General discussion

Locked

TCP/IP Scripts

By rudder73 ·
I have discovered apparent outside connections to my Cable modem via TCP and UDP with the foreign adresses either listening or active. Some of the connections list an IP and some just list a name with an IP of *:*.

How do I clean these scripts from my 98 system. I use Black Ice and Norton 2004 AV. The AV prog did not detect the scripts. I used (in dos) netstat -a to find the connections.

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by jschein In reply to TCP/IP Scripts

There are many reasons for this, here is your fix:

Goto www.lavasoftusa.com and download Adaware. Install it, update it, and run it... Clean malicious files out. Something has been installed on your computer with or without your knowledge, this program will fix it.

Lastly, goto www.google.com, services and tools link. Download Googles toolbar - 1. It's free 2. It stops pop-ups.

This should get your system on the up and up. Run adaware weekly (also update it) to ensure no back-door programs get into your system. Also, if your Cable modem is router capable, block those ports or just use your Black Ice to always deny access to those ports.

Collapse -

by rudder73 In reply to

partially complete, but I still have running scripts! Anti-virii software do not detect these scripts since they are not virii. Adaware is good for someone who doesn't clean out their temp files and cookie files on a regular basis.

Collapse -

by jschein In reply to

Port 1025 is associated with Active Directory. However a trojan known as "Remote Storm" uses this port.

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "WinManager"="%System/DllRun.exe"

If you have that link, delete it.

Actions: Keylogger / Steals passwords
Registers: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\

Also check that registry.

If you need any help on identifying any of the files in these 2 directories, post what you have and we will help.

-J

Collapse -

by rudder73 In reply to TCP/IP Scripts

Adaware caught the cookies that were downloaded to my system when downloading Adaware.

I don't use search toolbars for obvious reasons; I use a program called Pop-Up Killer since it's far better than any of the other popup programs. I'm not sure if this program is still available.

I used a Prog called Registry mechanic to clean out the Registry; I still have a script running that wants to use port 1025!

Collapse -

by rudder73 In reply to TCP/IP Scripts

dllrun.exe is not in the registry; however, I did find some suspicious entries-
a requestmakecall 'dialer.exe' in HKU/software/MS/Win/CurrentVersion/telephony/HandoffPriorities.

Also found a download Accelerator named SPEEDBIT all through the registry. I did not knowingly download speedbit nor did I purchase this software. What software programs include this accelerator as part of their package? Or is this a malicious proggie? How do you clean this out?

Collapse -

by jschein In reply to TCP/IP Scripts

Please don't reject an answer if it is not wrong...

The dialer reference is part of windows, do not touch that one.

Speedbit is either installed by you clicking ok or through a backdoor. If you do not use that, you can remove it.

Are there any other files which may look like a system file, but you're not sure of, post those names here.

Also, after you modify your registry, you must reboot for those settings to take affect.

Another question... Is this XP?

Collapse -

by jschein In reply to

sorry, seen it is 98... When you hit CTRL+ALT+DELETE, post the processes which are running in your background.

Collapse -

by jschein In reply to

ok, all of those processes are normal and fine. possibly you have a hidden program running. Just trying to think of different ways for a 98 machine to see hidden processes. I know there is a program that will do it for you, I have to find it to let you know.

Collapse -

by rudder73 In reply to TCP/IP Scripts

contents of cntrl-alt-delete
t&a questions;
popupkiller;
explorer;
ccapp-norton;
atiswd32;
systray;
atitask;
blackice

Collapse -

by Antknee26 In reply to TCP/IP Scripts

As a last resort, you could also try SpyBot Search and Destroy from Cnet downloads. This picks up much more "suspicious content" than Ad-aware. I use both together on my home pc, and they constantly pick up things the other did not. Give it a shot.

Back to Security Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums