So after months I finally get back on the internet, and boom, just like that I've got problems.

I'm thinking virus/spyware of course so I scan with everything I can think of and I'm clean.

It's the first time I've used cable so I contact support, and they tell me, no, they're innocent.

So then I'm thinking what are these bot things I used to hear about? All I know is they can turn my computer into some kind of zombie machine answering to their remote instructions.

I know nothing about them. I was hoping one of you did.

So questions.

1. Will anti-virus scanners catch them?

2. Will my firewall see them?

3. Is there a way I can look for them?

4. Is there any free software that will help protect me from them?

Are you talking about Trojans? Such as Sub7, SkD Rat, Cia Trojan, Net-Devil, Pro-Rat, etc that can control your computer from another computer if you have a server file installed on you computer? Firewalls will block remote control trojans like that when they try to connect to another computer that infected you with them.

Theres been plenty of discussion here about what is the best firewall, antivirus, etc.
Heres what I would suggest;
Anti-Virus: NOD32
Firewall: if you have NAT I wouldnt use a firewall, if you dont I suggest Outpost
Scanners: Ad-aware, a squared, spybot and NOD32's scanner.

1. Will anti-virus scanners catch them? Yes. The more modern Anti-Virus programs include spyware scanners as standard.

2. Will my firewall see them? It won't see them in a sense but it can prevent them from executing the programs and communicating.

3. Is there a way I can look for them? With your own two eyes, yes but it's painfully slow. I suggest a Spyware scanner like Ad-aware.

4. Is there any free software that will help protect me from them? Plenty, Ad-aware, Spybot Search and Destroy, Microsoft Anti-Spyware.

http://www.pcworld.com/downloads/collection/0,collid,1347,pg,1,00.asp

Are you talking about Trojans? Such as Sub7, SkD Rat, Cia Trojan, Net-Devil, Pro-Rat, etc that can control your computer from another computer if you have a server file installed on you computer? Firewalls will block remote control trojans like that when they try to connect to another computer that infected you with them..

I'm not sure. Is that what I'm talking about? Just a conventional trojan.

I was meaning something like what Steve Gibson was talking about when he was discussing the denial of services attack on his website. Something like this -

While I was monitoring several online hacker hangouts (with the aid of custom spy-bots I created for the purpose — more on that below), I often overheard hackers referring to various lists of "cable Bots" and saying things like "Heh, but how many of his Bots are cable?"

It is clear that the "cable Bot" — a remote control Zombie program installed on a high bandwidth, usually on, Windows machine — has become a highly sought-after resource among malicious "Zombie/Bot running" Internet hackers.

http://www.grc.com/dos/grcdos.htm

Now that I think about it, yeah, that would just be a trojan, right? More like I would be part of a trojan army. I don't wanna be part of that. I did read Auggie's post also. If I use Zone alarm, it will see them calling out, right? If I get infected before I install the firewall, can the malware spoof itself as an accepted program like IE, and get out that way?

You see what I was thinking is these particular little trojany things Gibson is talking about seem to be getting made on the fly and distributed through IRC. They won't have names, or be recognized by AV software will they? Although I don't know, if the AV is using heuristics it might get them I guess. Do most AVs use heuristics in real time protection?

One night I turned my computer off at the tower, but left the cable modem running. Something turned on my computer in the middle of the night.

unsuable . . .

Lets clarify somethings

Do you have a problem with your PC?

If so, what is the indication . . skulls & crossbones popping up, freezing up, redirection . . . Celine Dion music playing for no reason? *shudder*

Dont take everything Steve Gibson pushes as the bible, take it with a grain of salt, and dont invent problems (with your system) where there are none.


.

Yeah I guess I should have clarified my problems, so you know what I'm talking about. Sorry about that.

As I said in the previous post, one time I turned off the computer at the tower, went to sleep, and was awakened by the computer turning itself back on. I did have the cable modem turned on. I've never used cable before. Is that normal?

