Nov 8, 2009

Windows XP Exploit - Please Help.

 		free web hosting
Open Discussion & Free Web Hosting > Computers & Tech > Security issues & Exploits

Windows XP Exploit - Please Help.

uapconsole
Jan 2 2007, 09:01 AM
Hello everyone. I have a dell desktop running windows xp home edition. AVG virus checker found an exploit in Firefox's application database in My Documents.

I moved it to the "vault" in AVG. I have several clients to check the safety of my computer and it seems like my machine is secure, however, there is one problem.

My DHCP-cable modem is directly hooked to my computer. However, even when the computer is idle, the "Send/recieve" LED's (lights) constantly blink. Do I still have the exploit or somehow I can't catch the "Trojan" the exploit installed?

I run a home business and security is #1, so this makes me very concerned. I'd be grateful for all feedback.

Thank you and happy new years.
- Demirelli

Comment/Reply (w/o sign-up)

Mark420
Jan 2 2007, 10:54 AM
Sounds like you need a firewall as well as some virus protection..what firewall are you using? the winxp built in one? if so get rid of it and get something like Zonelabs or Black Ice..
Also I would do a deep scan with something like Adaware just to check whats eben left behind if anything by the exploit..my guess is that AVG has done its job because its one of the best anti virus on the market.


Comment/Reply (w/o sign-up)

ne0
Jan 2 2007, 04:28 PM
Probably there are no trojans there.
First look at the connection status. Are there any sent/received bytes?

My best recommendation to you is to hook all the connections (TCP/IP). To do this you should download a tool named CPorts (or CurrPorts). You can download it from www.nirsoft.net .
So what does this tool do ?
It shows all the TCP/IP connections, the ports TCP/UDP and all open ports. By this tool you can view what kind of applications are making connections. So then you can find which of your application (or any running process) is connected to somewhere else.
By the connection you can find the IP adress of the host that application is connecting to. If that IP address belongs to untrusted "X" host then you can kill that application (process). But before killing that proces i recommend to capture for data on that connection. By capturing you can exactly know what kind of informations are uploading/downloading. So in order to capture i recommend you to download a tool named SmartSniff from www.nirsoft.net. SmartSniff captures all the TCP/IP packets that pass through your network adapter. After that probably you will be sure that "x" process is doing "x" things.

Or there maybe some another things ... It's up to your reply. smile.gif

Happy New Year!

 

 

 


Comment/Reply (w/o sign-up)

uapconsole
Jan 2 2007, 07:07 PM
Thank you for replying, guys. I have a desktop dell and gateway laptop on a wireless network. Router New Linksys/Cisco powered wireless router/switch. My WAN/ISP connection is standard 384kbs DHCP-cable modem from Charter communications.

Both machines run windows xp home edit. they run AVG for virus scanning and Zone Alarm for firewall. AVG did find an exploit in my documents/firefox/...application data/...

I placed this file in the "virus vault" of avg agent. Now, there are no reports of exploits. However I am still a bit paranoid about these LEDs flashing on the cable modem. The Receive Led "flickers" even if both machines are idle. I even turned both machines off completely and the lights continued to blink. This leads me to conclude that perhaps there is a trojan client trying to shake hands with Trojan server that might be installed on one of my nodes. I hope I am being too paranoid, but its good to be on the safe side. I will try the TCP monitor you suggested, Neo, Happy New Years .

Comment/Reply (w/o sign-up)

FirefoxRocks
Jan 2 2007, 09:50 PM
The lights on my cable modem blinks even when my computers are off.
It is just an occasional message that your ISP sends you in order to test your connection and stuff like that. It isn't a harmful data packet that is going through (I hope).

Anyways, I wish you best of luck to figure out what it is. And hopefully it isn't something malicious attempting to connect. :|

Comment/Reply (w/o sign-up)

tansqrx
Jan 3 2007, 08:18 PM
There is a lot of garbage that passes through an unfiltered cable connection. One possibility is of course your ISP sending its routine maintenance packets. On my particular network, the raw stream is filled with ARP packets from everyone on my node. I live in a fairly rural area so that could be many square miles.

