so I give in and sign up for a account with the incarnation of Evil.. AOL, no sooner do i get on and 15min later my Firewall catches a hacker... then the hacker tries again and a third time before he gives up
muhaha ::kisses his firewall::

heh I even saw where his IP was comeing from...

I don't get it.

somebody tried to send my computer a vrius and failed three times

That's not how it works.

In order to get a computer virus, you have to download it.

....duuuuhhhhhh.

He tried to connect to your computer, when i had a firewall, i saw tons of connections like that. Wingates are evil

correction then trojan horse

Details: Intrusion Detection detected and blcoked the block backdoor/subseven trojan horse Trojan horse. All communication with 81.98.244.7 will be blocked for 30 minutes.

That would mean you have a trojan horse on y our computer, and you need to run an antivirus.

i assumed trojan horses are virus of some sort

Basically, you downloaded a virus, it's on your computer, it's trying to contact that THAT IP to do what Trojans do.

no it was a incoming attack not a outgoing one

not outgoing at all, Nortan antivirus scans comp 1x a day so no viruses

Eh, she is right, trojan are installed on your comp

do a SERIOUS scan, cause it means very bad shit otherwise if you do have that

I digress. I have no clue what the fuck you're talking about, and I don't think you do either.

Maybe it was someone trying to contact a trojan on your computer.

I have no clue. All I know is that people don't 'send' you viruses unless you agree to download them, like through AIM or whatever.

already did today
nothing has been downloaded
no virus
anti virus upto date as of 12\30\2003 16:42

1. Why does anyone here care.

2. What does AOL have to do with firewalls? As far as I know when you use AOL dial-up you don't get a firewall, or really need one. Unless you're using high-speed, and that might come with a firewall.

At home, my computer blocks all kinds of 'intrusions' -- the 'high rated' ones are usually my router pinging my computer or something.

Just because something is 'blocked' doesn't mean it's someone trying to violate your computer. It's usually just because your firewall isn't set up properly and blocks things that are harmless.

well ive never had a issue with anything untill i got aol
if you dont care fuck off and dont post instead of giving me shit about it.
im sure if it was nothing it would not have come up as a trojan horse in the description.

Originally posted by Maimara
I digress. I have no clue what the fuck you're talking about, and I don't think you do either.

Maybe it was someone trying to contact a trojan on your computer.

I have no clue. All I know is that people don't 'send' you viruses unless you agree to download them, like through AIM or whatever.

Actually, the last big viri MSBLAST did send itself to your computer via a open backdoor that Microsoft, in all their mightly glory, left wide ass open. All you had to do was connect to the internet, and bing, you had a 80-90% chance of getting it.

-Adredrin

If your firewall detected an incoming probe for the subseven trojan, that means that it is ON YOUR COMPUTER. You need to run a better virus scan.

I recommend SARC.com. Run the online scan. Or download new virus definitions from your antivirus provider.

and get rid of AOL before it's too late. Seriously.

- D

edited: because I put SARS instead of SARC. I'm half drunk...bleh.

[Edited on 12-31-2003 by Halfsilver]

When I had AOL we got a trojan horse that gave someone my ex's password. We only found out because people started sending him hate mail saying "stop sending us porn you $%^&$( "
We were like... wtf... the TH owner was using my ex's screen name to flood people with porn sites.

Already have as i said I dont have a virus on my computer. I have never had my firewall catch anything untill I signed onto AOL, nobody has ever even tried.

My AOL password was hacked freshman year and AOL shut my family's account down. We cleared it up in a few days, and I had to download Norton and get it off the computer. Edine, you should listen to the other people, because if 2 obviously stated people posted that you already have a virus, I think I'd listen to them.

::cough:: Ill let this one out of the bag, being a former uhhh person that ummm used that stuff, Edine,

Subseven is a hacker tool, it comes with 2 parts, the trojan and the client to control your computer. Now, if I can get subseven trojan on your computer, either by me being a wicked friend and playing games with you (Like I did to my buddy in college) or passed around on a CD with some other files, or even downloaded in a APP. Step 2 is that now you have it, but I need to know your IP address in order to connect to your computer.

