Fucking Hackers...

[Guest Deeswift]

File Version :  5.1.2600.2180
File Description :	Generic Host Process for Win32 Services (svchost.exe)
File Path :  C:\WINDOWS\system32\svchost.exe
Process ID :  0x504 (Heximal) 1284 (Decimal)

Connection origin :	remote initiated
Protocol :  UDP
Local Address :  80.229.*.*
Local Port :  1029 
Remote Name :  	
Remote Address :	61.152.158.109
Remote Port :  	49399 

Ethernet packet details:
Ethernet II (Packet Length: 522)
Destination:  00-0a-e2-10-49-c0
Source:  02-0a-e2-10-49-c0
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
 .1.. = Don't fragment: Set
 ..0. = More fragments: Not set
Fragment offset:0
Time to live: 45
Protocol: 0x11 (UDP - User Datagram Protocol)
Header checksum: 0x4e1d (Correct)
Source: 61.152.158.109
Destination: 80.229.*.*
User Datagram Protocol
Source port: 49399
Destination port: 1029
Length: 8
Checksum: 0xf52a (Correct)
Data (488 Bytes)

Binary dump of the packet:
0000:  00 0A E2 10 49 C0 02 0A : E2 10 49 C0 08 00 45 00 | ....I.....I...E.
0010:  01 FC 00 00 40 00 2D 11 : 1D 4E 3D 98 9E 6D 50 E5 | ....@.-..N=..mP.
0020:  01 B9 C0 F7 04 05 01 E8 : 2A F5 04 00 28 00 10 00 | ........*...(...
0030:  00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
0040:  00 00 F8 91 7B 5A 00 FF : D0 11 A9 B2 00 C0 4F B6 | ....{Z........O.
0050:  E6 FC F9 CC 0E 78 9F 61 : 74 A9 2F E0 58 06 E1 44 | .....x.at./.X..D
0060:  6A FB 00 00 00 00 01 00 : 00 00 00 00 00 00 00 00 | j...............
0070:  FF FF FF FF 90 01 00 00 : 00 00 10 00 00 00 00 00 | ................
0080:  00 00 10 00 00 00 57 41 : 52 4E 49 4E 47 00 00 00 | ......WARNING...
0090:  00 00 00 00 00 00 10 00 : 00 00 00 00 00 00 10 00 | ................
00A0:  00 00 49 4E 46 45 43 54 : 45 44 00 00 00 00 00 00 | ..INFECTED......
00B0:  00 00 4C 01 00 00 00 00 : 00 00 4C 01 00 00 57 41 | ..L.......L...WA
00C0:  52 4E 49 4E 47 3A 20 57 : 69 6E 64 6F 77 73 20 68 | RNING: Windows h
00D0:  61 73 20 64 65 74 65 63 : 74 65 64 20 53 70 79 77 | as detected Spyw
00E0:  61 72 65 20 6F 6E 20 79 : 6F 75 72 20 73 79 73 74 | are on your syst
00F0:  65 6D 21 0A 0A 59 6F 75 : 72 20 63 6F 6D 70 75 74 | em!..Your comput
0100:  65 72 20 69 73 20 49 4E : 46 45 43 54 45 44 20 77 | er is INFECTED w
0110:  69 74 68 20 6D 61 6C 69 : 63 69 6F 75 73 20 70 72 | ith malicious pr
0120:  6F 67 72 61 6D 73 20 74 : 68 61 74 20 61 72 65 20 | ograms that are 
0130:  63 6F 6C 6C 65 63 74 69 : 6E 67 20 79 6F 75 72 20 | collecting your 
0140:  70 72 69 76 61 74 65 20 : 69 6E 66 6F 72 6D 61 74 | private informat
0150:  69 6F 6E 2C 0A 77 61 74 : 63 68 69 6E 67 20 79 6F | ion,.watching yo
0160:  75 72 20 65 76 65 72 79 : 20 6D 6F 76 65 20 61 6E | ur every move an
0170:  64 20 75 73 69 6E 67 20 : 79 6F 75 72 20 73 79 73 | d using your sys
0180:  74 65 6D 20 72 65 73 6F : 75 72 63 65 73 20 66 6F | tem resources fo
0190:  72 20 69 6C 6C 65 67 61 : 6C 20 61 63 74 69 76 69 | r illegal activi
01A0:  74 69 65 73 20 73 75 63 : 68 20 61 73 0A 66 72 61 | ties such as.fra
01B0:  75 64 2C 20 73 65 6E 64 : 69 6E 67 20 73 70 61 6D | ud, sending spam
01C0:  20 61 6E 64 20 44 6F 53 : 20 61 74 74 61 63 6B 73 |  and DoS attacks
01D0:  2E 0A 0A 0A 52 65 6D 6F : 76 65 20 61 6C 6C 20 53 | ....Remove all S
01E0:  70 79 77 61 72 65 20 66 : 6F 72 20 66 72 65 65 21 | pyware for free!
01F0:  0A 0A 56 69 73 69 74 3A : 20 77 77 77 2E 62 75 72 | ..Visit: www.bur
0200:  6E 73 70 79 2E 63 6F 6D : 0A 00                   | nspy.com..      

