Page 1 of 2 12 LastLast
Results 1 to 15 of 26

Thread: IT department informed me of... [FIXED]

  1. #1
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941

    IT department informed me of... [FIXED]

    my PC accessed the internet 20,000 times on Friday while I was on vacation... I came back today and was told this. I asked them for more information but they clearly did not tell me anything.. I asked them over what port, what IP etc.. they didn't know.

    I am running a scan right now for worms, trojans and bots... virii... etc....

    Will be updating my firewall, and making sure this doesn't happen again. I think they nearly shit their pants LOL
    The IT guy was shaking when he came to talk to me LOL But he was friendly and even spoke in English which he rarely does.

    Oh, to the world of the internet.

  2. #2
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941
    Think I found the cause:
    see attachment

    Gladiator AV doing a fine job at finding the nasty virii that hopped into my temp files
    Last edited by Big Booger; June 23rd, 2003 at 06:33 AM.

  3. #3
    all bets are off... TZ Veteran SupaStar's Avatar
    Join Date
    Jul 2002
    Location
    Australia
    Posts
    1,680
    Hehe...they'll do that...

  4. #4
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941

    Little Netbus Trojan Info

    Information about the Netbus trojan virus:
    Netbus is a Win32 based Trojan program. This trojan can affect Windows 95, Windows 98 and Windows NT systems. Netbus trojan needs to be executed by the user for it to be installed. Once executed by the user it will install itself in such a way that it will be active all the time. Netbus adds an entry to the Windows Registry to achieve this. The presence of Netbus installed in the computer will not be evident to the affected user. There are 3 versions of Netbus and the size of these trojan files are;

    Netbus Ver 1.5 is 473,088 bytes.
    Netbus Ver 1.6 is 472,576 bytes.
    Netbus Ver 1.7 is 494,592 bytes

    You will not get infected by Netbus merely by downloading the file or receiving it by email. You will have to execute it to get infected.

    Netbus is a remote administration trojan program similar to BackOrifice. While you are connected to the internet, if this program isrunning on your computer anyone from anywhere who has got the Netbus Client program can sneak in to your computer without your permission or knowledge.The remote hacker can get any information from your computer including your passwords. He can execute programs in your computer, copy files, read your email, plant other trojans or viruses, monitor the key strokes youtype, control your mouse and a lot more. This will cause a serious security risk to the affected user.

    Netbus Ver 1.5 first appeared in March 1998, Ver 1.6 in August 1998 and the Ver 1.7 in November 1998. Each version is reported to have affected a lot of users.

  5. #5
    all bets are off... TZ Veteran SupaStar's Avatar
    Join Date
    Jul 2002
    Location
    Australia
    Posts
    1,680
    So how do you remove it? Is there a simple method? Is there a way to tell if you've been infected?

  6. #6
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941
    GAV took care of it automatically after I clicked remove

  7. #7
    all bets are off... TZ Veteran SupaStar's Avatar
    Join Date
    Jul 2002
    Location
    Australia
    Posts
    1,680
    Found this pretty useful site about NetBus Detection and Removal.

  8. #8
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941
    thanks for that. Just in case I'll give it a shot.

  9. #9
    Titanium Member efc's Avatar
    Join Date
    Sep 2002
    Location
    North Central Arkansas
    Posts
    2,329

    Talking

    As every old sailor can tell you, it is important to protect yourself when you go on liberty. You have to watch where you go on vacation.

  10. #10
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941
    Well I am glad they just caught it. Now I have to play clean up and make sure nothing like this ever happens again.

  11. #11
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,406
    Well, let me tell you.
    Maybe you all noticied that I had been out of TZ for a while, even thought I had been an active member for some weeks straight.
    I am wondering if BB works in my company, because Last Montday I detected a virus. A worm, with back door cpabilities. Man, that is nasty. This one spread thru network neighboorhood like guinea pigs in Spring
    I spend all week just catching the little $^&#, and still haven't finish. Thought nnow almost every single PC has AV installed (That will teach my boss to give me more budget for essential programs )
    I even lost 5 pounds running around. So you are lucky the TS guys asked nicely. Instead I became the dog of the net, and I didn't care who was working with what and shutdown all network until I thought it was safe to put it back online
    I love being the mean guy
    Seriously, this things will crawl where you least expect them, and spread soo fast

  12. #12
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941
    I download a software app called Pagegate as I was trying to help a member of TZ with a problem. They wanted to setup their own SMS gateway and I was trying to help them find a working solution..

    Well I got that Pagegate software from a source, now which i have forgotten, and it had that stupid backdoor netbus installed with it...

    http://www.topshareware.com/PageGate-download-253.htm

    That is the software but I got it from another source....

    http://www.techzonez.com/forums/show...sms%2A+gateway

    That shows the source.. so don't install that Pagegate software it has a trojan. I am going to post an update in that thread.

    I will no longer install software on the fly without scanning it first, no matter how reliable the source

    And the IT guy was nice, which I was thankful for. If he wasn't well, I might've decided to DoS his service for a couple days, after I figured out how to do it j/k

  13. #13
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941
    Supastar,
    That link you gave me to clean the Netbus Backdoor, was helpful. It guaranteed that I don't have it. As I looked through the registry and the key with the /nomsg was not to be found!

    Thanks.

  14. #14
    all bets are off... TZ Veteran SupaStar's Avatar
    Join Date
    Jul 2002
    Location
    Australia
    Posts
    1,680
    Originally posted by Big Booger
    Supastar,
    That link you gave me to clean the Netbus Backdoor, was helpful. It guaranteed that I don't have it. As I looked through the registry and the key with the /nomsg was not to be found!

    Thanks.
    NP BB. I checked ou my registry too...no /nomsg luckily

    Nothing ever gets executed on my PC without first being scanned by NAV. Not even the smallest 2KB app

    I quickly learn from my mistakes...

  15. #15
    Titanium Member efc's Avatar
    Join Date
    Sep 2002
    Location
    North Central Arkansas
    Posts
    2,329

    Angry

    I had my laugh above. That was before I discovered that I also had a problem.

    In trying to assist Lynchknot with his website issue, I installed 1stPage on my computer from an old disk. It turned out to contain a trojan called JS/Loop. AVG and SwatIt had not found it.

    After an uninstall/reinstall/update of AVG it immediately found the trojan. Somehow it had been turned off. When or how is the question. I'm reassessing my AV protection.

    After Conan's comments and a little extra research, I am going to pay for a registered copy of Trojan Hunter. I still haven't decided on my main AV program. I have used the free AVG for over a year and have been happy with it, until now. Sorry Donna, I just don't like the interface for GAV. I also don't like Norton and Mcaffee. More thought is called for.

    By the way, I found the original problem by installing SiMeeter. It revealed system activity when there shouldn't have been any.

    I'm open to suggestions.
    Linux Mint Debian Edition

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •