What is this?????????

[Guest]

hi all
First off i was on msn chattin,when suddently it was disabled,yet i still
had internet connection...i tried the troublshooter in msn connection options
but stil nothing...So i went to network connections n my control panel to
troubleshoot it there...But in the panel i quickly discoved i have another
connection besides my lan...I dont know what this is but its new and i cant
disable it either,and when i click and go into it under support and
details...i read a wierd ip addy along with under where my lease expires it
reads 12/31/1969 7:00:02pm....Im thinking wtf..Then i go into norton to
hopefully see info on any detections,connections,alerts anything.so i go into
the log viewer and under alerts i read Rule "Default Block Orifice 2000
Trojan horse"blocked(IP##,Back-Orifice-2000-1(54321)).... Is this related to
that extra connection i see...Im really confused right now and hope someone
here understands my situation and how to deal with it.. and i tried norton
for help and they have no info on that trojan horse they detected,or anything
else....pls help me out with this

 

[Osiris]

hi all
First off i was on msn chattin,when suddently it was disabled,yet i still
had internet connection...i tried the troublshooter in msn connection options
but stil nothing...So i went to network connections n my control panel to
troubleshoot it there...But in the panel i quickly discoved i have another
connection besides my lan...I dont know what this is but its new and i cant

what is it then ?

disable it either,and when i click and go into it under support and
details...i read a wierd ip addy along with under where my lease expires it
reads 12/31/1969 7:00:02pm....Im thinking wtf..Then i go into norton to
hopefully see info on any detections,connections,alerts anything.so i go into
the log viewer and under alerts i read Rule "Default Block Orifice 2000
Trojan horse"blocked(IP##,Back-Orifice-2000-1(54321)).... Is this related to

if the log says it blocked it, GOOOOD !

that extra connection i see...Im really confused right now and hope someone
here understands my situation and how to deal with it.. and i tried norton
for help and they have no info on that trojan horse they detected,or anything
else....pls help me out with this

tighten security of your firewall
Update the viris scanner, get trial versions of some other virus
scanners, get spybot and adaware.
Unplug from the internet as soon as possible.
run all the antivirus stuff you can lay your hands on
run spybot and adaware.

More info needed

 

[Guest]

thanks alot for replying back i appreciate it....but when u say unplug from
the internet asap are u serious?I mean is it that serious? sorry im shocked
by that....Also wanna say im running spy sweeper,and wondering if u still
recomend me to download adaware?

 

[Maurice N ~ MVP]

Unplug the cord connection from your pc to the modem or router. Run Spy Sweeper & your antivirus in (1) Safe mode and save results, and (2) repeat in normal mode. Intrusive malware needs to be cleaned right away. (I'm presuming all your AV & Spy Sweeper hasve the latest definitions).
Once the system is clean, reconnect the modem/router connection.

Make very sure your system does not have malware.
See <http://www.elephantboycomputers.com/page2.html#Removing_Malware>

Sysclean would be a good first run for virus check. Just be sure to also run other spyware / malware checks.

The cleanup sequence I tend to follow is: Coolweb Shredder first, followed by Adaware, SYSCLEAN, and Antivirus check with current updates.

See The Parasite Fight Quick Fix Protocol at
http://www.aumha.org/a/quickfix.htm

See Dealing with Unwanted spyware and parasites at
http://mvps.org/winhelp2002/unwanted.htm

 

[Guest]

thanks u so much for taking the time and trying to help me out...im going try
all those steps immediately once im done here...and as for those step listed
below your paragraph,should i do these* before or after* i unplug and go
tthrough those scans? thanks again

 

[Maurice N ~ MVP]

First make sure your antivirus & Spy sweeper have the latest definitions (updates). Then unplug. Then run the tests.

 

[Guest]

Well i ran through all the steps as u specifically suggested for me to do.and
yes my software was all updated before... So basically whatever that other
connection was,well its is gone now... but im kinda shocked norton
spysweeper,adaware etc..did not pick up on any virus,spyware or
anything...which is kinda odd,but what do i know lol,at least that connection
is gone or at least i hope so...do u think i still could have a
problem?anyway thanks again and take care

 

[Maurice N ~ MVP]

You "may" have had an IRC-based malware. I want to emphasize that even though you used 1 AV & 2 anti-malware apps, sometimes it takes the running of even more tools to nail something & clean it out.

For (and in) Internet Explorer browser, disable 2 "Install on Demand" settings --to reduce chances of unfriendly websites doing a browse-by install.
IE> Tools > Internet Options>select Advanced Tab---

in the column "Browsing" disable (un-check/un-tick) "Enable Install on Demand (Internet Explorer)
and also disable (un-check) "Enable Install on Demand (Other).
Appy changes and exit.

(to be sure to see all folders)
Check the Windows Explorer "View" options --- set it to show you all folders; all system folders; & hidden files.
Bring up Windows Explorer / Tools / Folder Options/ select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

Apply changes & Exit out of Internet Explorer.

Then get and run Ewido anti-malware.

download ewido Security Suite from http://www.ewido.net/en/download
Install ewido security suite
When installing, under "Additional Options" *uncheck* "Install background guard" and "Install scan via context menu."
Launch ewido, there should be a big "E" icon on your desktop, double-click it.
The program will prompt you to update click the "OK" button
The program will now go to the main screen

You will need to update ewido to the latest definition files.

On the left hand side of the main screen click "update"
Click on "Start".

The update will start and a progress bar will show the updates being installed.
After the updates are installed, exit ewido. Logoff Windows and restart in SAFE mode. Run Ewido & save the report / log.
Restart in normal Windows and visit Aumha forum.
Take a look at this forum section http://aumha.net/viewforum.php?f=30
Read and follow the Topmost annoucement about directions and tools. (Join, it's free) and then make a post there with all your info, including the Ewido report.
I'll keep my eyes & ears open for your post.

Do NOT post any logs here in this newsgroup.

 

[Guest]

hey again,well i modified my browsers settings along with everything else and
downloaded what u wanted me too,but i couldnt exactly find the program titled
ewido security suit,itstead its called ewido anti-spyware 4,and during the
download process i didnt have a advance option choice pop up anywhere;so i
hope that was the right doenload since it was the only one...Anyway i
downloaded it updated it >rebooted and ran it in safe mode with no results in
my log file,exept a few cookies..so i dunno what to say....All i know is that
i keep constinatly getting alerts from norton now about that
Back-Orifice-2000-1(54321)) and my alert logs are filled with this... so i
saved the log on file in case u would like to see it...And As for my browswer
settings and such,should i revert them back to the previous default settings?
Thanks once again for all your guidence and help...

 

[Maurice N ~ MVP]

You'll need to run other tools besides Ewido and also look at the "startup" program vectors on your system.

I recommend Mike Lin's Startup Control Panel
http://www.mlin.net/StartupCPL.shtml

Review the Startup common & Startup user sections.

See "The Parasite Fight" at AumHa
http://www.aumha.org/a/parasite.htm

Focus on the section "ANTI-PARASITE QUICK-FIX PROTOCOL"

and then get & use Ad-Aware & Hijackthis & save the logs

Join & make a new post with all details
http://aumha.net/viewforum.php?f=30

More detailed help can be provided at an anti-malware forum (since for one thing, we don't want to bloat this newsgroup with logs !).