| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 88192 | 2008-03-18 10:22:00 | So like, my computer is stuffed | Wardog (6821) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 650514 | 2008-03-19 04:18:00 | It would have been that trojan that was causing probs. Search for sysmgr.exe if its still around, delete it ! |
Speedy Gonzales (78) | ||
| 650515 | 2008-03-19 04:24:00 | It was possibly an IRC botnet, how it got on there; I have no idea. Thank you man, you saved me many hours of reinstalling. |
Wardog (6821) | ||
| 650516 | 2008-03-19 04:27:00 | No worries :) good to hear its a lot better now ! | Speedy Gonzales (78) | ||
| 650517 | 2008-03-20 05:14:00 | Well, I might have a botnet or something on here, I will post my netstat results and can you check over them to make sure anything suspicious isn't there? I am a little wary on this "ircmaniak.com" business, but I am connected to an IRC network, but don't know where that is coming from .. Proto Local Address Foreign Address State TCP joshua-d0446ed3:epmap joshua-d0446ed3:0 LISTENING TCP joshua-d0446ed3:microsoft-ds joshua-d0446ed3:0 LISTENING TCP joshua-d0446ed3:1045 joshua-d0446ed3:0 LISTENING TCP joshua-d0446ed3:1911 joshua-d0446ed3:0 LISTENING TCP joshua-d0446ed3:1031 joshua-d0446ed3:0 LISTENING TCP joshua-d0446ed3:1042 localhost:1043 ESTABLISHED TCP joshua-d0446ed3:1043 localhost:1042 ESTABLISHED TCP joshua-d0446ed3:1046 localhost:1045 CLOSE_WAIT TCP joshua-d0446ed3:1059 localhost:1060 ESTABLISHED TCP joshua-d0446ed3:1060 localhost:1059 ESTABLISHED TCP joshua-d0446ed3:1251 localhost:1254 ESTABLISHED TCP joshua-d0446ed3:1253 localhost:30606 ESTABLISHED TCP joshua-d0446ed3:1254 localhost:1251 ESTABLISHED TCP joshua-d0446ed3:1271 localhost:30606 CLOSE_WAIT TCP joshua-d0446ed3:1780 localhost:30606 CLOSE_WAIT TCP joshua-d0446ed3:1891 localhost:1910 ESTABLISHED TCP joshua-d0446ed3:1909 localhost:30606 ESTABLISHED TCP joshua-d0446ed3:1910 localhost:1891 ESTABLISHED TCP joshua-d0446ed3:1925 localhost:30606 ESTABLISHED TCP joshua-d0446ed3:30606 joshua-d0446ed3:0 LISTENING TCP joshua-d0446ed3:30606 localhost:1253 ESTABLISHED TCP joshua-d0446ed3:30606 localhost:1909 ESTABLISHED TCP joshua-d0446ed3:30606 localhost:1920 TIME_WAIT TCP joshua-d0446ed3:30606 localhost:1925 ESTABLISHED TCP joshua-d0446ed3:netbios-ssn joshua-d0446ed3:0 LISTENING TCP joshua-d0446ed3:1256 by1msg3245805.phx.gbl:1863 ESTABLISHED TCP joshua-d0446ed3:1692 ircmaniak.com:6667 ESTABLISHED TCP joshua-d0446ed3:1912 by2msg2233118.phx.gbl:1863 ESTABLISHED TCP joshua-d0446ed3:1924 RTA1320.home:5431 TIME_WAIT TCP joshua-d0446ed3:1926 edge1.catalog.video.msn.com:http ESTABLISHED TCP joshua-d0446ed3:42809 localhost:30606 TIME_WAIT TCP joshua-d0446ed3:netbios-ssn joshua-d0446ed3:0 LISTENING UDP joshua-d0446ed3:microsoft-ds *:* UDP joshua-d0446ed3:isakmp *:* UDP joshua-d0446ed3:1029 *:* UDP joshua-d0446ed3:1049 *:* UDP joshua-d0446ed3:1099 *:* UDP joshua-d0446ed3:1406 *:* UDP joshua-d0446ed3:4500 *:* UDP joshua-d0446ed3:discard *:* UDP joshua-d0446ed3:ntp *:* UDP joshua-d0446ed3:1066 *:* UDP joshua-d0446ed3:1900 *:* UDP joshua-d0446ed3:ntp *:* UDP joshua-d0446ed3:netbios-ns *:* UDP joshua-d0446ed3:netbios-dgm *:* UDP joshua-d0446ed3:1900 *:* UDP joshua-d0446ed3:8145 *:* UDP joshua-d0446ed3:35842 *:* UDP joshua-d0446ed3:ntp *:* UDP joshua-d0446ed3:netbios-ns *:* UDP joshua-d0446ed3:netbios-dgm *:* UDP joshua-d0446ed3:1900 *:* UDP joshua-d0446ed3:7012 *:* UDP joshua-d0446ed3:16313 *:* |
Wardog (6821) | ||
| 650518 | 2008-03-20 05:19:00 | Well what server do you go to, to get into IRC?? Do you use a browser / or something like Mirc? An IRC client? That seems to be the only 6667 port, which is used for IRC |
Speedy Gonzales (78) | ||
| 650519 | 2008-03-20 05:31:00 | mIRC. I use many servers, but the one I'm currently on is irc.oh-hai.net, it's a friend's one. I'll try slashnet and partyvan, see if they'll give me this ircmaniak rubbish. Well, it's not on slashnet, and can't connect to partyvan at the moment. Do you know any programs which are good task managers, which show ALL running processes, all the background ones and everything? A rather good system tool? |
Wardog (6821) | ||
| 650520 | 2008-03-20 05:49:00 | Open task manager (alt-ctrl-del), go to view / select columns, tick PID Type netstat -no in a prompt, see what the PID is for it. its probably Mirc Did you ask your mate?? Whats the address for this server?? I know the server is oh-hai.net I'll check it out and see what I get |
Speedy Gonzales (78) | ||
| 650521 | 2008-03-20 05:57:00 | 89.149.196.212 Proto Local Address Foreign Address State PID TCP 192.168.1.2:2644 89.149.196.212:6667 ESTABLISHED 4040 |
Wardog (6821) | ||
| 650522 | 2008-03-20 06:01:00 | I'm there now what channel are you in lol. Even tho there's only 2 of them And whats your nick? |
Speedy Gonzales (78) | ||
| 650523 | 2008-03-20 06:03:00 | 89.149.196.212 Proto Local Address Foreign Address State PID TCP 192.168.1.2:2644 89.149.196.212:6667 ESTABLISHED 4040 So is 4040 in task manager Mirc? |
Speedy Gonzales (78) | ||
| 1 2 3 | |||||