 

 

I get this shit all the time. I'm being contacted from a remote machine, and it's always those fucking fake Microsoft security alerts they are mimicing, or some other shit.

 

"WARNING: Windows has detected Spyware on your system!..Your computer is INFECTED with malicious programs that are collecting your private information,.watching your every move and using your system resources for illegal activities such as.fraud, sending spam and DoS attacks ...Remove all Spyware for free! ..Visit: www.burnspy.com.."

[milk]

Im always getting hacked.

Norton popping up someone trying to hack blah blah

everytime I open MSN too :s

[Guest Deeswift]

It's really annoyng isn't it. They ain't gonna get through, but I get angry with 'em for sending those stupid fake messages. As if your computer would alert you with "Windows has found blah blah, it is watching your every move". Fucking LOL!

[chile]

yeh i had a fake (fake, i think) spyware alert thing... they changed my desktop background to this site which was sayin

 

'everything you do on the internet is stored in your computer forever, and cannot be removed by conventional tools, download spyware to stop it.. blahblah..'

 

i had 3 anti spyware programs too.. fucking annoying shit, whats the point..

[Steve]

That's Messenger spam Dee - Ports 1026-1029. Fucking wankers. I edited your post a little so it doesn't show your full IP address too.

[Guest Deeswift]

Thanks Sig, you're a gent.

 

Once again, just reminding you of your gender, I know you tend to forget these things.

[Dub-Se7en]

dee, try this

 

.:.XP Antispy.:.

 

it allows you to disable the windows messenging service which is being exploited, but leaving the MSN messenger functional.

 

i used to get this all the time, since i ran this tool i've never seen it again.

[Guest Deeswift]

Dude, I don't even have Messenger installed!

 

http://www.digitalvertigo.co.uk/index.php?showtopic=3214

 

Thanks though.

[Dub-Se7en]

it's not messenger, it;s the windows messenging service....

[Steve]

Messenger is the Windows Messaging Service.

[Guest Deeswift]

it's not messenger, it;s the windows messenging service....

<{POST_SNAPBACK}>

 

I don't have the Windows Messenger or any Messenger service installed, it's not what you think.

[Dub-Se7en]

it's something to do with another service called netsend. this is the service that lets the spyware through, i've used this tool on many systems with the same messages as on dee;s and it has successfully stopped the adverts getting through

[Guest Deeswift]

They are not adverts mate, they are attempted spam attacks being blocked by my firewall (Sygate).

 

I know XP-Anti-Spy, I used it years ago, and I don't actually need it because I don't have any services running that shouldn't be. I disable something like 39 services, and I can do what that software does with other software I prefer. Not doubting your suggestions as I know it'd probably be useful to anyone who hasn't already disabled their services and configured them manually or via a custom created registry tweak patch, but I don't need XP Anti-Spy.

 

Here are the services I have running at startup, the rest are manual or disabled.

