuss so much.

Learn about spam: http://www.seige-perilous.org/spam/spam.html

[fourth line intentionally left blank]

[Guest John John]

Re: PLEASE HELP! My System is Hijaked!

 

Quaestor wrote:

> Andrew Rossmann wrote:

>

>> In article <13al7ma7drnt788@news.supernews.com>, no.spam@my.place says...

>>

>>

>>> Andrew Rossmann wrote:

>>> Is there some reason you cannot connect a firewall to a modem?

>>>

>>

>>

>> The HW firewall would need to support a serial (or maybe USB) port,

>> and support dialing the ISP, and handling the login information.

>>

>

> Why can't the modem handle that?

>

>> For a home user, that could be messy as it may be online when you

>> don't want it to be.

>>

>> Most HW firewalls just go in-line between the broadband connection

>> (cable or DSL modem, T1, etc...) and the internal router or hub or

>> switch.

>>

>

> Most == All?

>

>> Many routers have some basic firewall in them. You still need an

>> Ethernet input to the firewall/router.

>>

>

> My first firewall was an older PC running redhat linux and an esmith

> server (free for download). Dialup modem connected that to the net, and

> ethernet connected to the other pc. Later switched to DSL, easy and

> quick. This sort of thing is hardly a difficult setup to achieve.

>

> If it is true that no combination of dialup modem and firewall can be

> found that works together, the only solution to the constant barrage of

> haking and probing is to stay off the net. Software firewalls are not

> even bandaids.

 

it's better than nothing and it does keep things out. Those with

properly configured software firewalls were mostly spared from such

things as msblast, sasser or whatever their names were when they came

out and inflicted their misery on hundreds of thousands of computers.

 

Two points to keep in mind:

 

1- Dialup connections are not as vulnerable to attacks as

broadband/high speed internet connections.

 

2- As much as it may shock you, in many areas the only available

connections to the internet are dialup connections. In some places

where more choice is available, but where there is no effective

competition, some consumers might not be able to afford the large price

premium that is demanded for high speed service.

 

Hardware firewall for dialup modems has been getting increasingly harder

to find. If you have a small network and use ICS you are using NAT.

 

These hardware firewalls are dialup capable:

http://www.netgear.com/Products/VPNandSSL/WiredVPNFirewallRouters/FVS338.aspx

http://www.netgear.com/Products/VPNandSSL/WirelessVPNFirewallRouters/FWG114P.aspx

 

John

[Guest Quaestor]

Re: PLEASE HELP! My System is Hijaked!

 

John John wrote:

> 1- Dialup connections are not as vulnerable to attacks as

> broadband/high speed internet connections.

 

 

Just as vulnerable, but less targeted, because most reputable ISP do not

accept email from dialup netranges (such users should be sending mail

through their ISP's mail server, not their own).

> 2- As much as it may shock you, in many areas the only available

> connections to the internet are dialup connections.

 

 

I never said otherwise. The question was about avoiding getting

haked/wormed.

> Hardware firewall for dialup modems has been getting increasingly

> harder to find. If you have a small network and use ICS you are using

> NAT.

 

 

It may not be pretty, but NAT works.

 

 

--

Those who try to hide behind Godwin are the real net-nazis.

Philosophy: Joking about why we cuss so much.

Learn about spam: http://www.seige-perilous.org/spam/spam.html

[fourth line intentionally left blank]

[Guest DL]

Re: PLEASE HELP! My System is Hijaked!

 

Its not a bug;

Your system is infected

 

"Bryan Elwood" <belwood1grass@airmail.net> wrote in message

news:eykN8f$zHHA.3600@TK2MSFTNGP04.phx.gbl...

> My Windows 2000 system has begun to spontaneously dial a foreign country

> through my dial-up modem. It occurs at random times throughout the day.

> If

> I am dialed in, the offending entity will hang up with my ISP, then begin

> dialing on its own. The bug will make 11 or so attempts before giving up

> until later.

>

> Watching Task Manager closely during an episode, there is no noticeable

> activity under Processes. However, I believe I have halted the bug in

> mid-stream by closing all instances of Internet Explorer 6, unless of

> course

> the bug simply reached its set number of attempts.

>

> My Norton AV expired some time ago, but I am up to date with Windows

> Updates. I didn't think anything like this would creep in before I

> renewed

> my license. I have some experience removing viruses manually through the

> registry, but this bug has alluded me thus far.

>

> Can anyone suggest a resource for identifying and removing this bug? Or

> do

> you have a preferred software for removing this particular type of bug?

>

> Thanks for any help!

> Bryan

>

>