The PC activity light on the modem flashes continuously, never turning off. I call support, and they tell me the PC activity light is not supposed to flash continuously.

My speed is way below what they promised. They promised me 1.5 mbs. I'm getting around 18kbs.

Weird stuff was happening with my system fonts. I think I got that righted somehow though.

Other small stuff but those are the first things to come to mind.

On Gibson: No problem, I'll ask you then. Are there IRC channels where hackers go to get custom-made trojan-bot thingies that may not be recognized by AV software?

You should have a router if at all possible, that is password protected. You should at LEAST have a firewall running with your OS if you dont have a router.

You can turn off the Wake on Lan feature to your PC in the BIOS.

.

Thanks. I'll look that up.

Celine Dion music playing for no reason?



If you have ever seen this, you have truly stared into the depths of hell!!!

Akin to a scene from The Exocist, and I would set my PC on the street next to the trash can.


.

Oh yeah.. There is lot of porn on the internet now days to.

　 ＿＿ 　　　　　〃
　 ｀ヽ,　｀ヽ 　　　《
　 　,.' -◎-ヽ 　　》
　＜(　´･ω･)＞〃 I put on my robe and wizard hat
　 ⊂ ＼ ／ つ./
　　 |＿_：＿| 〃
　　（_＿）＿）/

　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　 il'.ﾞﾞ"'.=:､,
　　　　　　　　　　　OMG　　　　　　　　　　　　　　　　　　　　　　　　　　　il' . . . . .｀ ﾞ'=:､
.　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　 il' . . . . . . . . .｀ﾞ'=;;､
　　　　　　　　　　　　　　　　　　　　　　　　　　　 ,,_　　　　　　　　　　　　lll . . . . . . . . . . . . ｀ﾞ'=;､
　　　　　　　　　　　　　　　　　　　　　　　　　　　,i|ﾞﾞﾞ"''＝;;､_　　　　　　　ill . . . . . . . . . . . . . . . ｀'=;､
　　　　　　　　　　TEH 　　　　　　　　　　　　　il' . . . . . . .ﾞﾞ''=;;､.　　　　lll . . . . . . . . . . . . . . . . . .｀'=;,
.　　　　　　　　　　　　　　　　　　　　　　　　　　 lll . . . . . . . . . . ｀ﾞ'=;､ ,,､;;'!! . . . . . . . . . . . . . . . . . . . .｀'=
　　　　　　　　　　　　　　　　　　　　　　　　　　 ill . . . . . . . . . . . . . .｀ﾞ". . . . . . . . . . . . . . . . . . . . . . . . . .｀
　　　　　　　　　　　　　　　　　　　　　　　　　　 lll . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
　　　　　　　　　BOTS!!!!!!!!!!!!!　　　 　　　　　 lll . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .,.､､,- - ､, . . . ..
　　　　　　　　　　　　　　　　　　　　　　　　　　 lll . . . . . . . . . . . . . . . . . . . . . . . . . . . .,.ril|lllllllllli;,　　 ﾞ';: . .
.　　　　　　　　　　　　　　　　　　　　　　　 　 　 lll . . . . . . . . . . . . . . . . . . . . . . . . . . /　 !lllllllllllllll;　 ,r'. . ..
.　　　　　　　　　　　　　　　　　　　　　　　　　　 lll . . . . . . . . . . . . . . . . . . . . . . . . . ,'　　 ﾞ'llllllllllllljr'". . . . .
　　　　　　　　　　　　　　　　　　　　　　　　　　　lll . . . . . . . . . . . ,､r､.‐‐ - ､., . . . . ﾞ'''‐--- ﾞ''''" . . . . . . ..
.　　　　　　　　　　　　　　　　　　　　　　　　　　　lli . . . . . . . . ,r'llllllllllllli;,　　 ,'. . . . . . . . . . . . . . . . . . . . . .
　　　　　　　　　　　　 ,,.､､　　　　　　　　　　　　　lli . . . . . . ./　'!lllllllllllllll;　,r' . . . . . . . . . . . . . . . . . . . . . .
.　　　　　　　　　　　 il'. . .ﾞ'i;,　　　　　　　　　　 　 'll; . . . . . ,'　　 ﾞ'lllllllllllljr'" . . . . . . . . . . .,;' . . . . . . . . . ..
.　　　　　　　　　　　 'li,. . . .ﾞl;,　　　　　　　　　　　 .'ll, . . . . .'‐----‐ﾞ''"´ . . . . . .,.　_,､-'''''".'; . . . . . . . . . ..
.　　　　　　　　　　　　'l;, . . . ﾞl;,　　　　　　　　　　　 'li, . . . . . . . . . . . . . . . . . . . .｀ﾞ~､　　　 ﾉ . . . . . . . . . . Fear me!
　　　　　　　　　　　　　'l;, . . . ﾞ'l;,　　　　　　　　　 　 'li, . . . . . . . . . . . . . . . . . . . . .　ﾞゝ-‐'' . . . . . . . . . . ..
　　　　　　　　　　　　　　'l;, . . . ﾞ'i;,　　　　　　　　　　 'li, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
　　　　　　　　　　　　　 　 'l;, . . . .ﾞl;,,　　　　　　　　 　 'li, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
　　　　　　　　　　　　　　 　 'i;, . . . .ﾞ.'i;,,　　　　　　　　　'li, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.　　　　　　　　　　　　　　　　 ﾞ=,, . . . . ﾞ=;,,　　　　　　 　 'li, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
　　　　　　　　　　　　　　　　　　ﾞ'=,, . . . . ﾞ''=;,,　　　　　　 'li, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
　　　　　　　　　　　　　　　　　　　 ﾞ''=;,, . . . . .ﾞ'''=:.,,_　　 　 'li, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
　　　　　　　　　　　　　　　　　　　　　 ﾞ''=;,, . . . . . . ﾞ''' =､､.,,,.'li, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

