General discussion

Locked

Possible hack?

By PSX ·
I have a Windows 2000 machine which kept logging the following informational events in the System log:

Event 1: The user User Name successfully established a connection to The Internet (2) using the device IRDA7-1.

Event 2: The connection to The Internet (2) made by user using device IRDA7-1 was disconnected.

What is this "The Internet (2)" connection? and what is device "IRDA7-1"? I looked all over my system and could not find either this connection nor this device (looked in Network & dial-up connections, Device Manager, etc.). Could this be a component with AOL 9.0 (the user is running AOL 9.0) or could it be related to Apple's Ipod service (which installs and is enabled by default with installation of Itunes)?

Well, I disabled the Ipod service and the log events above did not come back, yet.

Can someone chime in on this? I've never seen an IRDA7-1 device nor a "The Internet" connection before.

This conversation is currently closed to new comments.

14 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by PSX In reply to Possible hack?

Update: when the user connects to AOL, event 1 is logged. When the user disconnects from AOl, event 2 is logged. Obviously AOL 9.0 is causing this but I don't see a device named IRDA7-1 any where, as well as "The Internet (2)" connection. This looks very suspicious, even if it coincides with AOL usage.

Collapse -

by BFilmFan In reply to Possible hack?

Scan the system for spyware, worms and trojans.

Collapse -

by PSX In reply to

Poster rated this answer.
Did, nothing suspicious showed up. Just the usual processes and apps.

Collapse -

by sgt_shultz In reply to Possible hack?

lemme take a flyer. it's a laptop and the IRDA-7 device is the wireless network interface card...?

Collapse -

by PSX In reply to

Poster rated this answer.

Nope! This machine is not a laptop and does not have an infrared port nor does it have a wireless card. Just plain old RJ45.

Collapse -

by BFilmFan In reply to Possible hack?

You said you scanned for viruses, worms and adware. What software did you use to check for back doors?

I would be really suspicious of backdoors with AOL on there and so many zombies specifically targeting AOL users.

Try running a scan with BOClean and see what you come up with.

Collapse -

by PSX In reply to

I started with Spybot, then AdAware, then TDS3. I haven't traied BOClean yet but there's no shareware version. I've cleaned a lot of spyware-infested machine manually (without use of spyware removers) so I do know how to spot unusual processes. However, it is a fact that some spyware and/or trojans do not show up in the Task Manager. If this is a spyware, it certainly activates itself only while AOL is in use (thus logging the two events) but I ran TDS3 (which does a good job of scanning for spyware) while an AOL session is active (and event #1 is logged) and did not find anything. I am going to call AOL about this. They may be able to give me answer.

Collapse -

by Kinetechs In reply to Possible hack?

The IRDA&-1 one is the easy one. It's an infrared device. They're on most notebook and handheld PCs.

Since you looked at your network connections already and found nothing similar to The Internet (2), I won't suggest that you do that again.

Do you happen to have a PocketPC divice? I'm thinking that it's connecting to your W2K machine through the infrared port and that the The Internet (2) connection is actually named on your PocketPC.

Possible?

Collapse -

by PSX In reply to

Again, there are no infrared devices on this PC. It's a desktop that does not have any kind of wireless devices. And there are no PPC or Palms connected to this PC either. The two events I mentioned above are logged upon AOL connection and disconnection.

Collapse -

by PSX In reply to Possible hack?

I've checked another PC that has AOL and the same events are logged. However, instead of IRDA7-1, its IRDA6-1.

Back to Security Forum
14 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums