Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: Backdoor Trojan found - please help.

  1. 2008-07-11, 00:13 #11
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi Pyrous,

    hows it all looking on your end?

    Didn't see any prompts to do anything else.
    i was calling the blinking cursor the "prompt".
    a long long time ago it was called a command prompt
    its waiting for input from the user

    just copy/paste the code in
    then click enter.
    How Can I Reduce My Risk?
  2. 2008-07-11, 06:42 #12
    Pyrous
    Pyrous is offline
    Junior Member
    Join Date
    Jul 2008
    Posts
    7

    Default

    Think this is the right thing.



    Active Connections

    Proto Local Address Foreign Address State
    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:1109 127.0.0.1:1110 ESTABLISHED
    TCP 127.0.0.1:1110 127.0.0.1:1109 ESTABLISHED
    TCP 127.0.0.1:1111 127.0.0.1:1112 ESTABLISHED
    TCP 127.0.0.1:1112 127.0.0.1:1111 ESTABLISHED
    TCP 127.0.0.1:1181 127.0.0.1:27015 ESTABLISHED
    TCP 127.0.0.1:10110 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:27015 127.0.0.1:1181 ESTABLISHED
    TCP 192.168.1.3:139 0.0.0.0:0 LISTENING
    TCP 192.168.1.3:1057 207.46.111.41:1863 ESTABLISHED
    TCP 192.168.1.3:1132 85.197.205.100:10694 ESTABLISHED
    TCP 192.168.1.3:1187 213.200.110.81:80 CLOSE_WAIT
    TCP 192.168.1.3:1389 209.17.65.27:80 CLOSE_WAIT
    TCP 192.168.1.3:1474 64.37.156.7:7000 TIME_WAIT
    TCP 192.168.1.3:1475 64.37.156.7:7000 TIME_WAIT
    TCP 192.168.1.3:1476 64.37.156.7:7000 TIME_WAIT
    TCP 192.168.1.3:1478 64.37.156.7:7000 TIME_WAIT
    TCP 192.168.1.3:1484 64.37.129.39:7040 TIME_WAIT
    TCP 192.168.1.3:1488 199.108.0.132:80 TIME_WAIT
    TCP 192.168.1.3:1490 199.108.0.132:80 TIME_WAIT
    TCP 192.168.1.3:1492 64.37.156.7:7000 TIME_WAIT
    TCP 192.168.1.3:1500 199.108.0.132:80 TIME_WAIT
    TCP 192.168.1.3:2869 192.168.1.1:52109 CLOSE_WAIT
    TCP 192.168.1.3:2869 192.168.1.1:52113 CLOSE_WAIT
    UDP 0.0.0.0:445 *:*
    UDP 0.0.0.0:500 *:*
    UDP 0.0.0.0:1026 *:*
    UDP 0.0.0.0:1053 *:*
    UDP 0.0.0.0:1065 *:*
    UDP 0.0.0.0:1071 *:*
    UDP 0.0.0.0:1133 *:*
    UDP 0.0.0.0:1217 *:*
    UDP 0.0.0.0:1259 *:*
    UDP 0.0.0.0:1416 *:*
    UDP 0.0.0.0:1480 *:*
    UDP 0.0.0.0:3776 *:*
    UDP 0.0.0.0:4500 *:*
    UDP 0.0.0.0:10375 *:*
    UDP 127.0.0.1:123 *:*
    UDP 127.0.0.1:1055 *:*
    UDP 127.0.0.1:1481 *:*
    UDP 127.0.0.1:1900 *:*
    UDP 127.0.0.1:10316 *:*
    UDP 127.0.0.1:44301 *:*
    UDP 192.168.1.3:9 *:*
    UDP 192.168.1.3:123 *:*
    UDP 192.168.1.3:137 *:*
    UDP 192.168.1.3:138 *:*
    UDP 192.168.1.3:1900 *:*
    UDP 192.168.1.3:5353 *:*
    UDP 192.168.1.3:11256 *:*
    UDP 192.168.1.3:18948 *:*
    UDP 192.168.1.3:20603 *:*
    UDP 192.168.1.3:43735 *:*
    UDP 192.168.1.3:45746 *:*
    UDP 192.168.1.3:53363 *:*
  3. 2008-07-12, 03:58 #13
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi Pyrous,

    ok thanks thats it. dont see anything suspicious in the log.
    download and use atfcleaner once in a while, helps keep temp files, cookies etc cleaned up:

    http://www.atribune.org/index.php?op...d=25&Itemid=25
    How Can I Reduce My Risk?
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules