| View previous topic :: View next topic |
| Author |
Message |
slave
Cadet
Joined: Jan 21, 2004
Posts: 7
Location: Thailand
|
 Posted: Thu Jan 22, 2004 12:18 am Post subject: TCP scan (a "mild" shock) |
 |
|
Hi
Am most concerned after running your Trojan TCP scan.
I am running KAV45 (updated 6 hours ago), zonealarm and trojancheck6. None of these programs mentions any trojan. Could it be that they do not detect any of these? Are these real trojans?
I also ran spyhunter which says there may be a spyware called "seekseek" in the registry.
Running Windows98SE with Microsoft updates (only after these updates did my computer slow down a bit)....
Am not very experienced...
Any suggestion is appreciated.
ESTABLISHED CONNECTION: Possible Nerte 7.8.1 Trojan found on port 21.
ESTABLISHED CONNECTION: Possible TruvaAti 1.2 beta Trojan found on port 23.
Connection Refused: Port 31 used by Master Paradise.
ESTABLISHED CONNECTION: Possible Nerte 7.8.1 Trojan found on port 80.
Connection Refused: Port 121 used by BO jammerkillahV.
Connection Refused: Port 456 used by Hackers Paradise.
Connection Refused: Port 555 used by NeTadmin.
Connection Refused: Port 654 used by HoaVelu.
Connection Refused: Port 666 used by Attack FTP.
Connection Refused: Port 777 used by AIM Spy Application.
Connection Refused: Port 911 used by Dark Shadow.
Connection Refused: Port 999 used by Deep Throat.
Connection Refused: Port 1001 used by Silencer, WebEx.
Connection Refused: Port 1010 used by Doly trojan v1.35.
Connection Refused: Port 1011 used by Doly Trojan.
Connection Refused: Port 1015 used by Doly trojan v1.5.
Connection Refused: Port 1024 used by Netspy1, YAI.
Connection Refused: Port 1033 used by Netspy2.
Connection Refused: Port 1042 used by Bla1.1.
Connection Refused: Port 1080 used by Wingate.
Connection Refused: Port 1170 used by Streaming Audio Trojan.
Connection Refused: Port 1243 used by SubSeven.
Connection Refused: Port 1245 used by Vodoo.
Connection Refused: Port 1269 used by Maverick's Matrix.
Connection Refused: Port 1492 used by FTP99CMP.
Connection Refused: Port 1509 used by Psyber Streaming Server.
Connection Refused: Port 1600 used by Shiva Burka.
Connection Refused: Port 1807 used by SpySender.
Connection Refused: Port 1979 used by ZSpyII 0.99 Beta.
Connection Refused: Port 1980 used by ZSpyII 0.99 Beta.
Connection Refused: Port 1981 used by ShockRave.
Connection Refused: Port 1999 used by Backdoor.
Connection Refused: Port 2001 used by TrojanCow.
Connection Refused: Port 2023 used by Pass Ripper.
Connection Refused: Port 2140 used by DeepThroat, The Invasor.
Connection Refused: Port 2283 used by HVL Rat5.
Connection Refused: Port 2565 used by Striker.
Connection Refused: Port 2583 used by Wincrash2.
Connection Refused: Port 2801 used by Phineas.
Connection Refused: Port 3410 used by Optix Pro 1.1.
Connection Refused: Port 3459 used by Eclipse 2000.
Connection Refused: Port 3791 used by Total Eclypse 1.0.
Connection Refused: Port 4444 used by Avone 2, CrackDown.
Connection Refused: Port 4567 used by FileNail.
Connection Refused: Port 4950 used by IcqTrojan.
Connection Refused: Port 5011 used by OOTLT Cart, Sneak.
Connection Refused: Port 5031 used by NetMetro 1.0.
Connection Refused: Port 5180 used by Peeper 1.2.
Connection Refused: Port 5321 used by Firehotcker.
Connection Refused: Port 5400 used by BackConstruction1.2, BladeRunner.
Connection Refused: Port 5521 used by Illusion Mailer.
Connection Refused: Port 5550 used by Xtcp.
Connection Refused: Port 5569 used by RoboHack.
Connection Refused: Port 5742 used by Wincrash.
Connection Refused: Port 6000 used by The Thing 1.6.
Connection Refused: Port 6400 used by The tHing.
Connection Refused: Port 6669 used by Vampire.
