PDA

View Full Version : Privacy Problem



king_143
11-23-2003, 12:09 AM
My friend :P sent me a file :D :ahha: :ahha: . I opened the file :lol: :lol: . It was a executable file. After this my friend :evil: started telling all the details I have in my computer. He tells me the pages I am viewing, my yahoo username's and password. He has a record of every damn thing I do with my computer. :( :( :( :( :( :( :( :( :(
My computer is connected to a home network and the server has a firewall software in it. I tried to scan my ports using the web-based softwares. But they gave that there are no open ports.

Can any one help me from stopping this guy :evil: from further getting my details. (I stopped using my home computer and using my college computer) :( :( .

Please help me :( :( :(

dinesh
11-23-2003, 12:45 AM
Most probably it is a listening software, which listens and compiles all your keystrokes. Plenty of softwares of this type is available on the net.
The best thing to do is to check whether any unexplained processes are running. Open the task manager and check under the active processes.
Also run msconfig and check unde rthe 'stratup' tab, whether there are any unexplained processes set to run on startup. Just unselect them, and choose selective startup.

Having said all this, it is still very unclear, how this software connects to the net. If you don't have Zonealarm (www.zonelabs.com), install it, and it will ask you permission for every single process trying to connect to the net. You could easily find it out this way.

As for server firewall software, they don't really check for outgoing traffic. They only have a strict vigil over incoming traffic. So if this particular process has, say for example, an SMTP engine built-in, then when it asks to connect to the net, it will obviously get it from the server firewall, because there is no indication of it being malicious. So, it could be the process connecting to your friend, and not vice versa.

king_143
11-23-2003, 09:27 PM
Thank you Shidinesh,
I used msconfig and remove a file named GODBless.exe and this was the only one with a peculiar name. I removed it, I think now I have got rid of the problem.
I used aatools , 30day trial version and traced the route to mail.yahoo.com and found it went to mail.yahoo.akadns.net. I have put this site in restricted list.
I also found there were 234 invalid entry lists in my registry and I have cleaned them too using aatools.
Thank you for your advice.