In the end, think of your cable modem as a miniature computer. It has its own memory, processor, and operating system. Even if your main computer is off, this small computer is still running in the background receiving packets from the Internet. Depending on the model, even if nothing is attached the modem, it can still send ping relies and you can possibly remotely connect to the modem. Some networks are not internally switched so you are actually seeing every conversation on your node. Add to that the fact that just about every IP gets scanned several times a day (possibly 100s) by automated port scanners. In the end, there are a lot of raw packets hitting your cable modem.

A more valid reporting mechanism would be to look at the modem link light. These are the packets that are actually forwarded to your network (in this case you computer). Not every packet hits your computer and this should be a better indication of how much traffic you are receiving. Another monitoring tool is WireShark (formally Ethereal) located at http://www.wireshark.org/. It’s free and all you have to do is open a listener and see what is actually hitting you computer. I’m on the paranoid side so I actually listen to my traffic several times a month just to make sure nothing nasty has gotten in and is trying to phone home. In most cases you should have a very quiet wire as long as you are not surfing the net and avoid the occasional antivirus update.

I think the best solution for you is to get a hardware firewall or even a NAT router. This will stop 99% of the traffic from getting to you computer. I make this a recommendation to everyone who has a computer and just not in your case.

Comment/Reply (w/o sign-up)

Lewisthemusician
Jan 5 2007, 11:13 PM
download more anti-virus's and search for virus's
I sugguest Spy Bot Search & Destroy

Comment/Reply (w/o sign-up)

FirefoxRocks
Feb 2 2007, 04:45 AM
Multiple Antivirus and Firewall will NOT help. They can cause compatibility issues and will interfere with each other.

Multiple anti-spyware software WILL help because sometimes one doesn't catch all of them. I once had up to 7 anti-spyware programs on my computer. I still have the installation files, just that they can't be installed because Shaw Secure won't allow me to.

SpyBot S&D, Ad-Aware Personal Edition, Yahoo! Toolbar with Anti-Spy are all good software to use to defend yourself from spyware.

Comment/Reply (w/o sign-up)

Grafitti
Feb 3 2007, 05:26 AM
ZoneAlarm's new firewall is pretty tough on rules. I would suggest you try that. When it's running, select "Lock all internet activity" and then see if the lights on the modem still blink. If they do, then that's just the modem checking in, possibly rejecting pings, whatever. then again, any decent firewall should have that option, so probably whatever you're running has it too.
For the paranoid, I haven't found anything yet that beats Kaspersky. I don't use it because it slows down the computer somewhat in its realtime scanning mode, but i don't know how much more secure you can get than that.

Comment/Reply (w/o sign-up)

Got an Opinion! Express your Views! (no registration):-
Add your Reply/ Opinion/ Views/ Comments/ Suggestion/ Questions/ Queries etc.
Posts with decent grammar & English will be accepted and please refrain from profanities.
For asking a Question, We recommend you to sign-up (for free) so that you can track the topic easily.
Nature of your Post*: Opinion/ Reply/ Comments
Question/Query
Feedback to us.
       
Name   Email
Title/Question*

This textarea will convert to Rich-Text automatically (IE, Firefox, Chrome)