Connection Refused: Port 6670 used by Deep Throath 1,2,3.x.
Connection Refused: Port 6883 used by DeltaSource.
Connection Refused: Port 6939 used by Indoctrination.
Connection Refused: Port 6969 used by GateCrasher.
Connection Refused: Port 7306 used by NetMonitor.
Connection Refused: Port 7614 used by Wollf 1.4.
Connection Refused: Port 7777 used by Enculator 1.0.
Connection Refused: Port 7789 used by ICQKiller.
ESTABLISHED CONNECTION: Possible CANCER 1.0 Trojan found on port 8080.
Connection Refused: Port 8090 used by Aphex's Remote Packet Sniffer 0.1.2.
Connection Refused: Port 9400 used by InCommand 1.0.
Connection Refused: Port 9872 used by PortalOfDoom.
Connection Refused: Port 9875 used by Portal of Doom.
Connection Refused: Port 9989 used by iNi-Killer.
Connection Refused: Port 10607 used by Coma.
Connection Refused: Port 11000 used by Senna Spy Trojans.
Connection Refused: Port 11223 used by ProgenicTrojan.
Connection Refused: Port 11831 used by QwErTos RAT 0.2.
Connection Refused: Port 12076 used by Gjamer.
Connection Refused: Port 12122 used by HellzAddiction 1.15 server.
Connection Refused: Port 12223 used by Hack´99 KeyLogger.
Connection Refused: Port 12345 used by NetBus 1.x.
Connection Refused: Port 12346 used by NetBus 1.x.
Connection Refused: Port 12701 used by Eclipse 2000.
Connection Refused: Port 16661 used by NetGrisch.
Connection Refused: Port 16969 used by Priotrity.
Connection Refused: Port 17300 used by Kuang2 theVirus.
Connection Refused: Port 19949 used by Avone 2.
Connection Refused: Port 20000 used by Millenium.
Connection Refused: Port 20034 used by NetBus 2.x, NetBus Pro.
Connection Refused: Port 20203 used by Logged!.
Connection Refused: Port 20331 used by Bla.
Connection Refused: Port 21554 used by GirlFriend, Schwindler 1.82.
Connection Refused: Port 22222 used by Prosiak 0.47.
Connection Refused: Port 23456 used by UglyFtp, WhackJob.
Connection Refused: Port 23476 used by Donald Dick.
Connection Refused: Port 27374 used by SubSeven 2.2.
Connection Refused: Port 27444 used by Trin00/TFN2K.
Connection Refused: Port 29559 used by AntiLamer BackDoor 1.3, QwErTos RAT 0.2.
Connection Refused: Port 29891 used by The Unexplained.
Connection Refused: Port 30029 used by AOLTrojan1.1.
Connection Refused: Port 30100 used by NetSphere.
Connection Refused: Port 30303 used by Socket23.
Connection Refused: Port 30999 used by Kuang.
Connection Refused: Port 31337 used by Back Orifice.
Connection Refused: Port 31339 used by NetSpy DK.
Connection Refused: Port 31787 used by Hack'a'tack.
Connection Refused: Port 34324 used by BigGluck aka TN, Tiny Telnet Server.
Connection Refused: Port 40412 used by TheSpy.
Connection Refused: Port 40423 used by Master Paradise.
Connection Refused: Port 47891 used by AntiLamer BackDoor 1.3.
Connection Refused: Port 50505 used by Sockets des Trois2.
Connection Refused: Port 50766 used by Fore Schwindler.
Connection Refused: Port 53001 used by RemoteWindowsShutdown.
Connection Refused: Port 54321 used by Schoolbus 1.6.
Connection Refused: Port 56565 used by Osiris v2.
Connection Refused: Port 57341 used by NetRaider.
Connection Refused: Port 58008 used by Tron.
Connection Refused: Port 58009 used by Tron.
Connection Refused: Port 61466 used by Telecommando.
Connection Refused: Port 65000 used by Devil 1.03.
Connection Refused: Port 65535 used by ShitHeep.
4 possible trojans were detected on your system. Recommended solution: update your anti-virus or anti-trojan definitions immediately and then scan your system. For further help, please visit the CCSP Toolkit Forum |
|
| Back to top |
|
 |
Paul
Admin
Joined: Feb 22, 2002
Posts: 4508
Location: USA
|
| Posted: Thu Jan 22, 2004 9:37 am Post subject: |
|
|
Can you run a netstat -an and post it here? Looks like you are running perhaps ftp and web servers?
