Re: help recovering from hack

From: zigzag (billybumbler_at_fartmail.com)
Date: 10/28/04 

Date: Thu, 28 Oct 2004 07:20:59 GMT

"zigzag" <billybumbler@fartmail.com> wrote in message
news:fy0gd.44236$%k.1767@pd7tw2no...
> Hi I could use a bit of help from someone in the know I'll just start
from
> the beginning
>
> Until a few days back I had never had any trouble with virus or
malicious
> attacks in the 5 years I'd been online, I kept a low profile, never
bothered
> with chatrooms or places where you'd be noticed. Also at the time this
> trouble started I had no protection as my norton internet security had
> corrupted and I uninstalled it and hadn't reinstalled it yet. Anyway I was
> on winmx and ran into some racist girl who didn't like the kind of music I
> had shared and she started trying to hack me. All I had was the Winxp
> firewall. I had a bad feeling about her and went to event viewer right
away
> and noticed she was changing IPSec policies and system policies so I
> unplugged and reinstalled Norton Internet Security suite 2004 the next
day.
> I also backed this up with Zone Alarm. Anyway I do a port scan and it
shows
> that my ICMP Ping port, HTTP Port 80 and worse yet my Telnet port 23 are
all
> open. These ports are supposed to be stealthed if not being used and Im
> definately not running anything that uses these ports. This isn't even a
> full port scan just a scan of the most common ones. Also my msnmessenger
> keeps wanting to open up as a server, I turn it off and it wants to open
up
> again though I can deny it with my firewall.
> How do I close these ports manually? Or how do I find out what is using
> these ports? Also is there anywhere I can go to find out what policy
> changes she made? My virus scan shows there is no virus or trojan horse
> present. any advice would be apreciated. Thanks in advance.
>
> zigzag

I just noticed something. Looking through the program access in both
firewalls I see a
program called "generic host process for win 32 services" and it's wanting
server rights, or access or whatever you want to call it. I don't know what
this is, or what is keeping my ports open when they should be stealth. Does
anyone know what this is?

Relevant Pages

  • Re: How do I stop the mydoom virus?
    ... that won't stop the virus from spreading via email because the virus is ... already on the wrong side of your firewall. ... If you block these ports ... that range may not apply to the variant you have on your network. ...
    (microsoft.public.exchange.admin)
  • Re: Trouble accessing Outlook Web Access from behind firewall
    ... When starting the firewall I also set ... > rejected and dropped packets are logged, however I see nothing in my log ... > # Higher ports needed to accept incoming/outgoing calls ...
    (comp.security.firewalls)
  • Re: iptables configuration
    ... >> that if a 'virus/trojan' initiated a connection to the net, the firewall ... >> would not protect the LAN. ... The LAN is NATed with private IPs to one public IP. ... the ports that are used by services running on linux. ...
    (comp.os.linux.security)
  • Re: Norton Personal Firewall 2003
    ... |> First thing I would do is put the GRC test site into the Exclusions ... | ports they will not get the same result being in my blocklist, ... the firewall checks unsolicited inbound communications attempts. ...
    (comp.security.firewalls)
  • Re: How to stealth against ping/echo requests?
    ... I just started using the Online-Armor firewall. ... Some ports are even open. ... Are you behind a router? ... Every time it founds a new LAN, it asks if you want to trust it ...
    (comp.security.firewalls)