LOL good one

A bot is not just a trojan, it can be, but it would be really unlikely. They are used mostly for IRC, with botnets (group of "zombie computers used to DDOS and maliciously attack all at once) or as download wh0res. These bots are installed with rootkits, not spyware or SubSeven bullcrap. A rootkit is much more advanced, usually installing into the os kernel, making it undetected by today's AV and yes even firewalls. The rootkit is installed through one of the many exploits out there and they are usually completely custom for the big IRC warez channels. I do not know if you are a victim of one, but your 1.5 MBPS net speed tells me you are not. The hackers go after highspeed bots for downloading, unless you are one of the "cabe" bots for a botnet, which is possible.
1. Will anti-virus scanners catch them?
No, rootkits in todays world are completely custom and private for the sole rooter, your everyday AV will not do a thing. There are some anti-rootkit programs popping up here and there, and I have run a few tests with some rootkits myself on them and they detect the few public ones, however when I ran a custom kit the program was useless.
2. Will my firewall see them?
No, rootkits take place inside the kernel replacing a system process with a modified version, those that are already oked by the firewall.
3. Is there a way I can look for them?
Yes TCPview, and the drivers.exe utillities will let you view all drivers including the hidden rootkits ones, as well as which processes opened which ports etc.. it is over your head however
4. Is there any free software that will help protect me from them?
No
Don't panic though, you might not be a victim. If your bandwith issue continues and your isp says it is not them, then I would do a clean reformat (back-up your important files first) and a clean install of windows just to be safe.