_________________
http://computercops.biz/ |
|
| Back to top |
|
|
slave
Cadet
Joined: Jan 21, 2004
Posts: 7
Location: Thailand
|
| Posted: Thu Jan 22, 2004 11:32 am Post subject: |
|
|
Hi,
Thanks for advice.
Below the netstat with two windows open (I dont know if that makes any difference...).
Am not running websites but have ftp programs on my computer (but not in use)
Is there any way one can close ports on WIN 98SE (as you see am not experienced with such matters...)
Thanks for any advice.
P.S. I downloaded trojanhunter: it found nothing
then i used cwshredder and it did shred something but no indication what. No it says system is clean.
I also did a portscan from sygate but there it says all tested ports are stealthed (but nobady knows ho many they test).
Aktive Verbindungen
Proto Lokale Adresse Remote-Adresse Status
TCP 0.0.0.0:0 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1056 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1057 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1058 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1059 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1061 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1063 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1064 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1032 0.0.0.0:0 LISTENING
TCP 192.168.2.1:137 0.0.0.0:0 LISTENING
TCP 192.168.2.1:138 0.0.0.0:0 LISTENING
TCP 192.168.2.1:139 0.0.0.0:0 LISTENING
TCP 203.155.182.229:1056 195.186.3.109:80 ESTABLISHED
TCP 203.155.182.229:1057 195.186.3.109:80 ESTABLISHED
TCP 203.155.182.229:1058 195.186.3.109:80 ESTABLISHED
TCP 203.155.182.229:1059 195.186.3.109:80 ESTABLISHED
TCP 203.155.182.229:1061 195.186.3.193:80 ESTABLISHED
TCP 203.155.182.229:1063 195.186.3.193:80 ESTABLISHED
TCP 203.155.182.229:1064 195.186.3.193:80 ESTABLISHED
TCP 203.155.182.229:137 0.0.0.0:0 LISTENING
TCP 203.155.182.229:138 0.0.0.0:0 LISTENING
TCP 203.155.182.229:139 0.0.0.0:0 LISTENING
UDP 127.0.0.1:1026 *:*
UDP 127.0.0.1:1032 *:*
UDP 192.168.2.1:137 *:*
UDP 192.168.2.1:138 *:*
UDP 203.155.182.229:137 *:*
UDP 203.155.182.229:138 *:* |
|
| Back to top |
|
|
slave
Cadet
Joined: Jan 21, 2004
Posts: 7
Location: Thailand
|
| Posted: Thu Jan 22, 2004 11:33 am Post subject: |
|
|
Hi,
Thanks for advice.
Below the netstat with two windows open (I dont know if that makes any difference...).
Am not running websites but have ftp programs on my computer (but not in use)
Is there any way one can close ports on WIN 98SE (as you see am not experienced with such matters...)
Thanks for any advice.
P.S. I downloaded trojanhunter: it found nothing
then i used cwshredder and it did shred something but no indication what. No it says system is clean.
I also did a portscan from sygate but there it says all tested ports are stealthed (but nobady knows ho many they test).
Aktive Verbindungen
Proto Lokale Adresse Remote-Adresse Status
TCP 0.0.0.0:0 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1056 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1057 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1058 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1059 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1061 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1063 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1064 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1032 0.0.0.0:0 LISTENING
TCP 192.168.2.1:137 0.0.0.0:0 LISTENING
TCP 192.168.2.1:138 0.0.0.0:0 LISTENING
TCP 192.168.2.1:139 0.0.0.0:0 LISTENING
TCP 203.155.182.229:1056 195.186.3.109:80 ESTABLISHED
TCP 203.155.182.229:1057 195.186.3.109:80 ESTABLISHED
TCP 203.155.182.229:1058 195.186.3.109:80 ESTABLISHED
TCP 203.155.182.229:1059 195.186.3.109:80 ESTABLISHED
TCP 203.155.182.229:1061 195.186.3.193:80 ESTABLISHED
TCP 203.155.182.229:1063 195.186.3.193:80 ESTABLISHED
TCP 203.155.182.229:1064 195.186.3.193:80 ESTABLISHED
TCP 203.155.182.229:137 0.0.0.0:0 LISTENING
TCP 203.155.182.229:138 0.0.0.0:0 LISTENING
TCP 203.155.182.229:139 0.0.0.0:0 LISTENING
UDP 127.0.0.1:1026 *:*
UDP 127.0.0.1:1032 *:*
UDP 192.168.2.1:137 *:*
UDP 192.168.2.1:138 *:*
UDP 203.155.182.229:137 *:*
UDP 203.155.182.229:138 *:* |
|
| Back to top |
|
|
Paul
Admin
Joined: Feb 22, 2002
Posts: 4508
Location: USA
|
| Posted: Thu Jan 22, 2004 11:35 am Post subject: |
|
|
Interesting... Is this a scan of your IP address or a possible proxy server?