 

[Dub-Se7en]

fair enough mate!

[Guest Mike Reezy]

Ok, I dont use a firewall, should I? Theres on in my wireless router, but I disabled it. SHould I be running ZoneAlarm Pro or something?

 

I used to use it and I thought it made shit all slow, and I couldnt use skype when I had Zonealarm on.

 

I have to have MSN installed because I play in a minesweeper league damn Im a nerd

[Sideshow]

you should def have a firewall mate

the skype problem will just need ports allowing through on zonealarm or sygate

[Guest Mike Reezy]

you should def have a firewall mate

the skype problem will just need ports allowing through on zonealarm or sygate

<{POST_SNAPBACK}>

 

hmmm anybody tell me how ot do this exactly?

 

I remember when I was using Zalrm tho, it was like "beep (thing pops up) mofukkaz be tryna hack your shit B" I would click "block those bitches" or whatever the option was, but I sem to remember having to do it like 3 times every 5 minutes, those hackers arent lazy are they?

[jastek]

...

Edited February 24, 2014 by jastek

[Guest Mike Reezy]

all software is free except for avid express, they have those dongles and each one is unique from the other, you need the dongle to use the program, and it only works on the copy you installed with. Any other crack proof programs you know of?

Edited March 1, 2005 by Mike Reezy

[cbay]

spyware and adware suck, they dont fuck off when you want them to. who invited them anyway.

[Guest Deeswift]

JESUS, MIKE! You don't have a firewall? You must be fucking NUTS, especially if you use shit like Kazaa too. Holy cow. GET A FIREWALL. I have one on my FTP, it's the best (Sygate). I am gonna PM you a link in 1 minute. Get that shit on your system ASAP.

[Guest Deeswift]

so what's this "svchost.exe"?  I always have like 4 instances of it running in my system tray.  I'm also wondering about "istsvc.exe" and "ccApp.exe".  I've finally switched over to Firefox, which helps alot...  I'd been using IE6, and would always get pop-ups, and knew I was getting hacked alot of times

 

Are there any good, free anti-virus softwares that anyone uses?  Is it okay to install multiple anti-virus/spyware softs, or will that bog down your system, with so many multiple programs running?

<{POST_SNAPBACK}>

 

svchost.exe = This is a regular Windws process, and it's normal to have many instances of it running. Don't be suprised if you see 4 or 5 of them running. Nothing to worry about, although other things can take control of svchost if you have some trojan or spyware type shit.

 

ccApp.exe -- I recognize this as a Norton AV process. I'd need to double-check. And the other, istsvc.exe, is spyware. You need this sorting out immediately. See this link: http://www.neuber.com/taskmanager/process/istsvc.exe.html

 

Should any of you ever be in doubt about a process or .exe, Google it. You will find out what it is within seconds. Being at DV, and helping a lot of people over the last few years with their PC's, you get to know what many things are, and I'm sure Sigma will tell you the same, but if you are in doubt, Google is your friend.

[Guest Deeswift]

 

File Version :  5.1.2600.2180
File Description :	Generic Host Process for Win32 Services (svchost.exe)
File Path :  C:\WINDOWS\system32\svchost.exe
Process ID :  0x504 (Heximal) 1284 (Decimal)

Connection origin :	remote initiated
Protocol :  UDP
Local Address :  XX.XXX.X.XXX
Local Port :  1029 
Remote Name : 	 
Remote Address :	196.34.210.212
Remote Port : 	 8710 

Ethernet packet details:
Ethernet II (Packet Length: 922)
Destination:  00-0a-e2-10-49-c0
Source:  02-0a-e2-10-49-c0
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
 .0.. = Don't fragment: Not set
 ..0. = More fragments: Not set
Fragment offset:0
Time to live: 118
Protocol: 0x11 (UDP - User Datagram Protocol)
Header checksum: 0x79cc (Correct)
Source: 196.34.210.212
Destination: XX.XXX.X.XXX
User Datagram Protocol
Source port: 8710
Destination port: 1029
Length: 8
Checksum: 0x0 (Correct)
Data (888 Bytes)

