Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Another f***ing Trojan

  • 27-01-2001 3:19pm
    #1
    Hobbes
    Registered Users, Registered Users 2 Posts: 21,264 ✭✭✭✭


    Trying to figure out what's causing my mouse to keep flashing in games. I boot up my machine this morning to find all the devices trashed so I'm in the process of re-installing when I finally find this.
    <font face="Verdana, Arial" size="2">
    w142.z064220205.sjc-ca.dsl.cnc.net
    The firewall has blocked Internet access to 64.220.205.142 (HTTP) from your computer [TCP Flags: AF].

    Time: 1/27/01 10:02:16</font>

    That is with nothing running that I know of.

    BlackICE didn't pick it up but ZoneAlarmPro did. I can't find out what program is launching to access this server. NAV can't see any Trojan either but anyone know of a proggy which will look for all kinds of Trojans?



Comments

  • #2
    Lenny
    Moderators, Music Moderators, Recreation & Hobbies Moderators Posts: 9,389 Mod ✭✭✭✭Lenny


    best thing would be to port scan yourself.
    when you find what ever ports are open check this list here. ... its a little bit old but I'm sure you could find up to date ones somewere aswell
    Acid Battery 1.0
    32418
    AimSpy
    777
    Ambush
    10666
    Antigen
    25
    AOLTrojan1.1
    30029
    Backdoor, Transscout
    1999
    BackConstruction 1.2+1.5
    5400
    Back Orifice 2000
    8787
    Back Orifice 2000
    54320
    Back Orifice DLL
    1349
    Back Orifice
    31337
    Back Orifice-DeepBO
    31338
    BigGluck, TN
    34324
    Bla 1.1
    1042
    Bla
    20331
    Blade Runner
    5400
    Blade Runner
    5401
    Blade Runner
    5402
    BO Jammerkillah
    121
    BOWhack
    31666
    Bugs
    2115
    Chupacabra, Logged!
    20203
    Coma Danny
    10607
    Deep Throat 1.0, The Invasor
    3150
    Deep Throat 1.0
    2140
    DeepThroat 2.0 & 3.0
    60000
    DeepThroat 2.0 & 3.0
    6670
    DeepThroat 2.0 & 3.0
    6671
    DeepThroat 2.0 & 3.0
    6771
    Delta
    26274
    Delta
    47262
    DeltaSourceDarkStar
    6883
    Der Spaeher 3
    1000
    Devil 1.03
    65000
    Doly Trojan
    1012
    Doly Trojan 1.1
    21
    Doly Trojan 1.1+1.2
    1011
    Doly Trojan 1.35
    1010
    Doly Trojan 1.5
    1015
    Doly Trojan 1.6
    1016
    Eclipse2000
    12701
    Evil FTP-Ugly FTP
    23456
    Executor
    80
    FileNail Danny
    4567
    Firehotcker
    5321
    Fore
    50766
    FTP99CMP
    1492
    GabanBus,NetBus
    12345
    GabanBus,NetBus
    12346
    Gatecrasher
    6969
    Gatecrasher
    6970
    GirlFriend
    21544
    GirlFriend
    21554
    Gjamer
    12076
    Hack´99 KeyLogger
    12223
    Hack'a'tack
    31787
    Hack'a'tack
    31785
    Hack City Ripper Pro
    2023
    Hack Office Armageddon
    8879
    Hackers Paradise, Masters Paradise
    31
    Hackers Paradise
    456
    Hidden port V2.0
    99
    HVL Rat5
    2283
    ICKiller
    7789
    IcqTrojan
    4590
    IcqTrojan
    4950
    Illusion Mailer
    5521
    InCommand 1.0
    9400
    Indoctrination
    6939
    Ini-Killer, Phase Zero, Stealth Spy
    555
    InI Killer
    9989
    Kuang
    30999
    Kuang2 The Virus
    13700
    Masters Paradise
    3129
    Masters Paradise
    40421
    Masters Paradise
    40422
    Masters Paradise
    40423
    Masters Paradise
    40426
    Maverick's Matrix
    1269
    Millenium
    20000
    Millennium
    20001
    NetBus 2 Pro
    20034
    NetMetropolitan 1.0 & 1.04
    5031
    NetMetropolitan 1.04
    5032
    NetMonitor
    7300
    NetMonitor
    7301
    NetMonitor
    7306
    NetMonitor
    7307
    NetMonitor
    7308
    NetSphere
    30100
    NetSphere
    30101
    NetSphere
    30102
    Netsphere Final
    30133
    NetSpy
    1033
    NetSpy DK
    31339
    Online Keylogger
    49301
    OOTLT
    5011
    Pass Ripper
    2023
    Phineas Phucker
    2801
    Portal of Doom
    3700
    Portal of Doom
    9872
    Portal of Doom
    9873
    Portal of Doom
    9874
    Portal of Doom
    9875
    Portal of Doom
    10067
    Portal of Doom
    10167
    Priority
    16969
    Progenic trojan
    11223
    Prosiak 0.47
    22222
    Prosiak
    33333
    Psyber Streaming Server
    1170
    Psyber Streaming Server
    1509
    Psyber Streaming Server
    4000
    Psyber Streaming Server
    1024
    Remote Grab
    7000
    Remote Window Shutdown
    53001
    Robo Hack
    5569
    Satanz Backdoor, Peur de Rien FTP
    666
    Schwindler 1.82
    21544
    Schoolbus 1.0
    4321
    Schoolbus 1.6 & 2.0
    43210
    Schoolbus 1.6 & 2.0
    54321
    Senna Spy
    11000
    Shiva Burka
    1600
    ShockRave
    1981
    ****heep
    6912
    ****heep Danny
    69123
    Silencer, WebEx
    1001
    Sockets de Troie
    5000
    Sockets de Troie
    5001
    Sockets de Troie
    50505
    Socket 25
    30303
    SoftWar
    1207
    Spy Sender
    1807
    Stealth Spy
    555
    Streaming Audio Trojan
    1170
    Striker
    2565
    SubSeven
    1243
    SubSeven
    6711
    SubSeven
    6712
    SubSeven
    6713
    SubSeven
    6776
    SubSeven 2.1
    27374
    Telecommando
    61466
    The Invasor
    2140
    The Invasor
    3150
    The Spy
    40412
    The tHing
    6400
    The tHing 1.6
    6000
    The Unexplained
    29891
    Tiny Telnet Server
    34324
    Total Eclypse 1.0
    3791
    Transscout
    2000
    TrojanCow
    2001
    Trojan Spirit 2001a
    30133
    Trojan Spirit 2001a
    33911
    Ugly Ftp
    23456
    Ultors Trojan
    1234
    Voodoo Doll
    1245
    Vampire
    6669
    Voice
    1170
    Whack-a-mole
    12361
    Whack-a-mole
    12362
    WinCrash
    3024
    WinCrash
    4092
    WinCrash
    5714
    WinCrash
    5741
    WinCrash
    5742
    Wincrash 2
    2583
    Wingate Socks Proxy
    1080
    Xtcp
    5550
    End


