Guest Bryan Elwood Posted July 27, 2007 Posted July 27, 2007 My Windows 2000 system has begun to spontaneously dial a foreign country through my dial-up modem. It occurs at random times throughout the day. If I am dialed in, the offending entity will hang up with my ISP, then begin dialing on its own. The bug will make 11 or so attempts before giving up until later. Watching Task Manager closely during an episode, there is no noticeable activity under Processes. However, I believe I have halted the bug in mid-stream by closing all instances of Internet Explorer 6, unless of course the bug simply reached its set number of attempts. My Norton AV expired some time ago, but I am up to date with Windows Updates. I didn't think anything like this would creep in before I renewed my license. I have some experience removing viruses manually through the registry, but this bug has alluded me thus far. Can anyone suggest a resource for identifying and removing this bug? Or do you have a preferred software for removing this particular type of bug? Thanks for any help! Bryan
Guest Quaestor Posted July 27, 2007 Posted July 27, 2007 Re: PLEASE HELP! My System is Hijaked! Bryan Elwood wrote: >My Windows 2000 system has begun to spontaneously dial a foreign country >through my dial-up modem. > You have a virus/trojan/worm. Get something to scan for it, and if the first thing you try doesn't find it, keep getting others till one of them does (I found Kasparsky [with a free trial period] catches things the others don't notice). Believe me, it's there, probably a rootkit (very tough to find or remove). Once you know what you have, it will probably take a removal tool (see symantec and mcaffee sites for those) to remove it. If all else fails, fdisk, format, and reinstall everything. AND DON'T LET THIS HAPPEN AGAIN. Do NOT connect to the internet without a Hardware firewall running (an nforce mobo with separate fw processor works fine, contrary to what the shills will tell you), do NOT run any of the fancy crap that comes with IE (in fact, do not run IE, use a real browser), do NOT run html in mail or news, do NOT open attachments, do NOT run java, java script, flash, or anything else you don't really need, and do NOT let anyone else use your machine. DO run anti-virus protection, email-scanning, etc, and Take No Chances. If you stick to these rules you May avoid more of this kind of thing in the future. Also, you want to check your bank accounts, credit cards, game accounts, everthing else that uses a password, and change those passwords AFTER you get the machine clean, since it is likely all your personal information has already been stolen. Oh, and send billgates a big thankyou for perpetrating the insecure OS which makes all this horror possible. -- Those who try to hide behind Godwin are the real net-nazis. Philosophy: Joking about why we cuss so much. Learn about spam: http://www.seige-perilous.org/spam/spam.html [fourth line intentionally left blank]
Guest Pegasus \(MVP\) Posted July 27, 2007 Posted July 27, 2007 Re: PLEASE HELP! My System is Hijaked! "Bryan Elwood" <belwood1grass@airmail.net> wrote in message news:eykN8f$zHHA.3600@TK2MSFTNGP04.phx.gbl... > My Windows 2000 system has begun to spontaneously dial a foreign country > through my dial-up modem. It occurs at random times throughout the day. > If > I am dialed in, the offending entity will hang up with my ISP, then begin > dialing on its own. The bug will make 11 or so attempts before giving up > until later. > > Watching Task Manager closely during an episode, there is no noticeable > activity under Processes. However, I believe I have halted the bug in > mid-stream by closing all instances of Internet Explorer 6, unless of > course > the bug simply reached its set number of attempts. > > My Norton AV expired some time ago, but I am up to date with Windows > Updates. I didn't think anything like this would creep in before I > renewed > my license. I have some experience removing viruses manually through the > registry, but this bug has alluded me thus far. > > Can anyone suggest a resource for identifying and removing this bug? Or > do > you have a preferred software for removing this particular type of bug? > > Thanks for any help! > Bryan > > I fully agree with what Quaestor writes but I am concerned about your statement "I have some experience removing viruses". It suggests one of two things: - You have a casual approach towards maintaining your virus defences and/or your firewall. - You frequently visit sits and open EMails that are known to be risky. If you pay attention to maintaining your protection up-to-date and if you adopt safe computing habits then your system should never suffer an infection. I am responsible for the maintenance of a few hundred machines and they have been totally virus-free for many years.
