| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 60837 | 2005-08-14 18:30:00 | Netbus Trojan horse | bigdaddyhen (8720) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 381154 | 2005-08-14 18:30:00 | I may have a problem with a netbus Trojan horse, I think. Once or twice a week Norton Internet Securities detects a possible netbus torjan horse attack. This has been happening for months. They are usually from different IP's, mostly from Europe or Asia. I have run Ad-aware and spybot, but have found nothing, and it keeps happening. Why could the problem be, and how can I possibly fix it? Thanks |
bigdaddyhen (8720) | ||
| 381155 | 2005-08-14 19:29:00 | You could have a read of this meantime. www.windowsecurity.com Or this. www.pspl.com |
Cicero (40) | ||
| 381156 | 2005-08-14 22:13:00 | If Nortons is alerting u that u have Netbus, it doesnt mean you're infected . Wherever its coming from, theyre doing a port scan for people, who may have it . NIS is stopping and blocking it . I wouldnt worry about it . And I wouldnt bother about sending an email to an Asian abuse email address . They never reply . If you want to report the attempted hack, click on the globe and select NIS Stats/View Logs/the entry maybe under Alerts here . save the log by clicking on the disk, and find the Netbus entry . Find out where the IP address (Theirs is), not yours . Highlight (just) the Netbus entry log . Then copy/paste the log into an email, and then send an email to abuse@theirisp with the log . And the GMT of NZ, followed by the log, if youre in NZ . |
Speedy Gonzales (78) | ||
| 381157 | 2005-08-14 22:17:00 | So it is nothing on my system trying to connect out, but someone trying to get in? | bigdaddyhen (8720) | ||
| 381158 | 2005-08-14 22:19:00 | So it is nothing on my system trying to connect out, but someone trying to get in? Correct, someone is trying to check your system out, to see if you have Netbus . (it doesn't mean u DO have Netbus) . NIS knows what it is, so blocks it so u wont get hacked . If it was Netbus, trying to get out, or connect (to the hacker), it would bring up a window asking permission, for u to accept it, which isnt the case . It would bring up a window, (like if u installed a program, and then ask for permission for you to allow it to run) . |
Speedy Gonzales (78) | ||
| 381159 | 2005-08-14 22:25:00 | Thanks | bigdaddyhen (8720) | ||
| 381160 | 2005-08-14 22:29:00 | No worries | Speedy Gonzales (78) | ||
| 381161 | 2005-08-27 04:08:00 | I am still a bit concerned. Since I posted this last, they have been coming almost everyday. They are not coming from random locations. At least half are coming from Korea. Why do these keeping coming, and from the relative same location. I don't have a static IP. I am assuming not everyone gets 4-5 a week, so why am I getting so many? :( :confused: I am still concerned there is something on my system that is making me a target. I have used spybot and ad-aware again, and still found nothing more than cookies. Does anyone have any suggestions for any other programs? |
bigdaddyhen (8720) | ||
| 381162 | 2005-08-27 04:20:00 | I've had the same thing before . Some people just dont know when to stop . Especially Koreans . If you're worried, get Hijackthis and post a log here . . spywareinfo . com/~merijn/" target="_blank">www . spywareinfo . com Make sure you create a folder HJT first on C and unzip the HJT file into it, then run it and do a scan and post the log here . |
Speedy Gonzales (78) | ||
| 381163 | 2005-08-29 05:17:00 | Here is my log Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\SM1BG.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe C:\Program Files\CyberLink\PowerDVD SE\PDVDServ.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Visualware Security Suite\tscore.exe C:\Program Files\Messenger\msmsgs.exe C:\progra~1\valve\steam\steam.exe C:\WINDOWS\NCLAUNCH.EXe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\jview.exe C:\Program Files\Pluck Corporation\Pluck\PluckSvr.exe C:\Program Files\DIGStream\digstream.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Sean Hennessy\Desktop\hijackthis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Pluck Helper - {09AF76DD-6988-4664-97D0-362F1011E311} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace\VisualIPTraceIE.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll O3 - Toolbar: Pluck Toolbar - {7385D9F8-418B-4e6a-938F-F7596857CB54} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace\VisualIPTraceIE.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD SE\PDVDServ.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Visualware Security Suite] "C:\Program Files\Visualware Security Suite\tscore.exe" -autostartup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [PluckSvr] C:\Program Files\Pluck Corporation\Pluck\PluckUpdater.exe /startplucksvr O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html O9 - Extra button: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll O9 - Extra 'Tools' menuitem: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra button: Pluck this page - {1FA9B650-D1BC-4E43-96B3-13A32FC39732} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll O9 - Extra 'Tools' menuitem: Pluck this page - {1FA9B650-D1BC-4E43-96B3-13A32FC39732} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Poker - download.games.yahoo.com O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - components.viewpoint.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - v5.windowsupdate.microsoft.com O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - kdx.kontiki.com O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - www-secure.symantec.com O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - www-secure.symantec.com O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - cdn.digitalcity.com O18 - Protocol: pluck - {A5DD5FEC-8239-4A12-B791-4B6067F85CCC} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
bigdaddyhen (8720) | ||
| 1 2 | |||||