The newest versions of Subseven come with a handy tool that lets me decide if when the virus is first run on your computer, to either AIM me your IP, send it via irc, ICQ, and/or E-mail. This is the first place your firewall, (Sounds like Norton Personal Firewall to me), could have sniffed this out. I know it said incoming, but if it was trying to AIM something or connect to ICQ or link up to a mail server, theres a good chance that Norton has that mail sever (At least the old one that the author's of subseven used to run) blocked or something and it detected it.
Ok, so now Mr. Mean hacker who goes by Pierat as his handle has your IP, he still needs to get in, which is harder these days because of the frequency of firewalls and antivirus software. Mind you, on subseven you get to pick what port you hack in on, so I could pick the same port that HTML uses, and as long as your not browsing the internet, I can get in, best time probably 3am steal your files or trash your system and get one. But the first thing a smart guy like me would do, is disable your virus software from inside your system, its easy to do, I can actually see what you see, control your mouse, etc....etc... so I would either uninstall your antivirus, or run it real quick and tell it to ignore, or make a folder that it doesnt look it, etc...etc...

Ok, so here we are on the last step, the desperate looser hacker. I have no friends to load my trojan on, no college girls live near me with webcams that I can watch, man I had a obsessed room mate who was trying to do that all day I swear instead of going to class, (and...Yes, it does do that but he was doing it wrong, lol).....

ok so no one has downloaded my little application I made (You can hide it in ANY .Exe or .Dll) so what do I do if I wanna hack? Run a port scan on a range of IP's. So on the most common ports that people install subseven (The defaults) I scan in ranges of IP's and see if I get any hits, the next morning I sit down for my sanca (Cause its a looser coffee compared to anything real and this is a joker hacker if he has to port scan you) and read the list of "hits" Now this is could also be what Norton Antivirus saw, just some looser running a port scan and in fact, I would bet you 90% odds are thats what it is, unless youve been trying to download hacker apps lately and then maybe someone snuck a trojan along with a tool, they like to do that.
Update Norton Antivirus (And people dont ever, ever pay them for the annual subscription! Just set your clock back! duhhhh!) Do a full scan, ive downloaded every piece of software to fight trojans possible (To see what my advisarys were up to back in the day) theres good ones out there, the problem being that the "new" versions of these trojans get changed rapidly to keep from being detected, norton because theyre the biggest and baddest has to keep up and cause theyre so big they have the biggest odds of having the update if its new) make sure of cource theres no options selected for areas its skipping. If it doesnt see anything, and youve tried the other suggestions anti-virus (Its always good to run at least 1 second virus scan from a different company when in doubt in case the hacker IS actually smart and edits your virus definitions or some trick like that "I" was never Kewl enough to figure out or bother with.

For a couple of days, when not sitting at your computer, you could also try unplugging it from the net when your not sitting there for safety reasons, that way you can monitor if anything weird happens, CD tray pops open, mouse moves, certain keys wont work, etc... stupid things. But probably nothing will happen and theres no trojan cause I think you just cause a looser port scanning

Last thing, if your serious, and you see something move, or things get worse, step 1, unplug it from the net...

step 2, "Black Ice Defender" is a firewall/anti-hacker and its pretty good (at least the old versions I played with) It not only can stop them cold dead in their tracks, but tell you exactly who it was (In case that guy at work you spilled his coffee on is hacking you) then of cource if your me, you get them back at their own game, lol....

