Re: help recovering from hack

From: Bill Unruh (unruh_at_string.physics.ubc.ca)
Date: 10/29/04 

Date: 28 Oct 2004 22:39:54 GMT

"zigzag" <billybumbler@fartmail.com> writes:

]Hi I could use a bit of help from someone in the know I'll just start from
]the beginning

] Until a few days back I had never had any trouble with virus or malicious
]attacks in the 5 years I'd been online, I kept a low profile, never bothered
]with chatrooms or places where you'd be noticed. Also at the time this
]trouble started I had no protection as my norton internet security had
]corrupted and I uninstalled it and hadn't reinstalled it yet. Anyway I was
]on winmx and ran into some racist girl who didn't like the kind of music I
]had shared and she started trying to hack me. All I had was the Winxp
]firewall. I had a bad feeling about her and went to event viewer right away
]and noticed she was changing IPSec policies and system policies so I
]unplugged and reinstalled Norton Internet Security suite 2004 the next day.
]I also backed this up with Zone Alarm. Anyway I do a port scan and it shows
]that my ICMP Ping port, HTTP Port 80 and worse yet my Telnet port 23 are all
]open. These ports are supposed to be stealthed if not being used and Im
]definately not running anything that uses these ports. This isn't even a
]full port scan just a scan of the most common ones. Also my msnmessenger
]keeps wanting to open up as a server, I turn it off and it wants to open up
]again though I can deny it with my firewall.
] How do I close these ports manually? Or how do I find out what is using
]these ports? Also is there anywhere I can go to find out what policy
]changes she made? My virus scan shows there is no virus or trojan horse
]present. any advice would be apreciated. Thanks in advance.

Advice: Reinstall.

Relevant Pages