Similar Topics

Keywords : windows, xp, exploit

  1. Difficult To Believe: Pdfs Put Windows Xp At Risk, Says Researcher
    (20)
  2. MS Windows CSRSS Vulnerability
    (4)
    There's a vulnerability in MS Windows that may cause serious problems related with the module
    csrss.exe . Here below is listed vulnerable systems: QUOTE Microsoft Windows XP Tablet PC
    Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition
    Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP
    Professional Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition
    SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP2 Microsoft Wind....
  3. Windows Has Slowed To A Crawl
    surely sp2 is not the cause (4)
    I am trying to figure what is wrong with this one copy of Windows that has slowed to crawl since I
    installed sp2. I certainly hope that sp2 is not the cause so I am searching for malicious software
    undetected by spybotS&D, avast, and AdAware. My troubles with ZoneAlarm has left my computer
    unprotected by any firewall at times and then the efforts to fix my DSL connections had me
    connecting directly to the modem rather than through the router as I usually do. So it is possible
    that something has gotten through. I am particularly suspicious of the services I cannot s....
  4. My Windows Isn't Genuine?
    (16)
    Ugggg, I just found out (from my computer!) that my Operating System (XP Pro) isn't
    genuine /mad.gif" style="vertical-align:middle" emoid=":angry:" border="0" alt="mad.gif" /> I
    got a great deal on a used computer from a Swap Meet a few months ago. Will Microsoft accept a
    letter or something, along with a little toy cash register receipt and give me a license key, or
    will I have to buy a new copy? Dang, I should have known better, from now on, I'm building my
    own systems (I've been studying!) ....
  5. Keep Your Windows XP Protected
    A discussion. (9)
    Dear Members As you all may be aware of the spywares, trojan horses,viruses which are troubling us.
    I have found out a descent way of protecting owr PC's from these harmful stufs. I run a cyber
    cafe and use windows xp home version. I am describing my way of protecting pc's:- 1. Frist of
    all I have downloaded the windows XP service pack 2. 2. Then I have downloaded Avg Free. 3. Lastly
    I have downloaded Windows Defender. 4. What I do is that, I have created two accounts in my
    computer. One Admin which have Administrator rights another guest account. I use the ....
  6. Windows XP Logon Script
    (12)
    Microsoft Windows XP logon script has (had) a fatal bug in it- When you see the new
    (funky) Windows XP Logon screen, it shows all the available users. 1. Press Ctrl+Alt+Del twice so
    that the formal (earlier Windows) logon dialog box pops up. 2. Then, select Administrator as the
    username and enter Any password greater than 32 chracters in the password field. 3. Windows will
    give you a buffer overflow error. Click OK or Cancel and you're looged-in as administrator!!!
    Well, this exploit was corrected my Microsoft in SP1 and SP2. Three cheers! -Omkar....
  7. Asta Worm ALERT: Exploit.Win32.WMF-PFV Trying To Infect
    (4)
    WARNING: To all members While browsing the forums, you might face a strange pop-up asking
    you to download a .wmv file. DO NOT download and/or try to play this. The pop-up looks somewhat like
    this (provided by Dha: I believe this is being spread through one of the Ads displayed at Asta.
    Some guy has this worm embedded in his ads - that's the only logical explanation I can find..
    Different anti-virus might identify it with different names - but essentially, it's a variant of
    the following worm. Most likely it's coming from an ad of taalkzforum.....
  8. IE6 & IE7 Beta 2 Address Bar Spoofing Exploit
    Source from Secunia (4)
    So far there isn't a patch and the tests have been conducted on a fully uptodate Windows XP
    Machine running IE6 and confirmation on IE7 Beta 2 also suffering. Here's the link, test your
    browser and see if you're vulnerable. http://secunia.com/advisories/19521/ Be sure that you
    get notified of the update for this or just continue keep checking for Windows updates. I don't
    run IE6, so cannot confirm it but others have said it does exploit them. Cheers, MC....
  9. Gmail Exploit: Discovered By 14 Years Old Boy
    (33)
    Anthony show in a blog his gmail discovered exploit. He said that he tried to send an Javascript
    messages to his own gmail mailbox and he discovered that that small code was really executed. This
    kind of failures allows any person to steal data, mail address, informations etc. Althougt gmail
    already correct this exploit. Anthony's Blog Cheers ....
  10. Worm Alert - W32.zotob.a
    new worm to hit Windows PCs (8)
    A new worm has been detected by multiple antivirus and security specialists. It's called ZOTOB