  • #3
    Hobbes
    Registered Users, Registered Users 2 Posts: 21,264 ✭✭✭✭Hobbes


    It was going out to Port 80 it wouldn't be noticed.

    However the Trojan had in fact hijacked BlackICE files and was pretending to be that software. Even after uninstalling BlackIce the SOB was still trying to connect but I was able to find it easier.



  • #4
    SantaHoe
    Closed Accounts Posts: 7,488 ✭✭✭SantaHoe


    Can either of yee recomend a good Win9x port scanner that's up to the task of a full self port scan?
    Any other nice packet monitoring tools etc.
    I'm f**ked if I'm going to download one from a dodgy hax0r site, so gimme a link or two.


  • #5
    SantaHoe
    Closed Accounts Posts: 7,488 ✭✭✭SantaHoe


    Thanks, it looks pretty good, but it appears to be win NT/2k only frown.gif


  • #6
    Hobbes
    Registered Users, Registered Users 2 Posts: 21,264 ✭✭✭✭Hobbes


    I haven't been able to get much more details about it but there is a trojan out there that patches itself into BlackICE+zonealarm.

    ZoneAlarm had updated thier software to stop it a month or so back.



  • Advertisement
  • #7
    Decay
    Closed Accounts Posts: 54 ✭✭Decay


    Blackice is good at catching the inbound stuff but not hot at outbound.

    Try ww.grc.com especially http://grc.com/lt/leaktest.htm to test. If you turn off zone alarm and leave Blackice on everything gets sent out without any trouble.

    Did you figure out which trojan it was?



Advertisement