View Full Version : This is very irritating
trenzterra
October 3rd, 2002, 22:07
My friend seems to be able to hack inside my computer, changed my sig and my MSN Messenger nickname! He even added some unwanted stuff in my signature!
Jan
October 3rd, 2002, 22:18
That trenz, is NOT a friend. He also posted "on your behalf"
trenzterra
October 3rd, 2002, 22:22
Thanks for informing!
trenzterra
October 3rd, 2002, 22:28
That guy is iRule, just to let you know.
He posted these:
http://www.freewebspace.net/forums/showthread.php?s=&postid=323949#post323949
http://www.freewebspace.net/forums/showthread.php?s=&postid=323950#post323950
http://www.freewebspace.net/forums/showthread.php?s=&threadid=34279&perpage=20&pagenumber=2
Wait, these were what I replied. Read the above.
Jan
October 3rd, 2002, 22:43
Two of those have now disappered now trenz, what an idiot!
trenzterra
October 3rd, 2002, 22:46
Originally posted by Jan
Two of those have now disappered now trenz, what an idiot! Who is an idiot? me?
Jan
October 3rd, 2002, 23:04
No not you :) But you should be careful about giving out too much information about yourself. The internet is not a school playground.
tandoc
October 3rd, 2002, 23:16
Originally posted by Jan
The internet is not a school playground.
speak for yourself :biggrin2:
Ben
October 4th, 2002, 06:23
Trenzterra, here are some steps to tell whether your computer has a trojan in it.
First, go to start>run>command (start>run>cmd if you're using NT/2K/XP).
Then type in "edit netstat.txt". Press Alt-F then let go, then save it, then Alt-X. Now type in
netstat -an > netstat.txt
and type in edit netstat.txt
Look for the following open ports:
27374
31337
12345
12346
1337
22
21
23
80
8080
25
113 (did you turn off fingerd and that other IRC daemon?)
110
139 (turn off file/print sharing!!)
If one is open, PM me and I'll give you the steps to remove the remote administration tool/trojan. (RAT).
Jan
October 4th, 2002, 06:31
Only one way for trenz to remove that RAT, Ben is to disassociate all contact with him :angry2:
Ben
October 4th, 2002, 06:53
Originally posted by Jan
Only one way for trenz to remove that RAT, Ben is to disassociate all contact with him :angry2:
Um, are you getting mad at me? Was it something I said? Are you telling me to stop contacting him? Are you saying I did it?:( :eek:
trenzterra
October 4th, 2002, 07:28
Originally posted by Ben
Trenzterra, here are some steps to tell whether your computer has a trojan in it.
First, go to start>run>command (start>run>cmd if you're using NT/2K/XP).
Then type in "edit netstat.txt". Press Alt-F then let go, then save it, then Alt-X. Now type in
netstat -an > netstat.txt
and type in edit netstat.txt
Look for the following open ports:
27374
31337
12345
12346
1337
22
21
23
80
8080
25
113 (did you turn off fingerd and that other IRC daemon?)
110
139 (turn off file/print sharing!!)
If one is open, PM me and I'll give you the steps to remove the remote administration tool/trojan. (RAT). It doesn't work.
Jan
October 4th, 2002, 07:32
Originally posted by Ben
Um, are you getting mad at me? Was it something I said? Are you telling me to stop contacting him? Are you saying I did it?:( :eek:
No trenz knows what I mean ;)
trenzterra
October 4th, 2002, 07:34
Originally posted by Jan
No trenz knows what I mean ;) I don't.
Why does Ben's solution not work!
Dean
October 4th, 2002, 07:43
Trenz get NIS or somthing
His msn:
parmeet3@hotmail.com
<me have so many 'friends'>
trenzterra
October 4th, 2002, 07:46
now it work
opens:
135
445
1025
1027
1042
1251
5000
139
14667
1042
1251
11972
135
445
500
1026
1031
1038
123
1033
1250
1316
1900
123
137
138
here what it show(have 8080 inside but proxy also port 8080):
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1042 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1251 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING
TCP 169.254.245.226:139 0.0.0.0:0 LISTENING
TCP 169.254.245.226:14667 0.0.0.0:0 LISTENING
TCP 210.24.226.15:1042 64.4.12.35:1863 ESTABLISHED
TCP 210.24.226.15:1251 192.169.34.209:8080 CLOSE_WAIT
TCP 210.24.226.15:11972 0.0.0.0:0 LISTENING
UDP 0.0.0.0:135 *:*
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1026 *:*
UDP 0.0.0.0:1031 *:*
UDP 0.0.0.0:1038 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1033 *:*
UDP 127.0.0.1:1250 *:*
UDP 127.0.0.1:1316 *:*
UDP 127.0.0.1:1900 *:*
UDP 169.254.245.226:123 *:*
UDP 169.254.245.226:137 *:*
UDP 169.254.245.226:138 *:*
UDP 169.254.245.226:1900 *:*
UDP 169.254.245.226:7671 *:*
UDP 169.254.245.226:7829 *:*
UDP 210.24.226.15:123 *:*
UDP 210.24.226.15:1900 *:*
UDP 210.24.226.15:8054 *:*
UDP 210.24.226.15:23646 *:*
Ben
October 4th, 2002, 16:04
I don't like the looks of 23646. It's too high to be legit....
The only matches I could find were:
port 1042 - (TCP) - Bla 1.0 - 2.0
port 5000 - (UDP) - Bubbel, Back Door Setup, Sockets de Troie/socket23
Here is the site I found this info from: http://www.nccn.net/~ncpcug/trojans.htm (google helped me yet again)
Check your WIN.INI for any entries after "load=" or "run=" (without the quotes)
trenzterra
October 4th, 2002, 21:07
LOAD and RUN don't show in win.ini for me.
How do i remove those trojan
Dean
October 4th, 2002, 21:38
http://us.anti-trojan.net/ATro55en.exe
parmeet
October 5th, 2002, 04:48
Trenz get NIS or somthing
His msn:
parmeet3@hotmail.com
<me have so many 'friends'>
There is not only one person named iRule
There can be 100 and thousands with that nick....
That does not mean I was the one who hacked...
I dont even know about the basics of hacking and not even the principles of hacking
It must be someone else
Powered by vBulletin® Version 4.1.7 Copyright © 2012 vBulletin Solutions, Inc. All rights reserved.