Tweet
Does anyone know how to figure out which peer mp3 program hacked into one's own comp? I was gone on vacation and my roommate shut off the firewall stuff and I came back to a comp full of mp3's hidden on my disk as gifs and jpegs in the temp file...they had system priorities as well...good trick. I think I owe them a bit of payback and may even be flooding some of their sheep users, but I need to figure out who they are...
-
-
Originally posted by nixtr
Definate infection of some sort, I'd blame a trojan more than likely..however there are a few virii that rename mp3s to .gif and .jpg - head to Housecall and get a free online scan (disable any antivirus you have as it'll fight with it) Housecall is one of the best and most trusted for scanning and finding infections on any Windows OS in my opinion.
Qu|rk- -
Originally posted by Qu|rk
I agree, Housecall is great++..: Grifter :.
Comment
-
creepy, check log files
if some one did hack your box, (assuming they are good)
there won't be a log.
It's P2P so it's safe to assume that it's virus (as already stated) but they have to be executed if it was from a P2P
program, as i understand it, point im trying to make is question your roomie about anything that he downloaded.
-enCode
P.S.
hope that helpsThe only stupid question is the one that you dont ask.
Or the one that ends up in dev/null.Comment
-
nixtr
if you haven't already removed the threat you can try to find out if it's trying to make outside connections. tcpview can show you realtime netstat, plus more. if you see unwanted connections check where they are going. do an arin whois. run some nmaps. if they're good you won't find anything useful, but it's worth a try.
m3m3ticComment
-
thanks for the tips
Thanks for the housecall tip...it found a couple things that spy sweeper and pest patrol had missed. I have been using Colasoft capsa to track my traffic and have found nothing getting in or out in packet form (also due to my reinitiating Zonealarm pro). If it runs pre windoze then at least its not able to do anything that i can see and my speed, etc. is fine. But I do have 4 svchost.exe running in processes...never looked at a virgin xp pro install to see how many are actually supposed to run...the suspicioius thing about them is that some are all caps and some cap the first letter and some are all lowercase...so that always seems fishy to me.Comment
-
One more thing
I am sure that it is a P to P music site that did it because of the number of access attempts I get from unprotected comps. I ping them back and about half of them have open unsecured ports...lol. So my IP must be on their database of available sources of Rob Zomboni or White Scraps bootleg mp3's.Comment
Comment