HACKERS?

oldtimer

Geriatrix
[OP]
Regulars
Jun 19, 2005
174
0
Dear friends, This is an sos :eek: please help!!I connected to bsnl yesterday, with my winxp +sp2 (dual boot with win98). I was surprised to find some UNKNOWN heavy traffic of over 40mb in just half an hour. My browser was idle but still the status indicator showed heavy traffic. (I checked my service records at BSNL today and confirmed it.) i had recently installed winamp, but no other s/w. I even disabled automatic updates.My windows (microsoft) firewall is active and in a hurry i even installed zonealarm firewall but to no avail. Now every time i connect, this repeats. i am doing this post with my good old dialup. Are there possibly any vulnerabilities with winxp+sp2 with which some hacker might have compromised my system? Even spybot S&D, Adaware and cwshredder could not helptyoldtimer
 

muttster`

Regulars
Regulars
Mar 25, 2005
714
4
Also scan with a nice antivirus like KAV or AVG...might be a worm
 


pawanrh

Regular
Regulars
Aug 18, 2005
153
0
Are you sure its no software trying to update or so? Could you give a list of known software you are using currently?If possible just give a list of processess running on your system..
 

anirban76

Newbie
Aug 24, 2005
8
0
I faced the same situation. In 4 days time I uploaded 136MB, when I couldn't open a single page. I had to format and install WinXP, McAfee, Zone Alarm and Microsoft Anti spyware before I connect. Now it is running very smooth. Check if in your harddisk some files of name similar to *ftp has been installed. Its a dangerous worm. It occupies 100% bandwidth.
 

rajpat7

Newbie
Aug 31, 2005
8
0
Originally posted by oldtimer@Sep 7 2005, 04:40 PM
Dear friends,

This is an sos :eek: please help!!
I connected to bsnl yesterday, with my winxp +sp2 (dual boot with win98). I was surprised to find some UNKNOWN heavy traffic of over 40mb in just  half an hour. My browser was idle but still the status indicator showed heavy traffic. (I checked my service records at BSNL today and confirmed it.) i had recently installed winamp,  but no other s/w. I even disabled automatic updates.
My windows (microsoft) firewall is active and in a hurry i even installed zonealarm firewall but to no avail. Now every time i connect, this repeats. i am doing this post with my good old dialup.

Are there possibly any vulnerabilities with winxp+sp2 with which  some hacker might have compromised my system?  Even spybot S&D, Adaware and cwshredder could not help
ty
oldtimer
[snapback]24303[/snapback]
[/quote]
TRY THIS!
You can watch windows Task Manager for online process and can decide which is not required and end process.
Secondly you can run msconfig and go to startup for program not requied in startups.
 


vikikivi

Regular
Regulars
Jun 23, 2005
158
4
I believe some trojan/worm is doing this nasty thing. Somebody wud hv installed a keylogger in ur maching which updates very frequently the text and the screenshots to the ftp site. But u say tat u hv zone alarm now.Give us a list of all the softwares installed in ur system.
 

oldtimer

Geriatrix
[OP]
Regulars
Jun 19, 2005
174
0
Hi friends,Thank you for the prompt responses. I think the whole alarm was on account of my lack of familiarity with xp. When my engineer came to install my line about 3days ago, he apparently d/loaded and installed sp2, using his own account and i took it for granted. However, when this problem came up, i tried to read up about the Windows firewall from the MS online knowledge base. I discovered that the SP2 should have added a new item to my control panel, but it hadn't! also, the firewall was still being called ICF. So i went back to the sp2 download site and discovered for the first time that the size of SP2 download was like 113MB!!i tried the download again. This time i discovered that my earlier d/lds had not been complete! I had finished only 84 of the 113MB. The remaining started coming in. I then guessed that it was my winxp trying to complete the transfer. I am very new to xp and could not believe that an update could be 113MB!needless to say, after the installation was completed, the connection has been very quiet!!BIG question: is it because the firewall has started working well? Or is it because the update is complete? I guess I will never know! Like the story of Vikramaditya and the ghost.!! Thanks friends, i know i can count on you when the going gets rough!
 

pupudada

Regulars
Regulars
May 11, 2005
409
1
no updates requires that much d/load. am sure that the machine is compromised. recommend that you run d/load `hijackthis' (link given below) and run the same.. it gives you a log file which gives a lot of details and which helps in tracing the problems in your pc.. :) pupudada

Code:
http://www.majorgeeks.com/download3155.html