General discussion

Locked

Net Spy

By aeecct ·
The XP (Home edition) on the Dell computer that I look after seems to be under attack by a hacker using the Net Spy trojan program. Always on bootup Nortons 2003 Internet Security reports that there will be three or four blocked attacks from the outside using the Net Spy program. The address given is: 127.0.0.0.1. I have been told that this address is from within the local network. There isn't a local network. There are 5 computers that share a wireless DSL modem. They are not networked (in no way directly connected) together. These "attacks" were occuring before the other 4 were joined to the modem. For the record, the other OP Systems are: XP, Win98, and 2 which are Mac OS10. Nortons Anti-Virus does not find any trace of any virus. There is a anti-Spyware program (SpyBot S&D) also run regularly on this system.

What is going on? How can it be stopped?

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by TheChas In reply to Net Spy

You may not have set up a network between the computers.

However, the wireless connection to the DSL modem IS a network!

The first thing you need to do, is to enable ALL security option on the wireless router.

Most likely, you have someone who is tapping in and using your DSL connection. If you don't have strong wireless security enabled, it is fairly easy for someone with a laptop with a wireless card to simply park nearby and use your DSL connection and attempt to tap into your PCs.

Chas

Collapse -

by aeecct In reply to

Poster rated this answer.
I'm sorry, this is not the answer. Thank you for reponding. The "HOME PORTAL" (brand) by 2 Wire maintains a monitoring web page that shows all devices connected to the portal (modem). All connected devices are accounted for. Also, the hacker would have to be within visable range.

Nortons Log entries for this attack is specific that the attack is from the outside (somewhere downline) and gives the bogus I.P. address and the port being attacked. 2Wire support and sbcglobal support have not been able to provide a satisfactory explaination either. Trying to comunicate with Nortons A.I. is worse than yelling at the monitor. Thanks again for responding. Any other thoughts?

Collapse -

by Woody H In reply to Net Spy

I am shocked no one has said this sooner. The IP 127.0.0.1 is your LOCALHOST. If you ping 127.0.0.1 you are basically pinging your NIC within your computer. If you are receiving hits from that IP address that means that your computer is infected with this trojan OR something in your computer is trying hit your pc using the same ports as that trojan. Firewall programs that monitor for trojans like that look for hits on known ports for these trojans. If I were you, I would get a trojan scanning program and scan your computer. There is no way the other computers are hitting you from your localhost ip address. If its anything, its local, without a doubt. Hope this helps.

Woody

Back to Windows Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums