New User? Need help? Click here to register for free! Registering removes the advertisements.

Computer Cops
image image image image image image image image
Donations
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
image
Prime Choice
· Head Lines
· Advisories (All)
· Dnld of the Week!
· CCSP News Ltrs
· Find a Cure!
· Ian T's (AR 24)
· Marcia's (CO8)
· Bill G's (CO12)
· Paul's (AR 5)
· Robin's (AR 2)
· Ian T's Archive
· Marcia's Archive
· Bill G's Archive
· Paul's Archive
· Robin's Archive
image
Security Central
· Home
· Wireless
· Bookmarks
· CLSID
· Columbia
· Community
· Downloads
· Encyclopedia
· Feedback (send)
· Forums
· Gallery
· Giveaways
· HijackThis
· Journal
· Members List
· My Downloads
· PremChat
· Premium
· Private Messages
· Proxomitron
· Quizz
· RegChat
· Reviews
· Google Search
· Sections
· Software
· Statistics
· Stories Archive
· Submit News
· Surveys
· Top
· Topics
· Web Links
· Your Account
image
CCSP Toolkit
· Email Virus Scan
· UDP Port Scanner
· TCP Port Scanner
· Trojan TCP Scan
· Reveal Your IP
· Algorithms
· Whois
· nmap port scanner
· IPs Banned [?]
image
Survey
How much can you give to keep Computer Cops online?
$10 up to $25 per year?
$25 up to $50 per year?
$10 up to $25 per month?
$25 up to $50 per month?
More than $50 per year?
More than $50 per month?
One time only?
Other (please comment)



Results
Polls

Votes: 1194
Comments: 21
image
Translate
English German French
Italian Portuguese Spanish
Chinese Greek Russian
image
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin   Your Favorite ForumsFavForums 

Delta Source Trojan

 
Post new topic   This topic is locked you cannot edit posts or make replies       All -> FavForums -> Site Toolkit
View previous topic :: View next topic  
Author Message
Forumdiva

Cadet
Cadet



Joined: Mar 13, 2004
Posts: 5
Location: UK
PostPosted: Thu Apr 01, 2004 10:24 am    Post subject: Delta Source Trojan
Reply with quote
Help!

Please see text below after TCP Port Scan:

ESTABLISHED CONNECTION: Possible DeltaSource Trojan found on port 6883.

Only problems I have is that a web site I have visited recently appears in my firewall outgoing connections when Outlook connects to my pop3 server. Log below.
OS Win2kPro, stand alone PC Office XP 2002.

Allow activity for application OUTLOOK.EXE OUTLOOK.EXE 01/04/2004 13:58:42 pop.ntlworld.com POP3 Outbound TCP 1099 LocalHost 00:00:00 44 bytes 119 bytes 163
Allow activity for application SERVICES.EXE SERVICES.EXE 01/04/2004 13:58:42 cache2.ntli.net DNS Outbound UDP 1098 LocalHost 00:00:00 78 bytes 62 bytes 140
Allow activity for application OUTLOOK.EXE OUTLOOK.EXE 01/04/2004 13:58:21 pop.ntlworld.com POP3 Outbound TCP 1095 LocalHost 00:00:21 0 bytes 0 bytes 0
Allow activity for application OUTLOOK.EXE OUTLOOK.EXE 01/04/2004 13:58:30 www.vineycommunications.co.uk

Any help greatly appreciated.

Kind regards,
Christine.
Back to top
View users profile Send private message
Prince_Serendip

AVPE Host
Premium Member
Premium Member


Joined: Sep 07, 2002
Posts: 1026
Location: Canada
PostPosted: Thu Apr 01, 2004 10:53 am    Post subject:
Reply with quote
FYI: Malware-Info: Backdoor.Deltasource.07

The term Backdoor describes a specific group of Trojan Horses. As Trojans, they are not able to spread to other computers. Backdoors allow attackers full control over the victim's PC. Mostly they are split into 3 parts:

Server
The part which is put on the victim's PC and takes control over the PC.

Client
A little program used by the attacker to connect to the server and control the computer.

Editor
An additional tool to create the server program. It allows the attacker to create an unique server and allows him to set all options and rules for the server.

Backdoors are wide spread today. They are one of the most dangerous software programs for users surfing the web beside Worms, Dialers, Spyware and Trojans.


You can download the 30-day trial of TrojanHunter. Run it. Then do the following:

Please follow these directions:

From Computer Cops get the Direct-Download of HijackThis. It's zipped.

Unzip the download (using a piece of software like Winzip). Create a folder in My Documents and unzip HijackThis into the new folder and run it from there.

Doubleclick on HijackThis.exe from the unzipped archive and press the "Scan" button.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press this button, and save the log to the same folder as HijackThis.

IMPORTANT NOTE: Most of what HijackThis lists will be harmless or even required, so do NOT fix anything yet.

Next, go to the Spyware-HijackThis Forum and press "New Topic".

Be specific in explaining your issue. Please tell us what you are experiencing on your computer. For example, has it slowed down, getting weird pop-ups, homepage has been changed, etc? Then copy and paste the contents of your entire HijackThis log into your new topic thread.

Open the Log with Wordpad (for example), Press Ctrl + A to highlight all, then Press Ctrl + C to copy it. To put it in your post, position the cursor on the page and press Ctrl + V.

Someone here will be happy to help you analyze the results..

Best regards and Welcome to Computer Cops! Very Happy

So how did you get infected in the first place?

PLEASE READ THIS BEFORE YOU POST:

Computer Cops: Spyware - HijackThis: Posting Guidlines
_________________
ASAP Expert | Please donate to Computer Cops!
Back to top
View users profile Send private message
Forumdiva

Cadet
Cadet



Joined: Mar 13, 2004
Posts: 5
Location: UK
PostPosted: Thu Apr 01, 2004 11:00 am    Post subject:
Reply with quote
Hi & Thanks for the welcome & swift reply.

I've ran TH & Stinger .. Have McAffe running & up-to-date and so is the firewall.

Diva.
Back to top
View users profile Send private message
Mariner

Site Moderator
Site Moderator
Premium Member
Premium Member


Joined: Aug 25, 2003
Posts: 1908
PostPosted: Wed Apr 07, 2004 9:44 pm    Post subject:
Reply with quote
You're welcome; glad we were able to help. Smile

NOTE: This thread is now closed. Should you need it reopened, please PM a mod.
Everyone else having a similar issue, please launch a new topic for yourselves.
Back to top
View users profile Send private message
Display posts from previous:   
Post new topic   This topic is locked you cannot edit posts or make replies       All -> FavForums -> Site Toolkit All times are GMT - 5 Hours
Page 1 of 1

 
 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB 2.0.8a © 2001 phpBB Group

Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
Home · Topics · Submit News · Top 10
This entire site, Cops Themes, and Computer Cops are © 2002 - 2004 Computer Cops, LLC. All rights reserved.
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Acceptable Use Policy. Use signifies your agreement.
Engine Copyright © 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member.
Paul Laudanski, Member of Computer Cops, LLC
Server Load: 1378 pages served in previous 5 minutes. Page Rendered: 0.448 seconds.