Guest Deeswift Posted February 28, 2005 Share Posted February 28, 2005 File Version :  5.1.2600.2180 File Description : Generic Host Process for Win32 Services (svchost.exe) File Path :  C:\WINDOWS\system32\svchost.exe Process ID :  0x504 (Heximal) 1284 (Decimal) Connection origin : remote initiated Protocol :  UDP Local Address :  80.229.*.* Local Port :  1029 Remote Name :  Remote Address : 61.152.158.109 Remote Port :  49399 Ethernet packet details: Ethernet II (Packet Length: 522) Destination:  00-0a-e2-10-49-c0 Source:  02-0a-e2-10-49-c0 Type: IP (0x0800) Internet Protocol Version: 4 Header Length: 20 bytes Flags:  .1.. = Don't fragment: Set  ..0. = More fragments: Not set Fragment offset:0 Time to live: 45 Protocol: 0x11 (UDP - User Datagram Protocol) Header checksum: 0x4e1d (Correct) Source: 61.152.158.109 Destination: 80.229.*.* User Datagram Protocol Source port: 49399 Destination port: 1029 Length: 8 Checksum: 0xf52a (Correct) Data (488 Bytes) Binary dump of the packet: 0000:  00 0A E2 10 49 C0 02 0A : E2 10 49 C0 08 00 45 00 | ....I.....I...E. 0010:  01 FC 00 00 40 00 2D 11 : 1D 4E 3D 98 9E 6D 50 E5 | ....@.-..N=..mP. 0020:  01 B9 C0 F7 04 05 01 E8 : 2A F5 04 00 28 00 10 00 | ........*...(... 0030:  00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................ 0040:  00 00 F8 91 7B 5A 00 FF : D0 11 A9 B2 00 C0 4F B6 | ....{Z........O. 0050:  E6 FC F9 CC 0E 78 9F 61 : 74 A9 2F E0 58 06 E1 44 | .....x.at./.X..D 0060:  6A FB 00 00 00 00 01 00 : 00 00 00 00 00 00 00 00 | j............... 0070:  FF FF FF FF 90 01 00 00 : 00 00 10 00 00 00 00 00 | ................ 0080:  00 00 10 00 00 00 57 41 : 52 4E 49 4E 47 00 00 00 | ......WARNING... 0090:  00 00 00 00 00 00 10 00 : 00 00 00 00 00 00 10 00 | ................ 00A0:  00 00 49 4E 46 45 43 54 : 45 44 00 00 00 00 00 00 | ..INFECTED...... 00B0:  00 00 4C 01 00 00 00 00 : 00 00 4C 01 00 00 57 41 | ..L.......L...WA 00C0:  52 4E 49 4E 47 3A 20 57 : 69 6E 64 6F 77 73 20 68 | RNING: Windows h 00D0:  61 73 20 64 65 74 65 63 : 74 65 64 20 53 70 79 77 | as detected Spyw 00E0:  61 72 65 20 6F 6E 20 79 : 6F 75 72 20 73 79 73 74 | are on your syst 00F0:  65 6D 21 0A 0A 59 6F 75 : 72 20 63 6F 6D 70 75 74 | em!..Your comput 0100:  65 72 20 69 73 20 49 4E : 46 45 43 54 45 44 20 77 | er is INFECTED w 0110:  69 74 68 20 6D 61 6C 69 : 63 69 6F 75 73 20 70 72 | ith malicious pr 0120:  6F 67 72 61 6D 73 20 74 : 68 61 74 20 61 72 65 20 | ograms that are 0130:  63 6F 6C 6C 65 63 74 69 : 6E 67 20 79 6F 75 72 20 | collecting your 0140:  70 72 69 76 61 74 65 20 : 69 6E 66 6F 72 6D 61 74 | private informat 0150:  69 6F 6E 2C 0A 77 61 74 : 63 68 69 6E 67 20 79 6F | ion,.watching yo 0160:  75 72 20 65 76 65 72 79 : 20 6D 6F 76 65 20 61 6E | ur every move an 0170:  64 20 75 73 69 6E 67 20 : 79 6F 75 72 20 73 79 73 | d using your sys 0180:  74 65 6D 20 72 65 73 6F : 75 72 63 65 73 20 66 6F | tem resources fo 0190:  72 20 69 6C 6C 65 67 61 : 6C 20 61 63 74 69 76 69 | r illegal activi 01A0:  74 69 65 73 20 73 75 63 : 68 20 61 73 0A 66 72 61 | ties such as.fra 01B0:  75 64 2C 20 73 65 6E 64 : 69 6E 67 20 73 70 61 6D | ud, sending spam 01C0:  20 61 6E 64 20 44 6F 53 : 20 61 74 74 61 63 6B 73 |  and DoS attacks 01D0:  2E 0A 0A 0A 52 65 6D 6F : 76 65 20 61 6C 6C 20 53 | ....Remove all S 01E0:  70 79 77 61 72 65 20 66 : 6F 72 20 66 72 65 65 21 | pyware for free! 01F0:  0A 0A 56 69 73 69 74 3A : 20 77 77 77 2E 62 75 72 | ..Visit: www.bur 0200:  6E 73 70 79 2E 63 6F 6D : 0A 00          | nspy.com..    I get this shit all the time. I'm being contacted from a remote machine, and it's always those fucking fake Microsoft security alerts they are mimicing, or some other shit. "WARNING: Windows has detected Spyware on your system!..Your computer is INFECTED with malicious programs that are collecting your private information,.watching your every move and using your system resources for illegal activities such as.fraud, sending spam and DoS attacks ...Remove all Spyware for free! ..Visit: www.burnspy.com.." Quote Link to comment Share on other sites More sharing options...
