Determining whose music program hacked my comp

nixtr replied

April 3, 2004, 06:47
One more thing

I am sure that it is a P to P music site that did it because of the number of access attempts I get from unprotected comps. I ping them back and about half of them have open unsecured ports...lol. So my IP must be on their database of available sources of Rob Zomboni or White Scraps bootleg mp3's.
Leave a comment:
nixtr replied

April 3, 2004, 06:27
thanks for the tips

Thanks for the housecall tip...it found a couple things that spy sweeper and pest patrol had missed. I have been using Colasoft capsa to track my traffic and have found nothing getting in or out in packet form (also due to my reinitiating Zonealarm pro). If it runs pre windoze then at least its not able to do anything that i can see and my speed, etc. is fine. But I do have 4 svchost.exe running in processes...never looked at a virgin xp pro install to see how many are actually supposed to run...the suspicioius thing about them is that some are all caps and some cap the first letter and some are all lowercase...so that always seems fishy to me.
Leave a comment:
m3m3tic replied

April 1, 2004, 19:39
nixtr

if you haven't already removed the threat you can try to find out if it's trying to make outside connections. tcpview can show you realtime netstat, plus more. if you see unwanted connections check where they are going. do an arin whois. run some nmaps. if they're good you won't find anything useful, but it's worth a try.

m3m3tic
Leave a comment:
enCode replied

March 31, 2004, 21:36
creepy, check log files
if some one did hack your box, (assuming they are good)
there won't be a log.
It's P2P so it's safe to assume that it's virus (as already stated) but they have to be executed if it was from a P2P
program, as i understand it, point im trying to make is question your roomie about anything that he downloaded.
-enCode
P.S.
hope that helps
Leave a comment:
Grifter replied

March 31, 2004, 09:12
Originally posted by Qu|rk

Housecall is one of the best and most trusted for scanning and finding infections on any Windows OS in my opinion.

Qu|rk-

I agree, Housecall is great++.
Leave a comment:
Qu|rk replied

March 31, 2004, 03:35
Originally posted by nixtr

I came back to a comp full of mp3's hidden on my disk as gifs and jpegs in the temp file...they had system priorities as well...good trick.

Definate infection of some sort, I'd blame a trojan more than likely..however there are a few virii that rename mp3s to .gif and .jpg - head to Housecall and get a free online scan (disable any antivirus you have as it'll fight with it) Housecall is one of the best and most trusted for scanning and finding infections on any Windows OS in my opinion.

Qu|rk-
Leave a comment:
nixtr started a topic Determining whose music program hacked my comp

March 31, 2004, 02:35
Determining whose music program hacked my comp

Does anyone know how to figure out which peer mp3 program hacked into one's own comp? I was gone on vacation and my roommate shut off the firewall stuff and I came back to a comp full of mp3's hidden on my disk as gifs and jpegs in the temp file...they had system priorities as well...good trick. I think I owe them a bit of payback and may even be flooding some of their sheep users, but I need to figure out who they are...
Tags: None

Announcement

Determining whose music program hacked my comp

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment: