Bay 12 Games Forum

Please login or register.

Login with username, password and session length
Advanced search  
Pages: 1 [2] 3 4 5

Author Topic: Help! Some Amsterdam dude is hacking me! (previously virus scanner thread)  (Read 5093 times)

Angel Of Death

  • Bay Watcher
  • Karl Groucho?
    • View Profile
Re: Help! Some Amsterdam dude is hacking me! (previously virus scanner thread)
« Reply #15 on: January 04, 2012, 09:53:35 am »

Is it normal for windows defender and windows firewall to be disabled about half way through the installer?
Logged
99 percent of internet users add useless, pulled out of arse statistics to their sig. If you are the 1%, please, for the love of Armok, don't put any useless shit like this in your sig.
Hidden signature messages are fun!

Reudh

  • Bay Watcher
  • Perge scelus mihi diem perficias.
    • View Profile
Re: Help! Some Amsterdam dude is hacking me! (previously virus scanner thread)
« Reply #16 on: January 04, 2012, 10:18:30 am »

Yes, if it's windows firewall etc. it's disabled.
I haven't recently installed Comodo on a new PC so i don't know, but it should be alright.

Angel Of Death

  • Bay Watcher
  • Karl Groucho?
    • View Profile
Re: Help! Some Amsterdam dude is hacking me! (previously virus scanner thread)
« Reply #17 on: January 04, 2012, 10:36:59 am »

Comodo scan showed up nothing. Am I safe?
Logged
99 percent of internet users add useless, pulled out of arse statistics to their sig. If you are the 1%, please, for the love of Armok, don't put any useless shit like this in your sig.
Hidden signature messages are fun!

Stargrasper

  • Bay Watcher
    • View Profile
Re: Help! Some Amsterdam dude is hacking me! (previously virus scanner thread)
« Reply #18 on: January 04, 2012, 11:33:17 am »

No tool is foolproof.  If it shows nothing, then it means there's nothing obvious, not nothing there.  It sounds like you're in a position where you should be vigilant in monitoring your system.
Logged

Svarte Troner

  • Bay Watcher
    • View Profile
Re: Help! Some Amsterdam dude is hacking me! (previously virus scanner thread)
« Reply #19 on: January 04, 2012, 04:31:53 pm »

Those meddling Dutchmen...
Logged
That metal guy that pops up sometimes in places
To put it simply, Dwarf Fortress is the Black Metal of video games.

Virex

  • Bay Watcher
  • Subjects interest attracted. Annalyses pending...
    • View Profile
Re: Help! Some Amsterdam dude is hacking me! (previously virus scanner thread)
« Reply #20 on: January 04, 2012, 06:36:40 pm »

Hey normaly it reports my connection as originating from Lelys... You saw nothing!
Logged

nenjin

  • Bay Watcher
  • Inscrubtable Exhortations of the Soul
    • View Profile
Re: Help! Some Amsterdam dude is hacking me! (previously virus scanner thread)
« Reply #21 on: January 04, 2012, 06:42:36 pm »

Are you using a router? You might want to check your router settings, make sure the firmware is up to date, ect....
Logged
Cautivo del Milagro seamos, Penitente.
Quote from: Viktor Frankl
When we are no longer able to change a situation, we are challenged to change ourselves.
Quote from: Sindain
Its kinda silly to complain that a friendly NPC isn't a well designed boss fight.
Quote from: Eric Blank
How will I cheese now assholes?
Quote from: MrRoboto75
Always spaghetti, never forghetti

Virex

  • Bay Watcher
  • Subjects interest attracted. Annalyses pending...
    • View Profile
Re: Help! Some Amsterdam dude is hacking me! (previously virus scanner thread)
« Reply #22 on: January 04, 2012, 07:08:52 pm »

If you're a router you could just outright ban those IPs too, though that won't plug any leaks that he may have used to make a connection.
Logged

Angel Of Death

  • Bay Watcher
  • Karl Groucho?
    • View Profile
Re: Help! Some Amsterdam dude is hacking me! (previously virus scanner thread)
« Reply #23 on: January 04, 2012, 11:37:52 pm »

2012/01/05 01:44:30 +1030   ACOMP   A.Dude   IP-BLOCK   94.100.30.166 (Type: outgoing, Port: 57542, Process: iexplore.exe)
2012/01/05 13:12:40 +1030   ACOMP   A.Dude   MESSAGE   Starting protection
2012/01/05 13:12:43 +1030   ACOMP   A.Dude   MESSAGE   Protection started successfully
2012/01/05 13:12:46 +1030   ACOMP   A.Dude   MESSAGE   Starting IP protection
2012/01/05 13:12:47 +1030   ACOMP   A.Dude   MESSAGE   IP Protection started successfully
2012/01/05 14:16:49 +1030   ACOMP   A.Dude   IP-BLOCK   77.247.179.135 (Type: outgoing, Port: 51155, Process: iexplore.exe)
2012/01/05 14:16:49 +1030   ACOMP   A.Dude   IP-BLOCK   77.247.179.135 (Type: outgoing, Port: 51161, Process: iexplore.exe)
2012/01/05 15:07:07 +1030   ACOMP   A.Dude   IP-BLOCK   91.197.128.225 (Type: outgoing, Port: 52407, Process: iexplore.exe)

Again. I only have Youtube, B12 and Whalesdev up. What should I do?
Logged
99 percent of internet users add useless, pulled out of arse statistics to their sig. If you are the 1%, please, for the love of Armok, don't put any useless shit like this in your sig.
Hidden signature messages are fun!

alway

  • Bay Watcher
  • 🏳️‍⚧️
    • View Profile
Re: Help! Some Amsterdam dude is hacking me! (previously virus scanner thread)
« Reply #24 on: January 05, 2012, 12:06:10 am »

Try using Wireshark, and when it detects and blocks something, search that IP in the data you collected; won't give anything definitive probably, but it would at least be interesting to see what's coming in and may help determine the nature of what's going on.

My guess would be you have some sort of torrent or something, as the retry times when the attempts failed appear automated and the times aren't the sort of even on-the-hour time I would expect from a fully automated system like a botnet; though I may be wrong, as that's pretty far from my area of expertise.

As for non-academic tips... Try closing all internet explorer windows and open up task manager. Check to see if iexplore.exe is in the processes list; if it is, you have a virus masquerading as internet explorer; if not, it's probably just some internet explorer quirk which may or may not be anything malicious.
« Last Edit: January 05, 2012, 12:19:28 am by alway »
Logged

Angel Of Death

  • Bay Watcher
  • Karl Groucho?
    • View Profile
Re: Help! Some Amsterdam dude is hacking me! (previously virus scanner thread)
« Reply #25 on: January 05, 2012, 12:16:01 am »

Will Wireshark fuck around and conflict with my virus scanners?
Logged
99 percent of internet users add useless, pulled out of arse statistics to their sig. If you are the 1%, please, for the love of Armok, don't put any useless shit like this in your sig.
Hidden signature messages are fun!

alway

  • Bay Watcher
  • 🏳️‍⚧️
    • View Profile
Re: Help! Some Amsterdam dude is hacking me! (previously virus scanner thread)
« Reply #26 on: January 05, 2012, 12:22:28 am »

Before you do that, try the other advice I added at the bottom of my post; wireshark is more a curiosity thing than actually helpful. If you don't have a, iexplore.exe virus, it's probably harmless, but worth peeking at with wireshark to potentially figure out what is going on. if only to satisfy curiosity.
Logged

Reudh

  • Bay Watcher
  • Perge scelus mihi diem perficias.
    • View Profile
Re: Help! Some Amsterdam dude is hacking me! (previously virus scanner thread)
« Reply #27 on: January 05, 2012, 12:27:09 am »

Oh, that reminds me. Update your computer to the latest to patch all the holes they've found so far, assuming you're on a windows PC.

Stargrasper

  • Bay Watcher
    • View Profile
Re: Help! Some Amsterdam dude is hacking me! (previously virus scanner thread)
« Reply #28 on: January 05, 2012, 12:38:28 am »

While you can't remove IE, you can disable it from the control panel.  Try that.  Assuming that's where the vulnerability is, that could handle it.

http://www.howtogeek.com/howto/2734/uninstall-disable-delete-internet-explorer-8-from-windows-7/
Logged

Angel Of Death

  • Bay Watcher
  • Karl Groucho?
    • View Profile
Re: Help! Some Amsterdam dude is hacking me! (previously virus scanner thread)
« Reply #29 on: January 05, 2012, 09:06:57 am »

It appears as if the alerts are coming from Whalesdev. It only seemed like it was from B12 because my scanner was terminating Whalesdev.
Logged
99 percent of internet users add useless, pulled out of arse statistics to their sig. If you are the 1%, please, for the love of Armok, don't put any useless shit like this in your sig.
Hidden signature messages are fun!
Pages: 1 [2] 3 4 5