Guest Quaestor Posted July 27, 2007 Posted July 27, 2007 Re: PLEASE HELP! My System is Hijaked! Pegasus (MVP) wrote: >I fully agree with what Quaestor writes but I am concerned about >your statement "I have some experience removing viruses". It >suggests one of two things: > >- You have a casual approach towards maintaining your virus > defences and/or your firewall. >- You frequently visit sits and open EMails that are known to > be risky. > >If you pay attention to maintaining your protection up-to-date >and if you adopt safe computing habits then your system should >never suffer an infection. I am responsible for the maintenance >of a few hundred machines and they have been totally virus-free >for many years. > All I run is a hardware firewall, occasional scanning for any file I DL, avoiding dangerous sites, and not running the garbage that comes with MS browser and email programs. When on occasion I do DL a file, I only get it from a trusted site, and then do nothing with it until it has been scanned with a fully updated scanner (AVAST!). I do not run real-time anti-virus or email checking, because the firewall stops the worms, the scanning of files stops the trojans & virus, and I simply do not open attachments to email unless they are from a friend and I was expecting it. The result is that, other than the 2 times I got hit when I first went to win2k (which shot right past the software firewall), I have never had a virus/trojan/worm. IOW, good sense and a good firewall are the real protectors. -- Those who try to hide behind Godwin are the real net-nazis. Philosophy: Joking about why we cuss so much. Learn about spam: http://www.seige-perilous.org/spam/spam.html [fourth line intentionally left blank]
Guest Andrew Rossmann Posted July 27, 2007 Posted July 27, 2007 Re: PLEASE HELP! My System is Hijaked! In article <13aj0h543dh1mf0@news.supernews.com>, no.spam@my.place says... > Bryan Elwood wrote: > > >My Windows 2000 system has begun to spontaneously dial a foreign country > >through my dial-up modem. ^^^^^^^^^^^^^ > AND DON'T LET THIS HAPPEN AGAIN. Do NOT connect to the internet without > a Hardware firewall running (an nforce mobo with separate fw processor > works fine, contrary to what the shills will tell you How many HW firewalls support dial-up? Typically, the modem is internal to the computer (especially if it's a laptop.) The only firewall really possible in that case is a software one. Not every can afford, or can even get, broadband. -- If there is a no_junk in my address, please REMOVE it before replying! All junk mail senders will be prosecuted to the fullest extent of the law!! http://home.att.net/~andyross
Guest Quaestor Posted July 28, 2007 Posted July 28, 2007 Re: PLEASE HELP! My System is Hijaked! Andrew Rossmann wrote: >In article <13aj0h543dh1mf0@news.supernews.com>, no.spam@my.place >says... > > >>Bryan Elwood wrote: >> >> >> >>>My Windows 2000 system has begun to spontaneously dial a foreign country >>>through my dial-up modem. >>> >>> > ^^^^^^^^^^^^^ > > > >>AND DON'T LET THIS HAPPEN AGAIN. Do NOT connect to the internet without >>a Hardware firewall running (an nforce mobo with separate fw processor >>works fine, contrary to what the shills will tell you >> >> > >How many HW firewalls support dial-up? Typically, the modem is internal >to the computer (especially if it's a laptop.) The only firewall really >possible in that case is a software one. Not every can afford, or can >even get, broadband. > Is there some reason you cannot connect a firewall to a modem? -- Those who try to hide behind Godwin are the real net-nazis. Philosophy: Joking about why we cuss so much. Learn about spam: http://www.seige-perilous.org/spam/spam.html [fourth line intentionally left blank]
Guest Andrew Rossmann Posted July 28, 2007 Posted July 28, 2007 Re: PLEASE HELP! My System is Hijaked! In article <13al7ma7drnt788@news.supernews.com>, no.spam@my.place says... > Andrew Rossmann wrote: > Is there some reason you cannot connect a firewall to a modem? The HW firewall would need to support a serial (or maybe USB) port, and support dialing the ISP, and handling the login information. For a home user, that could be messy as it may be online when you don't want it to be. Most HW firewalls just go in-line between the broadband connection (cable or DSL modem, T1, etc...) and the internal router or hub or switch. Many routers have some basic firewall in them. You still need an Ethernet input to the firewall/router. -- If there is a no_junk in my address, please REMOVE it before replying! All junk mail senders will be prosecuted to the fullest extent of the law!! http://home.att.net/~andyross
Guest Quaestor Posted July 28, 2007 Posted July 28, 2007 Re: PLEASE HELP! My System is Hijaked! Andrew Rossmann wrote: >In article <13al7ma7drnt788@news.supernews.com>, no.spam@my.place >says... > > >>Andrew Rossmann wrote: >>Is there some reason you cannot connect a firewall to a modem? >> >> > >The HW firewall would need to support a serial (or maybe USB) port, and >support dialing the ISP, and handling the login information. > Why can't the modem handle that? >For a home >user, that could be messy as it may be online when you don't want it to >be. > >Most HW firewalls just go in-line between the broadband connection >(cable or DSL modem, T1, etc...) and the internal router or hub or >switch. > Most == All? >Many routers have some basic firewall in them. You still need an >Ethernet input to the firewall/router. > My first firewall was an older PC running redhat linux and an esmith server (free for download). Dialup modem connected that to the net, and ethernet connected to the other pc. Later switched to DSL, easy and quick. This sort of thing is hardly a difficult setup to achieve. If it is true that no combination of dialup modem and firewall can be found that works together, the only solution to the constant barrage of haking and probing is to stay off the net. Software firewalls are not even bandaids. -- Those who try to hide behind Godwin are the real net-nazis. Philosophy: Joking about why we cuss so much. Learn about spam: http://www.seige-perilous.org/spam/spam.html [fourth line intentionally left blank]