_________________
http://computercops.biz/ |
|
| Back to top |
|
|
slave
Cadet
Joined: Jan 21, 2004
Posts: 7
Location: Thailand
|
| Posted: Thu Jan 22, 2004 11:44 am Post subject: |
|
|
Hm,
Why does it always have to get "interesting" with me???
I'd be happy to be a boring and safe guy...
This printout was when I do netstat -an on my own laptop in DOS.
I am not aware of a proxy server... Unless I am already hyjacked...
.... |
|
| Back to top |
|
|
Paul
Admin
Joined: Feb 22, 2002
Posts: 4508
Location: USA
|
| Posted: Thu Jan 22, 2004 12:12 pm Post subject: |
|
|
When you go to scan your system, does the IP we tell you match your real IP?
_________________
http://computercops.biz/ |
|
| Back to top |
|
|
slave
Cadet
Joined: Jan 21, 2004
Posts: 7
Location: Thailand
|
| Posted: Thu Jan 22, 2004 12:28 pm Post subject: |
|
|
Sorry if I sound stupid, but "scan my system" with what? With your trojan port scanner? The one there is 203.107.130.10.
And even more stupid: where do i see my "real IP..." As I am in Thailand currently this all may have to do with this proxy server thing...
Thanks for enlightening me
_________________
MH |
|
| Back to top |
|
|
slave
Cadet
Joined: Jan 21, 2004
Posts: 7
Location: Thailand
|
| Posted: Thu Jan 22, 2004 12:32 pm Post subject: |
|
|
Just in case it is of any help I did a hijackthis this afternoon (its midnite now here) and include the log below.
Logfile of HijackThis v1.97.7
Scan saved at 15:25:55, on 22.01.04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)
Running processes:
C:\WINDOWS2\SYSTEM\KERNEL32.DLL
C:\WINDOWS2\SYSTEM\MSGSRV32.EXE
C:\WINDOWS2\SYSTEM\SPOOL32.EXE
C:\WINDOWS2\SYSTEM\MPREXE.EXE
C:\WINDOWS2\SYSTEM\THOTKEY.EXE
C:\WINDOWS2\SYSTEM\TCDPLAY.DRV
C:\WINDOWS2\SYSTEM\TWBROWSE.DRV
C:\WINDOWS2\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS2\SYSTEM\ZONELABS\MINILOG.EXE
C:\PROGRAMME\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\AVPCC.EXE
C:\WINDOWS2\SYSTEM\mmtask.tsk
C:\WINDOWS2\EXPLORER.EXE
C:\PROGRAMME\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\AVPM.EXE
C:\WINDOWS2\SYSTEM\SYSTRAY.EXE
C:\WINDOWS2\SYSTEM\PSSOUND.EXE
C:\WINDOWS2\SYSTEM\PSMFCARD.EXE
C:\WINDOWS2\SYSTEM\PWRTRAY.EXE
C:\WINDOWS2\SYSTEM\TOSHIBSU.EXE
C:\PROGRAMME\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\WINDOWS2\LOADQM.EXE
C:\PROGRAMME\WUSB11 WLAN MONITOR\WLAN_CFG.EXE
C:\PROGRAMME\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\AVPCC.EXE
C:\PROGRAMME\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAMME\NIKON\NKVIEW4\NKVWMON.EXE
C:\PROGRAMME\HEWLETT-PACKARD\LASERJET 33XX\HPPDIRECTOR.EXE
C:\WINDOWS2\SYSTEM\WMIEXE.EXE
C:\WINDOWS2\SYSTEM\TAPISRV.EXE
C:\WINDOWS2\SYSTEM\RNAAPP.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS2\SYSTEM\DDHELP.EXE
C:\PROGRAMME\WINCMD\WINCMD32.EXE
C:\WINDOWS2\SYSTEM\PSTORES.EXE
C:\DOWNLOAD\SOFTWARE\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\PROGRA~1\PRIMED~1\PRIMED~1.PAC
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS2\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS2\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PsSound] PsSound.Exe
O4 - HKLM\..\Run: [PsMFCard] PsMFCard.Exe
O4 - HKLM\..\Run: [PowerTray] PwrTray.exe
O4 - HKLM\..\Run: [TOSHIBSU] TOSHIBSU.EXE
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Programme\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [DBAAgent] C:\WINDOWS2\SYSTEM\mpagent.exe
O4 - HKLM\..\Run: [WLAN_Cfg.exe] C:\Programme\WUSB11 WLAN Monitor\WLAN_Cfg.exe
