help recovering from hack

From: zigzag (billybumbler_at_fartmail.com)
Date: 10/28/04 

Date: Thu, 28 Oct 2004 06:43:23 GMT

Hi I could use a bit of help from someone in the know I'll just start from
the beginning

  Until a few days back I had never had any trouble with virus or malicious
attacks in the 5 years I'd been online, I kept a low profile, never bothered
with chatrooms or places where you'd be noticed. Also at the time this
trouble started I had no protection as my norton internet security had
corrupted and I uninstalled it and hadn't reinstalled it yet. Anyway I was
on winmx and ran into some racist girl who didn't like the kind of music I
had shared and she started trying to hack me. All I had was the Winxp
firewall. I had a bad feeling about her and went to event viewer right away
and noticed she was changing IPSec policies and system policies so I
unplugged and reinstalled Norton Internet Security suite 2004 the next day.
I also backed this up with Zone Alarm. Anyway I do a port scan and it shows
that my ICMP Ping port, HTTP Port 80 and worse yet my Telnet port 23 are all
open. These ports are supposed to be stealthed if not being used and Im
definately not running anything that uses these ports. This isn't even a
full port scan just a scan of the most common ones. Also my msnmessenger
keeps wanting to open up as a server, I turn it off and it wants to open up
again though I can deny it with my firewall.
  How do I close these ports manually? Or how do I find out what is using
these ports? Also is there anywhere I can go to find out what policy
changes she made? My virus scan shows there is no virus or trojan horse
present. any advice would be apreciated. Thanks in advance.

zigzag

Relevant Pages

  • Re: Kuang2 Virus/Trojan - Does ANYONE KNOW HOW TO REMOVE?
    ... It says I'm clean. ... | McAfee Firewall Plus is still showing port activity on Port 17300 "Kuang2 ... | "The firewall has blocked an attempt to access this port." ... |> There are anti virus News Groups specifically for this type of discussion. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Rumours about Apache 1.3.22 exploits -> analysis of so-called exploit client
    ... Does this "virus" only affect Linux hosts? ... while I don't think there is any way for this virus to infect any other ... Stop me if I'm wrong - but this thread was originally about apache exploits. ... > sure the port is 'open': If I would find which pid was causing the port ...
    (Vuln-Dev)
  • RE: XP box maintainance and lockdown
    ... download latest virus definitions ... Router Configuration ... to obtain protocol, local port, remote port, and IP address needed to ... disable 3rd-party cookies and/or set cookie policy according to ...
    (Security-Basics)
  • Re: if firewall on, my webdite inaccessible
    ... of traffic uses that port. ... | I had Firewall Settings figured out: it is port 80; ... | I believe there are virus lurking somewhere on my machine. ... |> When you send a request to a server on the Internet, that |> server must have an open port to receive your request. ...
    (microsoft.public.security.virus)
  • Re: Kuang2 Virus/Trojan - Does ANYONE KNOW HOW TO REMOVE?
    ... McAfee Firewall Plus is still showing port activity on Port 17300 "Kuang2 ... The Virus XXX" but nothing about having blocked the attempt. ... "The firewall has blocked an attempt to access this port." ... > Your post indicates you used the McAfee Command Line Scanner. ...
    (microsoft.public.windowsxp.security_admin)