- Apr 24, 2001
- 5,976
- 473
- 126
Hi there,
I have a weird issue here.
For the past two weeks, my internet connection has been acting up... sometimes I just couldn't access the internet anymore. Mind you, I have two computers in the house, connected to through a router. They both run W2k SP4.
I tried repeatedly to reset the modem and router, but yesterday I just couldn't access the internet anymore, no matter what I did. I use Mozilla on both machines, but every now and then, when the connection kept dropping, I launched IE (it starts faster) to verify if the access to the internet was re-established.
And so, yesterday, while trying to shut down one of the machines - I'll call it AMD - , after closing IE, I had the surprise to see 15 or 20 IE windows open suddenly on my desktop, and then disappearing. It all took one second or so.
"Hmm... " I said to myself "...that was odd. I don't remember launching IE so many times."
Anyway, this was just another thing to worry about, while my main concern was the fact that I can't connect anymore.
So I called the internet provider. The techs confirmed that my connection is good, so we went step by step into trying to fix things. I had to disconnect the router, try to set up the connection directly via the main computer in the living room - I'll call this machine Intel - and eventually we discovered a corrupted Winsock protocol.
So once the connection was re-established, I proceeded to reconnect to the router.
Here I must give you another piece of background data. Intel is a much better-protected computer, since I have both Norton SystemWorks 2002 and McAfee Viruscan 7 on it. I also have Ad-aware and Spybot S&D. Meanwhile, AMD does not have the antivirus programs installed yet, despite the fact that it's my main download machine. Oh, in case you wonder: I'm member in a closed BT community, and I download stuff exclusively from there. Nothing else. And I never surf porn sites... as unbelievable as it may sound
OK, now back to my main story. Upon reinstalling everything through the router, and restarting Intel (AMD was shut down since yesterday) I found that the tray icons for both Norton and McAfee have disappeared. Moreover, while trying to launch McAfee, I receive the warning message that "McAfee files are corrupted. Please reinstall"... Hmmm... And then, I try to launch Norton, and before I can access it, I get an Internet Explorer error window, asking me if I want to continue to run scripts on this page. "Huh? but i didn't even launch IE after rebooting!??" And If I access the Norton Antivirus service from the main Norton Utilities menu, all the items are just shown as "refreshing" ... but no indication whether they are on or off.
Hmmm... Well, I haven't had Internet access in two days, let me check my web-based e-mail. I open Yahoo! e-mail, and read my messages, then I minimize the Mozilla window and go to the other room, to turn the AMD machine on. And while I'm there, I launch Mozilla as well, to check out ATOT (LOL)... And I restart my BT downloads. Suddenly, Mozilla opens a window - not a pop-up, a full window! - with some advertisements right in front of my eyes. I wasn't even touching the damn keyboard! And lo and behold, I go to the living room, and on the screen of Intel there's another window for some site I never heard of (animation and sound, something about accelerating download speeds).
WTF?
Then I start piecing things together. I run Adaware on both machines, and then Spybot S&D. Both programs find all kind of stuff, but what's most worrisome is that Spybot finds this DSO exploit thingie, along with a registry entry. And no matter how many times I run S&D and delete it, it keeps finding it again upon the following run.
What's worse is that I have to stop my investigations and go to work (yeah, annoying, in situations like these!)
Right now I'm at work, and during the break I had the chance to google "DSO Exploit"... pretty scary stuff.
It makes me wonder if someone was remotely using my Internet connection all along, and my machine as well... Was I hacked? And if I wasn't hacked, how come I have all this crap? I'm usually a paranoid person, and run scans on a regular basis (every month). Right now, my Norton seems busted, and definitely so's McAfee... and there's this DSO exploit that I have to get rid of.
OK... so what do I do? I intend to go home tonight, and follow Schadenfroh's guide (stickified here, in the Software forum) on both machines, to purge all the crap. I hope it'll get rid of DSO as well, since I don't remember it being mentioned there.... If you have tips on this f*&^er, please post'em here. Then I guess I have to erase and re-install both Norton and McAfee, this time on both computers.
But what about protecting myself from this type of crap in the future? What security measures do I have to take? If these were all passive stupid malware, that's one thing... But what if I was hacked? I thought the hardware firewall in the router will deflect attacks. Questions... questions...
Anyway, I'd better stop, before some joker asks me for a Cliff's Notes version. If you have any suggestions or ideas, please post them. Thanks much.
