Home › Forums › Archives › Instant Messaging › AIM Support › Need help with potential trojan?
- This topic has 15 replies, 7 voices, and was last updated 20 years, 3 months ago by samholton.
-
AuthorPosts
-
February 5, 2004 at 11:08 pm #11166Jeff HesterKeymaster
i need some help with a trojan/spyware i think a “friend” gave me. i normally never allow the “direct connect” with anyone but for some reason yesterday i let him do it and try to send me a pic (which i didn’t ask for even). the direct connect never sent the image despite i was connected for about a minute with him, and i have a cable modem. today my internet is slow, and i’m paranoid, so i casually ask him what anti-trojan software he uses, he gets all smart with me saying his “braind”, i yell back at him basically telling him he doesn’t know everything, and then he replys with part of the lyrics of the exact song i was listening to at that moment. the song is like 5 yrs old, not a popular artist, and no one know’s i was listening to her, and i just downloaded the song. it was def not a coincidence. anyways how do i get this off? i use black ice, trojan remover, and mcafee virus scan, none are finding anything. hes talkedf in the past about hacking ppl’s comptuers using this method on aol and icq. if someone could give me suggesstions it would be greatly appreciated. i already reinstalled aim but i dont know if that matters since the trojan could be anywhere.
February 6, 2004 at 2:27 am #85050FimusMemberPart of the reason I’m posting is to bump this topic – sounds like a big problem.
Well… not sure if this could help but did you try Spybot – Search and Destroy? It may fix your problem…February 6, 2004 at 2:34 am #85051.ParticipantSpyBot = http://www.safer-networking.org/
TDS3 = http://tds.diamondcs.com.au/ (Best Anti-trojan in the world)February 6, 2004 at 4:25 am #85057samholtonMemberAs far as trojans go these days, almost all ‘public’ ones will be caught by virus scans. However, I have written quite a few that aren’t caught by any virus scan simply because I don’t spread them around so no one suspects them. The best defense would be to get a firewall, ZoneAlarm is free. If you are on a cable modem and that paranoid about security, you should have one anyway. Once you install the firewall, it will ask you which programs you want to have access to the internet. Of course you want normal programs like IE, Outlook, AIM, etc to have access. If anything looks shady, deny it access, you can always grant it access later if you find out you need it. If you are on windows xp, another thing to try would be to simply go to the task manager (CTRL+ALT+DEL) and check out your proccesses running, should be able to spot out anything that doesn’t fit.
February 6, 2004 at 5:06 am #85046Jeff HesterKeymasterthanks for the suggestions, i really appreciate it. i downloaded those 3 programs and searched with each both of my hard drives, i only found one file in my second hard drive that was 1 kb in size, so i dont think that can be anything, but i deleted it anyways (maybe that was an oops, o well). i can’t figure this out, he has to have access some how. is it possible that the trojan hes using wouldn’t be caught unless it’s running? i have and have alwyas had 2 firewalls, black ice, and then a firewall router before it gets to my computer. i’ve known him for 5 yrs and went to h.s. with him, i’m pretty sure he can’t do what samholton is talking about; about writing a custom virus. of course i’m not an expert on computer security either. this is one of those ppl that talks and pretends to be an expert at something when they only know general info. i did do the crtl-alt-delete also before i posted on here, and the only thing runing was the firewall, aim, and explorer at the time. thanks
February 6, 2004 at 5:26 am #85056samholtonMemberIf you have a firewall running, then its doubtful that any trojan would be getting through. As far as the trojan not being picked up becuase its not running, I doubt that’s the case. In order for a trojan to accept commands from the master, it has to be running at all times, waiting for instructions on what to do. When doing CTRL+ALT+DEL, click on the tab at the top that says Proccesses, not programs. You should get a list of every process running on your pc. If you are still concerned, send me a message at and I would be happy to scan your computer for any open ports.
–Sam
http://www.samholton.com
http://aim.samholton.comA free post-scan is available at ShieldsUp!!, Please don’t ask for personal contacts.
February 6, 2004 at 5:30 am #85048detn8rParticipantAt a price of 50 bucks for TDS, I think I will stick with Spybot, and Adaware, which provides the same services for free.