milk Posted February 28, 2005 Share Posted February 28, 2005 Im always getting hacked.Norton popping up someone trying to hack blah blaheverytime I open MSN too :s Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted February 28, 2005 Share Posted February 28, 2005 It's really annoyng isn't it. They ain't gonna get through, but I get angry with 'em for sending those stupid fake messages. As if your computer would alert you with "Windows has found blah blah, it is watching your every move". Fucking LOL! Quote Link to comment Share on other sites More sharing options...
chile Posted March 1, 2005 Share Posted March 1, 2005 yeh i had a fake (fake, i think) spyware alert thing... they changed my desktop background to this site which was sayin 'everything you do on the internet is stored in your computer forever, and cannot be removed by conventional tools, download spyware to stop it.. blahblah..' i had 3 anti spyware programs too.. fucking annoying shit, whats the point.. Quote Link to comment Share on other sites More sharing options...
Steve Posted March 1, 2005 Share Posted March 1, 2005 That's Messenger spam Dee - Ports 1026-1029. Fucking wankers. I edited your post a little so it doesn't show your full IP address too. Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted March 1, 2005 Share Posted March 1, 2005 Thanks Sig, you're a gent. Once again, just reminding you of your gender, I know you tend to forget these things. Quote Link to comment Share on other sites More sharing options...
Dub-Se7en Posted March 1, 2005 Share Posted March 1, 2005 dee, try this .:.XP Antispy.:. it allows you to disable the windows messenging service which is being exploited, but leaving the MSN messenger functional. i used to get this all the time, since i ran this tool i've never seen it again. Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted March 1, 2005 Share Posted March 1, 2005 Dude, I don't even have Messenger installed! http://www.digitalvertigo.co.uk/index.php?showtopic=3214 Thanks though. Quote Link to comment Share on other sites More sharing options...
Dub-Se7en Posted March 1, 2005 Share Posted March 1, 2005 it's not messenger, it;s the windows messenging service.... Quote Link to comment Share on other sites More sharing options...
Steve Posted March 1, 2005 Share Posted March 1, 2005 Messenger is the Windows Messaging Service. Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted March 1, 2005 Share Posted March 1, 2005 it's not messenger, it;s the windows messenging service....<{POST_SNAPBACK}> I don't have the Windows Messenger or any Messenger service installed, it's not what you think. Quote Link to comment Share on other sites More sharing options...
Dub-Se7en Posted March 1, 2005 Share Posted March 1, 2005 it's something to do with another service called netsend. this is the service that lets the spyware through, i've used this tool on many systems with the same messages as on dee;s and it has successfully stopped the adverts getting through Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted March 1, 2005 Share Posted March 1, 2005 They are not adverts mate, they are attempted spam attacks being blocked by my firewall (Sygate). I know XP-Anti-Spy, I used it years ago, and I don't actually need it because I don't have any services running that shouldn't be. I disable something like 39 services, and I can do what that software does with other software I prefer. Not doubting your suggestions as I know it'd probably be useful to anyone who hasn't already disabled their services and configured them manually or via a custom created registry tweak patch, but I don't need XP Anti-Spy. Here are the services I have running at startup, the rest are manual or disabled. Quote Link to comment Share on other sites More sharing options...