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Programme\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Programme\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [AVPCC] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [THotkey] THotkey.Exe
O4 - HKLM\..\RunServices: [TCDPlay] TCDPlay.drv
O4 - HKLM\..\RunServices: [TWBrowse] TWBrowse.drv
O4 - HKLM\..\RunServices: [TSPower] SPower.drv
O4 - HKLM\..\RunServices: [TWarmBay] TWarmBay.drv
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS2\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS2\SYSTEM\ZONELABS\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [AVPCC Service] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /service
O4 - Startup: NkVwMon.exe.lnk = C:\Programme\Nikon\NkView4\NkVwMon.exe
O4 - Startup: HP LaserJet Director.lnk = C:\Programme\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Programme\Zone Labs\ZoneAlarm\zonealarm.exe
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~3\PLUGINS\npqtplugin.dll
O12 - Plugin for .TIF: C:\PROGRA~1\INTERN~3\PLUGINS\npqtplugin3.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v00...ontrol.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/Shar.../cabsa.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/148637b2dd420697e0...xIE601.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc...tor/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar...vSniff.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C...9954976852
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2003...scan53.cab
_________________
MH |
|
| Back to top |
|
|
Paul
Admin
Joined: Feb 22, 2002
Posts: 4508
Location: USA
|
| Posted: Thu Jan 22, 2004 12:56 pm Post subject: |
|
|
So it sounds like you are going thru a proxy of sorts. Have you tried the reveal your IP? Does it show your true IP?
_________________
http://computercops.biz/ |
|
| Back to top |
|
|
slave
Cadet
Joined: Jan 21, 2004
Posts: 7
Location: Thailand
|
| Posted: Thu Jan 22, 2004 10:04 pm Post subject: |
|
|
| Where do I find the "reveal your ip" function? |
|
| Back to top |
|
|
Paul
Admin
Joined: Feb 22, 2002
Posts: 4508
Location: USA
|
| Posted: Fri Jan 23, 2004 3:24 pm Post subject: |
|
|
In the CCSP Toolkit menu web page right:
http://computercops.biz/modules.php?name=Reveal_IP
_________________
http://computercops.biz/ |
|
| Back to top |
|
|
Guest
|
| Posted: Fri Jan 23, 2004 9:01 pm Post subject: |
|
|
Hi Paul,
The IP adress is reported to be 203.107.130.10.
F.Y.I.: I am running Zonealarm, have downloaded and am running Kaspersky Anti-Virus. CWshredder found nothing. Am now once again trying with spyhunter, trojanhunter and pestpatrol and will report.
The computer often - but not always - does not want to shut down. Often it is hanging on the rundll32.exe? Just in case that might give a hint.
Thanks again for your help!
Manny |
|
| Back to top |
|
|
phoenix22
Site Admin
Premium Member
Joined: Mar 08, 2002
Posts: 3900
Location: "Div. Stand By"
|
| Posted: Fri Jan 23, 2004 10:57 pm Post subject: |
|
|
do you have the 98se shutdown fix loaded from windows update??
_________________
"De Oppresso Liber" (We Liberate the Oppressed) Holy Shinola Bat Babe! "Phoenix Flight"....for Buddy...who lived it! |
|
| Back to top |
|
|
Guest
|
| Posted: Sat Jan 24, 2004 1:43 am Post subject: |
|
|
| Yes, all Windows updates (except Media player which I do not use) are done. This one was - I believe - 239887UN.inf? |
|
| Back to top |
|
|
|
|
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