I have a weird issue here.
For the past two weeks, my internet connection has been acting up... sometimes I just couldn't access the internet anymore. Mind you, I have two computers in the house, connected to through a router. They both run W2k SP4.
I tried repeatedly to reset the modem and router, but yesterday I just couldn't access the internet anymore, no matter what I did. I use Mozilla on both machines, but every now and then, when the connection kept dropping, I launched IE (it starts faster) to verify if the access to the internet was re-established.
And so, yesterday, while trying to shut down one of the machines - I'll call it AMD - , after closing IE, I had the surprise to see 15 or 20 IE windows open suddenly on my desktop, and then disappearing. It all took one second or so.
"Hmm... " I said to myself "...that was odd. I don't remember launching IE so many times."
Anyway, this was just another thing to worry about, while my main concern was the fact that I can't connect anymore.
So I called the internet provider. The techs confirmed that my connection is good, so we went step by step into trying to fix things. I had to disconnect the router, try to set up the connection directly via the main computer in the living room - I'll call this machine Intel - and eventually we discovered a corrupted Winsock protocol.
So once the connection was re-established, I proceeded to reconnect to the router.
Here I must give you another piece of background data. Intel is a much better-protected computer, since I have both Norton SystemWorks 2002 and McAfee Viruscan 7 on it. I also have Ad-aware and Spybot S&D. Meanwhile, AMD does not have the antivirus programs installed yet, despite the fact that it's my main download machine. Oh, in case you wonder: I'm member in a closed BT community, and I download stuff exclusively from there. Nothing else. And I never surf porn sites... as unbelievable as it may sound
OK, now back to my main story. Upon reinstalling everything through the router, and restarting Intel (AMD was shut down since yesterday) I found that the tray icons for both Norton and McAfee have disappeared. Moreover, while trying to launch McAfee, I receive the warning message that "McAfee files are corrupted. Please reinstall"... Hmmm... And then, I try to launch Norton, and before I can access it, I get an Internet Explorer error window, asking me if I want to continue to run scripts on this page. "Huh? but i didn't even launch IE after rebooting!??" And If I access the Norton Antivirus service from the main Norton Utilities menu, all the items are just shown as "refreshing" ... but no indication whether they are on or off.
Hmmm... Well, I haven't had Internet access in two days, let me check my web-based e-mail. I open Yahoo! e-mail, and read my messages, then I minimize the Mozilla window and go to the other room, to turn the AMD machine on. And while I'm there, I launch Mozilla as well, to check out ATOT (LOL)... And I restart my BT downloads. Suddenly, Mozilla opens a window - not a pop-up, a full window! - with some advertisements right in front of my eyes. I wasn't even touching the damn keyboard! And lo and behold, I go to the living room, and on the screen of Intel there's another window for some site I never heard of (animation and sound, something about accelerating download speeds).
WTF?
Then I start piecing things together. I run Adaware on both machines, and then Spybot S&D. Both programs find all kind of stuff, but what's most worrisome is that Spybot finds this DSO exploit thingie, along with a registry entry. And no matter how many times I run S&D and delete it, it keeps finding it again upon the following run.
What's worse is that I have to stop my investigations and go to work (yeah, annoying, in situations like these!)
Right now I'm at work, and during the break I had the chance to google "DSO Exploit"... pretty scary stuff.
It makes me wonder if someone was remotely using my Internet connection all along, and my machine as well... Was I hacked? And if I wasn't hacked, how come I have all this crap? I'm usually a paranoid person, and run scans on a regular basis (every month). Right now, my Norton seems busted, and definitely so's McAfee... and there's this DSO exploit that I have to get rid of.
OK... so what do I do? I intend to go home tonight, and follow Schadenfroh's guide (stickified here, in the Software forum) on both machines, to purge all the crap. I hope it'll get rid of DSO as well, since I don't remember it being mentioned there.... If you have tips on this f*&^er, please post'em here. Then I guess I have to erase and re-install both Norton and McAfee, this time on both computers.
But what about protecting myself from this type of crap in the future? What security measures do I have to take? If these were all passive stupid malware, that's one thing... But what if I was hacked? I thought the hardware firewall in the router will deflect attacks. Questions... questions...
Anyway, I'd better stop, before some joker asks me for a Cliff's Notes version. If you have any suggestions or ideas, please post them. Thanks much.
Facebook
Twitter