Guest John John Posted July 28, 2007 Posted July 28, 2007 Re: PLEASE HELP! My System is Hijaked! Quaestor wrote: > Andrew Rossmann wrote: > >> In article <13al7ma7drnt788@news.supernews.com>, no.spam@my.place says... >> >> >>> Andrew Rossmann wrote: >>> Is there some reason you cannot connect a firewall to a modem? >>> >> >> >> The HW firewall would need to support a serial (or maybe USB) port, >> and support dialing the ISP, and handling the login information. >> > > Why can't the modem handle that? > >> For a home user, that could be messy as it may be online when you >> don't want it to be. >> >> Most HW firewalls just go in-line between the broadband connection >> (cable or DSL modem, T1, etc...) and the internal router or hub or >> switch. >> > > Most == All? > >> Many routers have some basic firewall in them. You still need an >> Ethernet input to the firewall/router. >> > > My first firewall was an older PC running redhat linux and an esmith > server (free for download). Dialup modem connected that to the net, and > ethernet connected to the other pc. Later switched to DSL, easy and > quick. This sort of thing is hardly a difficult setup to achieve. > > If it is true that no combination of dialup modem and firewall can be > found that works together, the only solution to the constant barrage of > haking and probing is to stay off the net. Software firewalls are not > even bandaids. it's better than nothing and it does keep things out. Those with properly configured software firewalls were mostly spared from such things as msblast, sasser or whatever their names were when they came out and inflicted their misery on hundreds of thousands of computers. Two points to keep in mind: 1- Dialup connections are not as vulnerable to attacks as broadband/high speed internet connections. 2- As much as it may shock you, in many areas the only available connections to the internet are dialup connections. In some places where more choice is available, but where there is no effective competition, some consumers might not be able to afford the large price premium that is demanded for high speed service. Hardware firewall for dialup modems has been getting increasingly harder to find. If you have a small network and use ICS you are using NAT. These hardware firewalls are dialup capable: http://www.netgear.com/Products/VPNandSSL/WiredVPNFirewallRouters/FVS338.aspx http://www.netgear.com/Products/VPNandSSL/WirelessVPNFirewallRouters/FWG114P.aspx John
Guest Quaestor Posted July 28, 2007 Posted July 28, 2007 Re: PLEASE HELP! My System is Hijaked! John John wrote: > 1- Dialup connections are not as vulnerable to attacks as > broadband/high speed internet connections. Just as vulnerable, but less targeted, because most reputable ISP do not accept email from dialup netranges (such users should be sending mail through their ISP's mail server, not their own). > 2- As much as it may shock you, in many areas the only available > connections to the internet are dialup connections. I never said otherwise. The question was about avoiding getting haked/wormed. > Hardware firewall for dialup modems has been getting increasingly > harder to find. If you have a small network and use ICS you are using > NAT. It may not be pretty, but NAT works. -- Those who try to hide behind Godwin are the real net-nazis. Philosophy: Joking about why we cuss so much. Learn about spam: http://www.seige-perilous.org/spam/spam.html [fourth line intentionally left blank]
Guest DL Posted July 29, 2007 Posted July 29, 2007 Re: PLEASE HELP! My System is Hijaked! Its not a bug; Your system is infected "Bryan Elwood" <belwood1grass@airmail.net> wrote in message news:eykN8f$zHHA.3600@TK2MSFTNGP04.phx.gbl... > My Windows 2000 system has begun to spontaneously dial a foreign country > through my dial-up modem. It occurs at random times throughout the day. > If > I am dialed in, the offending entity will hang up with my ISP, then begin > dialing on its own. The bug will make 11 or so attempts before giving up > until later. > > Watching Task Manager closely during an episode, there is no noticeable > activity under Processes. However, I believe I have halted the bug in > mid-stream by closing all instances of Internet Explorer 6, unless of > course > the bug simply reached its set number of attempts. > > My Norton AV expired some time ago, but I am up to date with Windows > Updates. I didn't think anything like this would creep in before I > renewed > my license. I have some experience removing viruses manually through the > registry, but this bug has alluded me thus far. > > Can anyone suggest a resource for identifying and removing this bug? Or > do > you have a preferred software for removing this particular type of bug? > > Thanks for any help! > Bryan > >
Recommended Posts