Dub-Se7en Posted March 1, 2005 Share Posted March 1, 2005 fair enough mate! Quote Link to comment Share on other sites More sharing options...
Guest Mike Reezy Posted March 1, 2005 Share Posted March 1, 2005 Ok, I dont use a firewall, should I? Theres on in my wireless router, but I disabled it. SHould I be running ZoneAlarm Pro or something? I used to use it and I thought it made shit all slow, and I couldnt use skype when I had Zonealarm on. I have to have MSN installed because I play in a minesweeper league damn Im a nerd Quote Link to comment Share on other sites More sharing options...
Sideshow Posted March 1, 2005 Share Posted March 1, 2005 you should def have a firewall matethe skype problem will just need ports allowing through on zonealarm or sygate Quote Link to comment Share on other sites More sharing options...
Guest Mike Reezy Posted March 1, 2005 Share Posted March 1, 2005 you should def have a firewall matethe skype problem will just need ports allowing through on zonealarm or sygate<{POST_SNAPBACK}> hmmm anybody tell me how ot do this exactly? I remember when I was using Zalrm tho, it was like "beep (thing pops up) mofukkaz be tryna hack your shit B" I would click "block those bitches" or whatever the option was, but I sem to remember having to do it like 3 times every 5 minutes, those hackers arent lazy are they? Quote Link to comment Share on other sites More sharing options...
jastek Posted March 1, 2005 Share Posted March 1, 2005 (edited) ... Edited February 24, 2014 by jastek Quote Link to comment Share on other sites More sharing options...
Guest Mike Reezy Posted March 1, 2005 Share Posted March 1, 2005 (edited) all software is free except for avid express, they have those dongles and each one is unique from the other, you need the dongle to use the program, and it only works on the copy you installed with. Any other crack proof programs you know of? Edited March 1, 2005 by Mike Reezy Quote Link to comment Share on other sites More sharing options...
cbay Posted March 1, 2005 Share Posted March 1, 2005 spyware and adware suck, they dont fuck off when you want them to. who invited them anyway. Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted March 1, 2005 Share Posted March 1, 2005 JESUS, MIKE! You don't have a firewall? You must be fucking NUTS, especially if you use shit like Kazaa too. Holy cow. GET A FIREWALL. I have one on my FTP, it's the best (Sygate). I am gonna PM you a link in 1 minute. Get that shit on your system ASAP. Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted March 1, 2005 Share Posted March 1, 2005 so what's this "svchost.exe"? I always have like 4 instances of it running in my system tray. I'm also wondering about "istsvc.exe" and "ccApp.exe". I've finally switched over to Firefox, which helps alot... I'd been using IE6, and would always get pop-ups, and knew I was getting hacked alot of times Are there any good, free anti-virus softwares that anyone uses? Is it okay to install multiple anti-virus/spyware softs, or will that bog down your system, with so many multiple programs running?