Binary dump of the packet:
0000:  00 0A E2 10 49 C0 02 0A : E2 10 49 C0 08 00 45 00 | ....I.....I...E.
0010:  03 8C 8B 52 00 00 76 11 : CC 79 C4 22 D2 D4 50 E5 | ...R..v..y."..P.
0020:  01 B9 22 06 04 05 03 78 : 00 00 04 00 28 00 10 00 | .."....x....(...
0030:  00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
0040:  00 00 F8 91 7B 5A 00 FF : D0 11 A9 B2 00 C0 4F B6 | ....{Z........O.
0050:  E6 FC A1 9D F9 B3 98 35 : 6C DC A1 4F 73 C6 27 06 | .......5l..Os.'.
0060:  48 09 00 00 00 00 01 00 : 00 00 00 00 00 00 00 00 | H...............
0070:  FF FF FF FF 20 03 00 00 : 00 00 11 00 00 00 00 00 | .... ...........
0080:  00 00 11 00 00 00 53 45 : 43 55 52 49 54 59 20 4D | ......SECURITY M
0090:  4F 4E 49 54 4F 52 00 00 : 00 00 11 00 00 00 00 00 | ONITOR..........
00A0:  00 00 11 00 00 00 57 49 : 4E 44 4F 57 53 20 55 53 | ......WINDOWS US
00B0:  45 52 00 00 00 00 00 00 : 00 00 D4 02 00 00 00 00 | ER..............
00C0:  00 00 D4 02 00 00 49 6D : 70 6F 72 74 61 6E 74 20 | ......Important 
00D0:  57 69 6E 64 6F 77 73 20 : 53 65 63 75 72 69 74 79 | Windows Security
00E0:  20 42 75 6C 6C 65 74 69 : 6E 0D 0A 3D 3D 3D 3D 3D |  Bulletin..=====
00F0:  3D 3D 3D 3D 3D 3D 3D 3D : 3D 3D 3D 3D 3D 3D 3D 3D | ================
0100:  3D 0D 0A 42 75 66 66 65 : 72 20 4F 76 65 72 72 75 | =..Buffer Overru
0110:  6E 20 69 6E 20 4D 65 73 : 73 65 6E 67 65 72 20 53 | n in Messenger S
0120:  65 72 76 69 63 65 20 41 : 6C 6C 6F 77 73 20 52 65 | ervice Allows Re
0130:  6D 6F 74 65 20 43 6F 64 : 65 20 45 78 65 63 75 74 | mote Code Execut
0140:  69 6F 6E 2C 0D 0A 56 69 : 72 75 73 20 49 6E 66 65 | ion,..Virus Infe
0150:  63 74 69 6F 6E 20 61 6E : 64 20 55 6E 65 78 70 65 | ction and Unexpe
0160:  63 74 65 64 20 43 6F 6D : 70 75 74 65 72 20 53 68 | cted Computer Sh
0170:  75 74 64 6F 77 6E 73 0D : 0A 0D 0A 41 66 66 65 63 | utdowns....Affec
0180:  74 65 64 20 53 6F 66 74 : 77 61 72 65 3A 20 0D 0A | ted Software: ..
0190:  0D 0A 4D 69 63 72 6F 73 : 6F 66 74 20 57 69 6E 64 | ..Microsoft Wind
01A0:  6F 77 73 20 4E 54 20 57 : 6F 72 6B 73 74 61 74 69 | ows NT Workstati
01B0:  6F 6E 20 0D 0A 4D 69 63 : 72 6F 73 6F 66 74 20 57 | on ..Microsoft W
01C0:  69 6E 64 6F 77 73 20 4E : 54 20 53 65 72 76 65 72 | indows NT Server
01D0:  20 34 2E 30 20 0D 0A 4D : 69 63 72 6F 73 6F 66 74 |  4.0 ..Microsoft
01E0:  20 57 69 6E 64 6F 77 73 : 20 32 30 30 30 20 20 20 |  Windows 2000   
01F0:  0D 0A 4D 69 63 72 6F 73 : 6F 66 74 20 57 69 6E 64 | ..Microsoft Wind
0200:  6F 77 73 20 58 50 20 20 : 0D 0A 4D 69 63 72 6F 73 | ows XP  ..Micros