A bot is not just a trojan, it can be, but it would be really unlikely. They are used mostly for IRC, with botnets (group of "zombie computers used to DDOS and maliciously attack all at once) or as download wh0res. These bots are installed with rootkits, not spyware or SubSeven bullcrap. A rootkit is much more advanced, usually installing into the os kernel, making it undetected by today's AV and yes even firewalls. The rootkit is installed through one of the many exploits out there and they are usually completely custom for the big IRC warez channels. I do not know if you are a victim of one, but your 1.5 MBPS net speed tells me you are not. The hackers go after highspeed bots for downloading, unless you are one of the "cabe" bots for a botnet, which is possible.
1. Will anti-virus scanners catch them?
No, rootkits in todays world are completely custom and private for the sole rooter, your everyday AV will not do a thing. There are some anti-rootkit programs popping up here and there, and I have run a few tests with some rootkits myself on them and they detect the few public ones, however when I ran a custom kit the program was useless.
2. Will my firewall see them?
No, rootkits take place inside the kernel replacing a system process with a modified version, those that are already oked by the firewall.
3. Is there a way I can look for them?
Yes TCPview, and the drivers.exe utillities will let you view all drivers including the hidden rootkits ones, as well as which processes opened which ports etc.. it is over your head however
4. Is there any free software that will help protect me from them?
No
Don't panic though, you might not be a victim. If your bandwith issue continues and your isp says it is not them, then I would do a clean reformat (back-up your important files first) and a clean install of windows just to be safe.

how much of this post is fact and fiction?

surely you can decide, you seem like an expert in the field

I would say the part about automatic rootkit installation is fiction.

I would say the part about automatic rootkit installation is fiction.

I'm really scrapping to understand exactly what you are referring to.

Is that clearly stated in this thread?

The "issue" with Sony rootkits for example IS the automatic installation, and not being prompted to accept or not.

Please be more specific.



.

I'm really scrapping to understand exactly what you are referring to.

Is that clearly stated in this thread?

The "issue" with Sony rootkits for example IS the automatic installation, and not being prompted to accept or not.

Please be more specific.



.

specifically I'm referring to this:


The rootkit is installed through one of the many exploits out there and they are usually completely custom for the big IRC warez channels

there seemed to me an implied suggestion that it might be possible to install a rootkit by viewing a webpage.

However some warez groups have customised mirc scripts which could contain a rootkit in them.

The point I wish to make is that I do not think its possible to install a rootkit from just viisting a webpage.

It is my belief that in order to be infected by such a thing requires some user interaction on the part of

the end user usually double-clicking on an executable of some kind. I wasn't referring to the Sony rootkit installed by some or many as the case may be of their music cd's and any possible exploits from those.

The way it was worded here:


These bots are installed with rootkits, not spyware or SubSeven bullcrap. A rootkit is much more advanced, usually installing into the os kernel, making it undetected by today's AV and yes even firewalls. The rootkit is installed through one of the many exploits out there and they are usually completely custom for the big IRC warez channels. I do not know if you are a victim of one, but your 1.5 MBPS net speed tells me you are not. The hackers go after highspeed bots for downloading, unless you are one of the "cabe" bots for a botnet, which is possible.

Led me to believe that either this person may have thought there was a way to surreptiously install a rootkit without user interaction i.e., double-clicking on an executable of some kind barring anything done by a corporation like Sony just a sort of 'out in the wild' infection.

Customised invision scripts, custom installers and of course exe joiners could be created to do this. I did not mean to rule out any possible exploits opened up by Sony but I'm just speaking generally as a way of spreading an infection I know of no automated way to trigger an executable without user interaction such as cliking an okay box in a webpage, etc.

edit: forgot to mention that the user thinks its possible to install a rootkit or have one installed by visiting an irc channel. My assertion of a webpage exploit came from Securnia as far as installed a rootkit from a warez channel I don't think there's a way unless you've got your mirc client setup to automatically receive sent files and then there is the possibility you might accidentally click on the malware file sent to you though having accept automatic downloads in mirc checked.

I'm not familiar with viruses or other trojans that specifically affect irc clients. and i still maintain rootkits require user interaction even if involves popping a cd into a cd-tray with autorum on that's still user interaction.

here seemed to me an implied suggestion that it might be possible to install a rootkit by viewing a webpage.