Quote:quote:If you are still concerned, send me a message at (-) and I would be happy to scan your computer for any open ports.I’m sure you would. <_<
There are several web sites that provide this. Please don’t ask members to contact you for a situation especially like this through email.
February 6, 2004 at 5:32 am #85054f0rbezMemberQuote:quote:is it possible that the trojan hes using wouldn’t be caught unless it’s running?if its a trojan, then it would be running in the background and cause open ports on your computer where it was listening. your firewall definately would of detected this. what exactly makes you think it is a trojan anyway? a slow internet connection could be anything. and the fact that he knew your song could be coincidental. if you want, you could try checking your start up processes for anything that looks suspicious. that might be pretty hard if you dont have that much experience because your not going to know what is normal and whats not. what i would try to do is look in your virus scanner options for “heuristics” and turn it up all the way. that will help find files that may perform virus/trojan like activities but you may get many that aren’t truely “bad”.
February 6, 2004 at 5:56 am #85055samholtonMemberQuote:quote:Originally posted by detn8rAt a price of 50 bucks for TDS, I think I will stick with Spybot, and Adaware, which provides the same services for free.
There are several web sites that provide this. Please don’t ask members to contact you for a situation especially like this through email.
Who are you to say what may and may not be posted on this forum? The purpose of this thread was to ask for advice and help and I was only trying to help out. Your reply is irrelevant to this thread and should not have been posted as it did not provide any further insight on the situation.
February 6, 2004 at 6:25 pm #85047detn8rParticipantWho’s post was edited by a moderator? Why? Because you did not follow the TOS. Who am I to? Just like everyone else. It’s for the well being of the members here. irrelevant? possibly, but I have every right to leave my opinion.
February 6, 2004 at 10:03 pm #85049FimusMemberTry going to Start -> Run and type “cmd” (if you’re on 98 or 95 type command) in the prompt and hit enter a black screen should appear… type “netstat” and press enter… Post here what you get, please 🙂
And stop fighting, damn! I would say “*sighs and waits for a moderator to lock this thread*” but I think we should help charliechuckers so… no. 🙂
February 9, 2004 at 8:45 pm #85045Jeff HesterKeymasteri tried the netstat, it gave me 2 ip’s, both of which are the same and mine. maybe when i deleted aim and reinstalled it, could that have wiped it out? if what he said was a coincidence, then i’m giving him some money to buy lotto tickets for me, bec it really would be almost impossible to be a coincidence, he doesn’t even listen to that type of music ever anyways, and it was from unknown artist to mainstream music. what i did with him during the “direct connect” was the image transfer, where it is supposed to then post the image in the messaging window. if a trojan or spyware has to be running to collect and send data, then how about that tracking spyware that is placed in the internet files unknowlingly, u won’t see that ever running, but when u do the crtl alt delete, it still collects the data and sends it. thanks
February 9, 2004 at 8:47 pm #85044Jeff HesterKeymasteri meant u won’t see that running when u do the ctrl alt delete
February 9, 2004 at 8:52 pm #85043Jeff HesterKeymasterwould it be possible for a trojan to be integrated into aim somehow and then use aim as a vehicle to retrieve info secretly? that way when ur running aim, and u check what programs are running, only aim will show up, but the aim could with the trojan integrated into it could collect data and send it back whenever u ran aim, nothing would appear out of the ordinary. i know this probably isn’t feasible, just a thought
February 10, 2004 at 2:32 am #85053f0rbezMemberQuote:quote:what i did with him during the “direct connect” was the image transfer, where it is supposed to then post the image in the messaging window. if a trojan or spyware has to be running to collect and send data, then how about that tracking spyware that is placed in the internet files unknowlingly, u won’t see that ever running, but when u do the crtl alt delete, it still collects the data and sends it.the tracking spyware that your referring to are cookies and they actually arent programs. there just little bits of info that companies can use to track your surfing habits. they really do nothing. also, if all you did was look at some pictures then it couldnt have been a trojan. unless u actually opened a file that he sent you through d/c.
-
AuthorPosts
- You must be logged in to reply to this topic.