0210:  6F 66 74 20 57 69 6E 64 : 6F 77 73 20 57 69 6E 39 | oft Windows Win9
0220:  38 20 20 20 0D 0A 4D 69 : 63 72 6F 73 6F 66 74 20 | 8   ..Microsoft 
0230:  57 69 6E 64 6F 77 73 20 : 53 65 72 76 65 72 20 32 | Windows Server 2
0240:  30 30 33 0D 0A 0D 0A 4E : 6F 6E 20 41 66 66 65 63 | 003....Non Affec
0250:  74 65 64 20 53 6F 66 74 : 77 61 72 65 3A 20 0D 0A | ted Software: ..
0260:  0D 0A 4D 69 63 72 6F 73 : 6F 66 74 20 57 69 6E 64 | ..Microsoft Wind
0270:  6F 77 73 20 4D 69 6C 6C : 65 6E 6E 69 75 6D 20 45 | ows Millennium E
0280:  64 69 74 69 6F 6E 0D 0A : 0D 0A 59 6F 75 72 20 73 | dition....Your s
0290:  79 73 74 65 6D 20 69 73 : 20 61 66 66 65 63 74 65 | ystem is affecte
02A0:  64 2C 20 64 6F 77 6E 6C : 6F 61 64 20 74 68 65 20 | d, download the 
02B0:  70 61 74 63 68 20 66 72 : 6F 6D 20 74 68 65 20 61 | patch from the a
02C0:  64 64 72 65 73 73 20 62 : 65 6C 6F 77 20 21 20 0D | ddress below ! .
02D0:  0A 46 49 52 53 54 20 54 : 59 50 45 20 54 48 45 20 | .FIRST TYPE THE 
02E0:  41 44 44 52 45 53 53 20 : 42 45 4C 4F 57 20 49 4E | ADDRESS BELOW IN
02F0:  54 4F 20 59 4F 55 52 20 : 49 4E 54 45 52 4E 45 54 | TO YOUR INTERNET
0300:  20 42 52 4F 57 53 45 52 : 2C 20 54 48 45 4E 20 43 |  BROWSER, THEN C
0310:  4C 49 43 4B 20 27 4F 4B : 27 2E 0D 0A 54 48 45 20 | LICK 'OK'...THE 
0320:  41 44 44 52 45 53 53 20 : 57 49 4C 4C 20 44 49 53 | ADDRESS WILL DIS
0330:  41 50 50 45 41 52 20 4F : 4E 43 45 20 59 4F 55 20 | APPEAR ONCE YOU 
0340:  43 4C 49 43 4B 20 27 4F : 4B 27 2E 0D 0A 0D 0A 20 | CLICK 'OK'..... 
0350:  20 20 20 20 20 20 20 20 : 20 20 20 20 20 20 20 20 |                 
0360:  20 20 20 20 20 20 20 20 : 20 20 20 20 20 20 20 20 |                 
0370:  20 20 20 20 20 20 20 20 : 20 20 20 20 20 20 20 20 |                 
0380:  20 20 20 77 77 77 2E 75 : 70 64 61 74 65 70 61 74 |    www.updatepat
0390:  63 68 2E 69 6E 66 6F 0D : 0A 00                   | ch.info...  

[Steve]

I'd go to GRC if I were you mate and make sure none of your ports are open. You should be stealthed while online and shouldn't really get any of that shit. I don't - not Messenger spam anyway.

[Guest Deeswift]

Yeah, I will try GRC again. I'm already using SocketLock though, it's installed after every new XP install I do, almost right away, and this has been my routine for a few years. I have a folder of small programs that don't need installation (RegSeeker, Tweak UI, etc), and I just drop onto drive C after the OS goes on. SocketLock, along with my Sygate, usually stealths me completely.