Good Luck Edine, ill me gone for the next 4-5 days, but IM me if you still got probs -Pierat/Kit

Oh yay, in regards to SoulPierced's post, the second im in your system, I can run a password scan to see every password saved in your system, including Aim, icq, any website you allowed to remember your password, etc..etc.. so your bank stuff id have..etc... bad stuff :(
I only used it on my friend really...well...mostly... anyhow we would play half-life and he was lets...say... emmotional when he would die and yell and scream and everyone on the floor could hear him, so when we would all play, id pull out 2 computers, and disable certain keys or jiggle his mouse every once in a while, disable the fire key for a few seconds..... heh, he would scream and yell and everyone else on the floor knew, and laugh histerically even when it wasnt "me" that killed him, heh.... One day he was a real jerk (hence me doing it in the first place he wasnt exactly a nice guy) and we got into a fight, so I went back into my room and disabled his "G" and "H" keys and he had to write a essay, he wrote it with no g's and h's instead of going the library..... heh, he went and bought a new keyboard the next day, I let him go a few days before disabling it again, man did he yell and scream.... boy terrorizing that guy was so much fun.... heh, im mean... but if you all knew the guy you'd apprieate the humor, it was indeed called for -Pierat

You gotta teach me that stuff. Well i could be proactive and go learn it myself, but wheres the instant self graitfication in that?

Contemplating buying Pierat a lovely gift yes.. yes I am.

That being said, I asked him (pierat) on u2u to "check" if i have those crap on mine... I think we should ALL take this opportunity to check it out

Virus = BAD stuff

Dude check this out, some viruses/trojans or what not install to HKEYS in your registry, and Norton doesnt scan it...get McAfee.

-John

NAV is actually like a virus itself, in that it installs itself in to your registry.

NAV does scan the registry, though, GOD.

It would be a worthless peice of software if it didn't, and though it does cause a lot of problems, it's not worthless if you know how to use it.

Firewalls... BlackIce just LOOKED good, it didn't really do much. If you're looking for freeware...ZoneAlarm is a decent thing to look into. ZoneAlarm Pro if you want to pay. Both are user friendly and actually DO block incoming 'attacks' on your computer. If you can call innocuous port probes, attacks. Which is what most of you all will see.

Edine...scan your system more thoroughly. You'll find the subseven somewhere in your system. I guarantee it.

Ok, a question for those of you more Tech oriented people regarding the trojan horses and such.

I also get the message from my norton firewall about subseven trying to access my computer, but I only get that message when I use the Players corner chat function.

It occurs within 30 seconds to one minute after i initiate the chatroom.

Now from what some have said here, if I get that message it means that the trojan is already in my system. I went to Symantecs site and the removal advice they give is to update your definitions and run a full scan.

Ok, so I did both an update and ran a scan this evening but I still come up clean. Now I understand that some nasty programs actually will change the settings on our virus checkers to not scan for them so I looked at my settings and found three things listed to not check. Could any of you tell me if they look correct, or if I should remove them from the "Excusion List"?

They are as follows:

1) *.nch

2) *.dbx

3) \_restore\*.*

Any assistance with this is greatly appreciated as this has been bugging me for awhile.

any free antivirus programs I can get my hand on my norton is upto date.

http://www.trendmicro.com

Go to Housecall. ;)

I ran it and they didnt pick up on a virus or torjan horse either...

Listen to Pierat someone was just doing a port scan you're fine.

free virus scaner I like? www.grisoft.com ;)

-Adredrin

A port scan is going to set off your firewall every time.

Depending on the firewall, nothing is going to access the net or your pc from the net unless you allow access.

And ... AOL sucks, no matter what version. It's a resource hog. Just get a mom and pop dial up and you'll be much better off.

had the mom and pop, already say its better cause I connect faster with it, but im going to be doing a lot of traveling and want a ISP that Ill be able to just hop on anywhere and log on and not have to worry if they have access numbers around, any other ISP's you can suggest?

I would recommend any ISP that doesn't require a proprietary interface ... such as aol or msn.

Try earthlink or search tech sites for the top listed ISPs. I'm not sure but AT&T world net is probably in every fricking state and back water hole.

thanks looks like at&t is the best of the lot too on most of the websites

SARC.com

free virus scan and security check.