However some warez groups have customised mirc scripts which could contain a rootkit in them.

The point I wish to make is that I do not think its possible to install a rootkit from just viisting a webpage.

It is my belief that in order to be infected by such a thing requires some user interaction on the part of

the end user usually double-clicking on an executable of some kind.

Thank you, I couldnt find the line you were referring to in order to clarify.

For the most parts, and nearly 100% I agree with you, it would be very difficult to script in the installation of a rootkits, however, I see programs added to the Add Remove programs in Windows all the time, even with security updates installed. This is due to lax security in the browser settings.

Often end users are fooled in to compromising their security, or "allowing" from a site for one thing, then being bated with another.

A rose by any other name, may very well be spyware.

.

Often end users are fooled in to compromising their security, or "allowing" from a site for one thing, then being bated with another.



.

Hence the term 'trojan' aspect of it. Now while I agree what Sony did to be wrong and reprehensible its no different than any other trojan method out there. The principle is the same. Take something harmless and make it sinister.

It perfectly matches the definition for trojanning. The whole point or purpose behind trojanning is to fool someone into thinking they are installing something harmless without knowing the true details behind what they are really installing.

No one would have expected a music cd to harm their computer before this sony discovery. I certainly would not and there is probably no doubt some exploits that are now avaiable specifically for people who were trojanned this way and possible even for those who used their uninstaller.

I have another issue with:


bot is not just a trojan, it can be, but it would be really unlikely. They are used mostly for IRC, with botnets (group of "zombie computers used to DDOS and maliciously attack all at once) or as download wh0res.

Specifically:

botnets (group of "zombie computers used to DDOS and maliciously attack all at once) or as download wh0res

botnets? sounds a little like 'nanoprobles' to me. For those who aren't familiar with the term 'nanoprobles' it was a made up word by Steve Gibson used to sensationalise some software he had developed at the time to stop some hackers which failed.

'botnets' don't exist as defined here. Its an exaggeration but could be used to describe the number of computers a hacker has in his control through various methods used for trojanning other people's pc's.

These 'botnets' come about through tricking people to install harmful software disguised as something they want or through the use of active x controls in webpages with phoney dialog boxes set up with no close button at the top or with the choices for open and closing of the dialog box reversed where when you click 'yes' to close this dialog box you are actually giving permission for the active x control to be installed on your computer.

Which was my no name calling implication and quick justification for not taking Steve Gibson too seriously. I have no tolerence for sensationalism that revolves around someone else.


.

Jeez. I'm sorry. This is all my fault. My original post was so confusing and generalized no-one really knew what I was asking for information on. What can I say? Oops I guess.

No, Krell you misunderstand. Again, my fault, totally. I didn't mean to present Gibson as some kind of one true expert on the subject. It was just, I didn't seem to be able to make you guys understand what I was talking about, then I remembered there was something about it on Gibson's site, so I went there for a quick copy and paste to offer something up for explanation of the general thing I was talking about.

Then poor ManaSmoker finally deciphers what I'm asking about, and he gets into trouble, because I wasn't clear about how I thought I was infected. Once more, my fault. BTW. Yes you guys are right, that is pretty close to the way I thought I might have caught something nasty. I see now how wrong I was. Thanks for straightening me out.

I admit it. I just read enough about security to get paranoid. In my defence though, if I wasn't so lame with this stuff, I wouldn't have to ask for help. :)

And again, thanks for all the info.

Jeez. I'm sorry. This is all my fault. My original post was so confusing and generalized no-one really knew what I was asking for information on. What can I say? Oops I guess.

No, Krell you misunderstand. Again, my fault, totally. I didn't mean to present Gibson as some kind of one true expert on the subject. It was just, I didn't seem to be able to make you guys understand what I was talking about, then I remembered there was something about it on Gibson's site, so I went there for a quick copy and paste to offer something up for explanation of the general thing I was talking about.