    and is exploiting security holes that have been earlier highlighted in Microsoft Security Bulletin
    MS05-039 . The worm affects Win2000 systems and newer. Win 98, ME etc. are not currently thought to
    be at risk although, one must always keep the holes plugged. Details regarding what it does exactly
    and removal instructions can be found at Symantec's site and also at Microsoft's ZOTOB
    Advisory page The hole allowing Zotob to infect and spread can be fixed by i....
  11. Cracked Windows "genuine Advantage"
    (news only) (1)
    When I was shocked when I saw this QUOTE MICROSOFT'S bid to refuse access to updated
    versions of Windows has been foiled by hackers. The Vole had demanded that those who wanted Windows
    updates, other than security improvements, had to download an Active X program that sniffed their
    operating system to see if their OS had been pirated. It took about 24 hours for hackers to come up
    with a solution involving IE script, the hackers claim. source:
    http://www.theinquirer.net/?article=24961 If I am not wrong, Microsoft spent more than one year to
    build up this....
  12. Another Exploit In Phpbb 2.0.17
    ... (7)
    Acyd Burn the Development Team Leader of phpBB posted this today, looks like another phpBB
    exploit... /sad.gif" style="vertical-align:middle" emoid=":(" border="0" alt="sad.gif" />
    here's the upgrade link, upgrade now... http://www.phpbb.com/downloads.php QUOTE Hi
    everyone, phpBB Group announces the release of phpBB 2.0.17, the "no, we did not forget naming it
    last time" release. This release addresses several bugfixes and some low security issues as well as
    the recently seemingly wide-spread XSS issue (only affecting Internet Explorer). Please have a look....
  13. Windows Sercurity Centre Is Spyware?
    (8)
    Unbelieveable but true - ever since I've reinstalled windows, I've been getting this message
    from windows security centre in a dialogue box that my computer is not properly protected and blah,
    blah.... and it asks me whether i want to learn how to protect my computer (as if i don't know)
    if i click yes, it opens firefox and takes me to this site which obviously is not a microsoft
    site. also, many times i get a baloon with a similar message. when i click it, norton says that a
    "trojan horse" was detected and deleted. so is this how microsoft protects my comp....
  14. Aim Virus Messing Around With My C:\windows Folder
    (10)
    Okay, so I was talking to my friend on IM yesterday and then she sends me a message saying OMFG LOOK
    AT HER or something like that and then a link. I stupidly opened it and then two seconds later she
    IMs me telling me not to cause it seems to be a virus. Usually I don't accept those kind of
    things but it was from her so I let my guard down. Apparently she had got it from another one of her
    friends. It's a .pif virus I know that much but it doesn't do much, I can still open AIM
    and my task manager with no weird things but when I reboot my computer, my C:\WIN....
  15. Windows Xp: Simple Way Of Obtaining Admin Access
    (8)
    I doubt this can even qualify as an exploit, but here is a way to obtain admin access for windows xp
    in less than 5 minutes. 1. Restart the computer in safe mode 2. When the computer boots up you will
    be at the user's screen. All users will be displayed here, and one extra should appear at the
    top of the screen 'Admin'. 3. Use the Admin user, it doesnt require a password. Here you
    can do anything you can normally do as admin, change user restrictions, create users...the works.
    Almost everyone here probably know this, but for those who dont...have fun. ....
  16. Microsoft Windows "mshta" Code Execution Exploit
    (0)
    From SecurityFocus http://www.securityfocus.net/archive/1/395...10/2005-04-16/0 There is a _New_
    exploit which affects the MSHTA (Microsoft HTML Application Host), using a simple program it's
    possible to create file from a *.hta with a _strange_ extenstion(*.foo *.ghgh *.asd) and this file
    will be executed by the MSHTA so if u put some malicious Vbs or JS in the *.hta the risk is very
    high.... http://www.frsirt.com/exploits/20050414.ms05016.php this is the source of the program
    to create the malicious files I've tested it on Xp Sp1 and Xp SP2 and both sy....
  17. New Internet Explorer Exploit!
    (7)
    The past day 12, Microsoft published another new bulletin of security: MS05-020 . This time is a
    remote code execution. The immediate update is advised, due to being a critical bug. First exploit
    already has published it SkyLined /mad.gif" style="vertical-align:middle" emoid=":angry:"
    border="0" alt="mad.gif" />....


      18. Looking for windows, xp, exploit

See Also,

*SIMILAR VIDEOS*
Searching Video's for windows, xp, exploit
advertisement



Windows XP Exploit - Please Help.

Affordable Web Hosting, Low cost Web Hosting - ComputingHost.com