Over the last few weeks I've been dealing with Trojans on my system. I was able to eliminate what I thought was all of it, until I started reading the logs from the PCChilling firewall I recently installed. There are still attempts at entering my system by this Trojan, and there is a IP associated with it. I don't know all that much about networks, so my question is what could/should I do about it? Would having an IP give me any sort of ammo to go after the person attacking my system?
iNVAR
01-24-2003, 07:21 PM
could just be someone else's computer on the same ISP was trojaned too. this is especially noticeable on cablemodem services where everyone's on the same 'line', per se.
Actually, the IP does appear to be from the same cable network I am on. :(
iNVAR
01-24-2003, 07:30 PM
yeah, ignore it. when i first got my cable service, i emailed them about it and they never responded. *shrug*
Bohica
01-24-2003, 08:09 PM
Your firewall may catch attempts to login via a trojan, but that doesn't necessarily mean you're infected. Many times it's just someone sweeping an IP block looking for someone who's infected.
Xaphan
01-24-2003, 10:53 PM
yes, exactly...more likely than not it is a sweep, looking for that trojan on your system. The only real safe thing to do is to format, but you are pretty good if you're running virus scan and a firewall now...just monitor the traffic going out and in..thats most important.
A good example of this "type" of sweep is that our web server at work gets hit every day by people looking for known vulnerabilities...
Well it turns out I was infected with Bionet, apparently a pretty nasty Trojan. I'm pretty sure I've removed all of the components of it, but I will be monitoring traffic on my system much more closely now. I was also infected with ZCREW but that was fairly easy to remove. I've since installed the trial version of pc-cillin and uninstalled Norton, and have run TrendMicro's Housecall about a dozen times in the last few days. Hopefully this is the last of it.
Thanks for the help.
iNVAR
01-25-2003, 01:34 AM
you need to stop getting infected with stuff ;)
SHAZBOT!!!!! When I try to connect to irc.dynamix.com on port 6667, pc-cillin tells me it's blocking outgoing trojan backdoor BIONET, which tells me I'm still infected. I thought I had it licked last night. Now I'm afraid to use mIRC. How the fuck do I get rid of this thing?
Xaphan
01-25-2003, 01:07 PM
sounds like your mIRC could be fucked, too...try deleting the folder and installing again
I tried that twice already. I even tried downloading install files from different mirrors, thinking my install file was corrupted. Uninstalled, deleted folder and registry entries, reinstalled, same shit.