<{POST_SNAPBACK}> svchost.exe = This is a regular Windws process, and it's normal to have many instances of it running. Don't be suprised if you see 4 or 5 of them running. Nothing to worry about, although other things can take control of svchost if you have some trojan or spyware type shit. ccApp.exe -- I recognize this as a Norton AV process. I'd need to double-check. And the other, istsvc.exe, is spyware. You need this sorting out immediately. See this link: http://www.neuber.com/taskmanager/process/istsvc.exe.html Should any of you ever be in doubt about a process or .exe, Google it. You will find out what it is within seconds. Being at DV, and helping a lot of people over the last few years with their PC's, you get to know what many things are, and I'm sure Sigma will tell you the same, but if you are in doubt, Google is your friend. Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted March 1, 2005 Share Posted March 1, 2005 File Version : 5.1.2600.2180 File Description : Generic Host Process for Win32 Services (svchost.exe) File Path : C:\WINDOWS\system32\svchost.exe Process ID : 0x504 (Heximal) 1284 (Decimal) Connection origin : remote initiated Protocol : UDP Local Address : XX.XXX.X.XXX Local Port : 1029 Remote Name : Remote Address : 196.34.210.212 Remote Port : 8710 Ethernet packet details: Ethernet II (Packet Length: 922) Destination: 00-0a-e2-10-49-c0 Source: 02-0a-e2-10-49-c0 Type: IP (0x0800) Internet Protocol Version: 4 Header Length: 20 bytes Flags: .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset:0 Time to live: 118 Protocol: 0x11 (UDP - User Datagram Protocol) Header checksum: 0x79cc (Correct) Source: 196.34.210.212 Destination: XX.XXX.X.XXX User Datagram Protocol Source port: 8710 Destination port: 1029 Length: 8 Checksum: 0x0 (Correct) Data (888 Bytes) Binary dump of the packet: 0000: 00 0A E2 10 49 C0 02 0A : E2 10 49 C0 08 00 45 00 | ....I.....I...E. 0010: 03 8C 8B 52 00 00 76 11 : CC 79 C4 22 D2 D4 50 E5 | ...R..v..y."..P. 0020: 01 B9 22 06 04 05 03 78 : 00 00 04 00 28 00 10 00 | .."....x....(... 0030: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................ 0040: 00 00 F8 91 7B 5A 00 FF : D0 11 A9 B2 00 C0 4F B6 | ....{Z........O. 0050: E6 FC A1 9D F9 B3 98 35 : 6C DC A1 4F 73 C6 27 06 | .......5l..Os.'. 0060: 48 09 00 00 00 00 01 00 : 00 00 00 00 00 00 00 00 | H............... 0070: FF FF FF FF 20 03 00 00 : 00 00 11 00 00 00 00 00 | .... ........... 0080: 00 00 11 00 00 00 53 45 : 43 55 52 49 54 59 20 4D | ......SECURITY M 0090: 4F 4E 49 54 4F 52 00 00 : 00 00 11 00 00 00 00 00 | ONITOR.......... 00A0: 00 00 11 00 00 00 57 49 : 4E 44 4F 57 53 20 55 53 | ......WINDOWS US 00B0: 45 52 00 00 00 00 00 00 : 00 00 D4 02 00 00 00 00 | ER.............. 00C0: 00 00 D4 02 00 00 49 6D : 70 6F 72 74 61 6E 74 20 | ......Important 00D0: 57 69 6E 64 6F 77 73 20 : 53 65 63 75 72 69 74 79 | Windows Security 00E0: 20 42 75 6C 6C 65 74 69 : 6E 0D 0A 3D 3D 3D 3D 3D | Bulletin..===== 00F0: 3D 3D 3D 3D 3D 3D 3D 3D : 3D 3D 3D 3D 3D 3D 3D 3D | ================ 0100: 3D 0D 0A 42 75 66 66 65 : 72 20 4F 76 65 72 72 75 | =..Buffer Overru 0110: 6E 20 69 6E 20 4D 65 73 : 73 65 6E 67 65 72 20 53 | n in Messenger S 0120: 65 72 76 69 63 65 20 41 : 6C 6C 6F 77 73 20 52 65 | ervice Allows Re 0130: 6D 6F 74 65 20 43 6F 64 : 65 20 45 78 65 63 75 74 | mote Code Execut 0140: 69 6F 6E 2C 0D 0A 56 69 : 72 75 73 20 49 6E 66 65 | ion,..Virus Infe 0150: 63 74 69 6F 6E 20 61 6E : 64 20 55 6E 65 78 70 65 | ction and Unexpe 0160: 63 74 65 64 20 43 6F 6D : 70 75 74 65 72 20 53 68 | cted Computer Sh 0170: 75 74 64 6F 77 6E 73 0D : 0A 0D 0A 41 66 66 65 63 | utdowns....Affec 0180: 74 65 64 20 53 6F 66 74 : 77 61 72 65 3A 20 0D 0A | ted Software: .. 