=)

Have nortons and have run it and used the website to check as well just in case it was something with my settings, nothing there. Used two other free checks and nothing. so I dont know what it is

"Listen to Pierat someone was just doing a port scan you're fine. " -crazymage
Yah! Listen to me Edine for once! I told you, run norton, then get another good freeby just to make sure, and then take a deep breathe and dismiss it!

gotcha and I am

Here I had a few minutes of free time and some people wanted to see if I could connect, easier then that heres a list of lines you will find in different regs/ini's where subseven (depending on the version installed on your computer) will have its command to run everytime you reboot. You can just check these, its simple -Pierat

1. C:\WINDOWS\SysTrayIcon.Exe Registry line
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
SystemTrayIcon = "C:\WINDOWS\SysTrayIcon.Exe"
1.1 C:\WINDOWS\SysTrayIcon.Exe Registry line
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
SystemTrayIcon = "C:\WINDOWS\SysTrayIcon.Exe"
1.3 c:\windows\nodll.exe win.ini
run=nodll
1.4 c:\windows\nodll.exe win.ini
run=nodll
1.5 c:\windows\nodll.exe (32,768 bytes) win.ini
run=nodll
1.6 c:\windows\systray.exe (33,280 bytes) Registry line
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
SystemTray = "SysTray.Exe"
1.7 c:\windows\kernel16.dl Registry line
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices
Kernel16 = "kernel16.dl"
1.8 c:\windows\kerne132.dl Special registry startup. Please see page for more info.
1.9 + 1.9b c:\windows\rundll16.exe Registry line
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run and RunServices
RegistryScan = "rundll16.exe"
2.0 c:\windows\rundll16.exe System.ini
shell=explorer.exe -trojan_name_here-.exe
Remove trojan name from end, so line reads shell=explorer.exe
2.1 - 2.1gold c:\windows\nodll.exe win.ini
run=msrexe.exe

Get with the times and get freaking cable already.

You'll thank me later.

Hmm? and?

cable = less secure as your ip is always the same

yah im not quite sure what you meant by get a freaking cable, I know my system is pretty much untouchable (NO that is not a challange ::grumble::) and im on cable, but the fact that im on cable has nothing to do with being untoucable.

When I did those bad things I used to do, I could get into a system on cable or dsl 10 times easier then I could on a modem, I mean heck, you gotta get a app. on someones system that pages you everytime the person goes online if you wanna track someone on a modem, and that gets annoying after a while, pages add up to the 100's from just 5 people in a couple of days! At least on dsl/cable the IP stays relativly the same usually and when "I" wanted I could get into their system. -Pierat

Originally posted by Pierat
yah im not quite sure what you meant by get a freaking cable, I know my system is pretty much untouchable (NO that is not a challange ::grumble::) and im on cable, but the fact that im on cable has nothing to do with being untoucable.

When I did those bad things I used to do, I could get into a system on cable or dsl 10 times easier then I could on a modem, I mean heck, you gotta get a app. on someones system that pages you everytime the person goes online if you wanna track someone on a modem, and that gets annoying after a while, pages add up to the 100's from just 5 people in a couple of days! At least on dsl/cable the IP stays relativly the same usually and when "I" wanted I could get into their system. -Pierat

Virus software should be a requirement for using a PC. Everyone should just switch to Macs and not worry about it.

When and IF the majority of computers are apple, i'd wager that you'd have the same number of problems\issues with them as you do PC's today.

Originally posted by RangerD1
When and IF the majority of computers are apple, i'd wager that you'd have the same number of problemsissues with them as you do PC's today.

It's hard to say. OS X is inherently more secure than windows (Root account disabled by default, no default access to system files, etc). The reality is though, they're not the norm and they are safer..and faster..and 3x as expensive.

Firewalls suck when you can't get into the game while you're at work. I have to use a VPN from work to connect to my home network to play, and if I do that, I have to disconnect the VPN every time I need to hit a database server or E-mail. Difficult to explain when the boss is hovering.