Hacked In Half an Hour

Discussion in 'Broadband' started by Gelf, Nov 21, 2004.

  1. Gelf

    Gelf Guest

    A cautionary tale:
    I finally had time to set up my new Demon Home500 ADSL yesterday.
    Things didn't go too well initially with the modem/router I was using,
    so I messed about with various settings, including turning Sygate off
    (!) temporarily.

    Still no joy, so I resorted to the supplied Alcatel USB modem. For
    once I (foolishly) follwed the instructions and turned off my
    anti-virus prog prior to installation.

    Eventually I got things running after a call to Demon tech support
    (0871, but at least they answer straight away!) - I'd just got host
    name and ADSL login confused.

    So then I was up and running but suddenly the whole PC seemed to slow
    down and internet access was like dial up. I looked at the LAN monitor
    and vast amounts of data were going out and not much coming in.

    So I re-enabled Sygate rapid and discovered a nasty little Trojan (or
    was it a worm?) trying to dial out. It was called iexplore32cb.exe in
    the system32 folder.

    I hadn't been on any dodgy sites - just Google and some tech support
    sites.
    So watch out! It doesn't take long to get hacked when you are
    unprotected! All in less than half an hour.

    I think it also shows the value of a software firewall, which others
    were saying wasn't necessary in this NG recently. At least it shows if
    something is trying to phone home and the name of the program.

    Gelf
     
    Gelf, Nov 21, 2004
    #1
    1. Advertisements

  2. Gelf

    Ade65 Guest

    Is you PC fully patched?
    Because if it was not then you did well lasting half an hour. Better than
    the average in fact.
    http://news.zdnet.com/2100-1009_22-5313402.html
     
    Ade65, Nov 21, 2004
    #2
    1. Advertisements

  3. Gelf

    Vigil Guest

    You had best reformat.
     
    Vigil, Nov 21, 2004
    #3
  4. Gelf

    Gelf Guest

    Why? I have deleted the executable from a DOS boot disk. Do you know
    some more about this Trojan?
    Gelf
     
    Gelf, Nov 21, 2004
    #4
  5. Gelf

    cw Guest

    Run Adaware, Spybot S&D and if you're up to it HiJackThis. Trojans these
    days mostly consist of more than one file. Many have a hidden and
    obfuscated "dropper" which launches different processes. If you kill the
    process it has launched and delete that executable then it just makes
    another one.

    On one hand, most of them can be gotten rid of with some work if you know
    what you're doing. Sometimes they break things though and it is more
    effective to give up and start again.

    I personally have found a combination of the above three programs and
    Avast! Antivirus normally cleans off any machine (one exception recently
    which I think was because the user had been trying to delete stuff himself
    and deleted the wrong thing..)
     
    cw, Nov 21, 2004
    #5
  6. The previous poster was just being facetious. Either that or he's one
    of the zealots. Ignore him.
     
    Mark McIntyre, Nov 21, 2004
    #6
  7. Gelf

    Vigil Guest

    It's the only way to be sure :)
     
    Vigil, Nov 24, 2004
    #7
  8. Gelf

    Somebody Guest

    This is true.

    If you had a Trojan on your system, any kind of additional malicious
    software could have been secretly installed on your PC before you
    removed the Trojan.

    This new software may not show up in AV scans.

    Therefore, it is recommended that to be sure of a clean system, reformat
    and reinstall the OS.
     
    Somebody, Nov 24, 2004
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.