PDA

View Full Version : has our PC been hijacked?



harding
17-05-2004, 11:22 AM
Son playing game over internet (via Jetstream) on P4 Windows XP PC.
Notice Nortons is scanning messages though Outlook Express not running.
Close game and all other programs, click on Local Area Jetstream icon and there are heaps of packets being both sent and received. Turn off local area connection and get window pop up with heading 'Symantec Email Proxy" and showing stopped email going to people we don't know with various subjects.
How do we get rid of this dastardly problem please?

Chilling_Silence
17-05-2004, 11:33 AM
First off, update your Anti-Virus software!

Then run a complete scan and find out what Virus you've likely been infected with.

From there, you can begin to repair....


Chill.

Billy T
17-05-2004, 11:36 AM
Do you have your XP firewall enabled? If not start there, but I'd recommend ZoneAlrm for better firewall protection. If you don't want to go on-line to get it you will find it (and others) on the PCW CDs. Check the new index on the latest CD.

Once you have a firewall in place you can start work on eliminating the beast that is causing the problem. Start with Adaware + Spybot (run both) then move on to more serious stuff. I can't advise on that but others here will come to the rescue.

Cheers

Billy 8-{)

harding
17-05-2004, 12:28 PM
Thanks so far - are anti virus defs are up to date, had already tried adware and spybot and hijackthis - no luck.
We have a Sonicwall - with a VPN set up. Darned if I can see where this trafic is coming from on the pc!!

Chilling_Silence
17-05-2004, 12:37 PM
Your firewall should be able to tell you, either that or download the latest Free edition of ZoneAlarm and ZoneAlarm will :-)


Chill.

Murray P
17-05-2004, 12:45 PM
Check SonicWall's logs/alerts for a pointer to the application (outlook), port, protocol and service. Check system processes while its happening as well.

Whats the content of the emails being sent. Someone could be using your system as a spam or virus zombie. You'll be looking for a tojan/backdoor in that case and your firewall and antivirus could have been compromised. Try an online scan from Symantic or Trend Micro's House Call.

Disable you VPN to see if it stops.

Cheers Murray P

drcspy
17-05-2004, 01:22 PM
go here and get TCPView it'll let you know what's connecting ...... www.sysinternals.com

tcomp
17-05-2004, 03:22 PM
You could also try to boot into "safe mode" (press F8 during boot up) and run your anti virus, ad-aware and spybot. The malicious software should not get loaded and the antivirus and spyware programmes should find it.