0190: 0D 0A 4D 69 63 72 6F 73 : 6F 66 74 20 57 69 6E 64 | ..Microsoft Wind 01A0: 6F 77 73 20 4E 54 20 57 : 6F 72 6B 73 74 61 74 69 | ows NT Workstati 01B0: 6F 6E 20 0D 0A 4D 69 63 : 72 6F 73 6F 66 74 20 57 | on ..Microsoft W 01C0: 69 6E 64 6F 77 73 20 4E : 54 20 53 65 72 76 65 72 | indows NT Server 01D0: 20 34 2E 30 20 0D 0A 4D : 69 63 72 6F 73 6F 66 74 | 4.0 ..Microsoft 01E0: 20 57 69 6E 64 6F 77 73 : 20 32 30 30 30 20 20 20 | Windows 2000 01F0: 0D 0A 4D 69 63 72 6F 73 : 6F 66 74 20 57 69 6E 64 | ..Microsoft Wind 0200: 6F 77 73 20 58 50 20 20 : 0D 0A 4D 69 63 72 6F 73 | ows XP ..Micros 0210: 6F 66 74 20 57 69 6E 64 : 6F 77 73 20 57 69 6E 39 | oft Windows Win9 0220: 38 20 20 20 0D 0A 4D 69 : 63 72 6F 73 6F 66 74 20 | 8 ..Microsoft 0230: 57 69 6E 64 6F 77 73 20 : 53 65 72 76 65 72 20 32 | Windows Server 2 0240: 30 30 33 0D 0A 0D 0A 4E : 6F 6E 20 41 66 66 65 63 | 003....Non Affec 0250: 74 65 64 20 53 6F 66 74 : 77 61 72 65 3A 20 0D 0A | ted Software: .. 0260: 0D 0A 4D 69 63 72 6F 73 : 6F 66 74 20 57 69 6E 64 | ..Microsoft Wind 0270: 6F 77 73 20 4D 69 6C 6C : 65 6E 6E 69 75 6D 20 45 | ows Millennium E 0280: 64 69 74 69 6F 6E 0D 0A : 0D 0A 59 6F 75 72 20 73 | dition....Your s 0290: 79 73 74 65 6D 20 69 73 : 20 61 66 66 65 63 74 65 | ystem is affecte 02A0: 64 2C 20 64 6F 77 6E 6C : 6F 61 64 20 74 68 65 20 | d, download the 02B0: 70 61 74 63 68 20 66 72 : 6F 6D 20 74 68 65 20 61 | patch from the a 02C0: 64 64 72 65 73 73 20 62 : 65 6C 6F 77 20 21 20 0D | ddress below ! . 02D0: 0A 46 49 52 53 54 20 54 : 59 50 45 20 54 48 45 20 | .FIRST TYPE THE 02E0: 41 44 44 52 45 53 53 20 : 42 45 4C 4F 57 20 49 4E | ADDRESS BELOW IN 02F0: 54 4F 20 59 4F 55 52 20 : 49 4E 54 45 52 4E 45 54 | TO YOUR INTERNET 0300: 20 42 52 4F 57 53 45 52 : 2C 20 54 48 45 4E 20 43 | BROWSER, THEN C 0310: 4C 49 43 4B 20 27 4F 4B : 27 2E 0D 0A 54 48 45 20 | LICK 'OK'...THE 0320: 41 44 44 52 45 53 53 20 : 57 49 4C 4C 20 44 49 53 | ADDRESS WILL DIS 0330: 41 50 50 45 41 52 20 4F : 4E 43 45 20 59 4F 55 20 | APPEAR ONCE YOU 0340: 43 4C 49 43 4B 20 27 4F : 4B 27 2E 0D 0A 0D 0A 20 | CLICK 'OK'..... 0350: 20 20 20 20 20 20 20 20 : 20 20 20 20 20 20 20 20 | 0360: 20 20 20 20 20 20 20 20 : 20 20 20 20 20 20 20 20 | 0370: 20 20 20 20 20 20 20 20 : 20 20 20 20 20 20 20 20 | 0380: 20 20 20 77 77 77 2E 75 : 70 64 61 74 65 70 61 74 | www.updatepat 0390: 63 68 2E 69 6E 66 6F 0D : 0A 00 | ch.info... Quote Link to comment Share on other sites More sharing options...
Steve Posted March 1, 2005 Share Posted March 1, 2005 I'd go to GRC if I were you mate and make sure none of your ports are open. You should be stealthed while online and shouldn't really get any of that shit. I don't - not Messenger spam anyway. Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted March 1, 2005 Share Posted March 1, 2005 Yeah, I will try GRC again. I'm already using SocketLock though, it's installed after every new XP install I do, almost right away, and this has been my routine for a few years. I have a folder of small programs that don't need installation (RegSeeker, Tweak UI, etc), and I just drop onto drive C after the OS goes on. SocketLock, along with my Sygate, usually stealths me completely. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.