Then poor ManaSmoker finally deciphers what I'm asking about, and he gets into trouble, because I wasn't clear about how I thought I was infected. Once more, my fault. BTW. Yes you guys are right, that is pretty close to the way I thought I might have caught something nasty. I see now how wrong I was. Thanks for straightening me out.

I admit it. I just read enough about security to get paranoid. In my defence though, if I wasn't so lame with this stuff, I wouldn't have to ask for help. :)

And again, thanks for all the info.

I am tempted to register under the alias of Goliath with an avatar of the dog, goliath from the Davey and Goliath claymation tv series put out by the Lutheran church and make a post saying, "It's okay, Davey."

but instead I just did this.

I wish I'd seen this earlier. This is the kind of thing I was worried might have happened to me -

http://seattletimes.nwsource.com/html/localnews/2002798414_botnet11m.html

In fact they're talking about being infected by an exploit. That's what I was worrying about.

You see I was using a new computer. They'd put Norton on it - Firewall/Antivirus. I've never had much luck with either. I don't trust them.

I'd heard about some vulnerability in Windows that could be exploited by just being live on the internet. I'd heard there was a patch for the exploit, but I had to get to Windows updated with just Norton protecting me before I was hit. That's the way I was thinking. That's how paranoid I am.

So I try to do that, but my computer starts acting crazy anyway. I couldn't even hook up to any of the online scanners, something I'd done in the past without difficulty.

Actually I did try all the conventional ways I knew of to look for some kind of infection, before I came here looking for help.

So anyway, now you have the whole story of how I got this weird idea in my head maybe I was infected by what I'd heard referred to as a bot.

to my knowledge a bot is a script ritten to manipulate or preforn A task,

I wish I'd seen this earlier. This is the kind of thing I was worried might have happened to me -

http://seattletimes.nwsource.com/html/localnews/2002798414_botnet11m.html

In fact they're talking about being infected by an exploit. That's what I was worrying about.

You see I was using a new computer. They'd put Norton on it - Firewall/Antivirus. I've never had much luck with either. I don't trust them.

I'd heard about some vulnerability in Windows that could be exploited by just being live on the internet. I'd heard there was a patch for the exploit, but I had to get to Windows updated with just Norton protecting me before I was hit. That's the way I was thinking. That's how paranoid I am.

So I try to do that, but my computer starts acting crazy anyway. I couldn't even hook up to any of the online scanners, something I'd done in the past without difficulty.

Actually I did try all the conventional ways I knew of to look for some kind of infection, before I came here looking for help.

So anyway, now you have the whole story of how I got this weird idea in my head maybe I was infected by what I'd heard referred to as a bot.

okay, I see what you are saying and can understand why you were afraid. This is a problem with the media here in america as it is into fear mongering through sensationalism and over dramatising.

I also noticed the use of the word 'botnet' as a valid term in this article. I also noticed that no details were given as to how he hacked into their computers in the first place.

Still want to help you overcome your fears and maintain some degree of safety on the internet. In order to do this let's address you earliest stated concerns.

1)Your computer was turning its self back on. This is a feature known as wake on lan and as krell stated can be disabled in the bios settings. I wonder if krell or someone more informed can state how this works preferably by having experience with this feature and understanding how it works.

Without googling I imagine it allows for other computers on your lan to turn your pc back on through querying the network card on your pc. I imagine this would be useful if someone wanted to browse your files on your lan.

I don't really understand how a router or cable modem would do this. From my understanding a cable modem works much like a router does.

2)Its normal for the lights on your cable modem to be on. It's been a while since I've had my cable modem but I remember one light staying on all the time indicating it had power. When I was downloading files I had a series of lights blinking rapidly indicating traffic.

Even after downloads finished the lights activity would slow down but would still blink intermittently as the pc's network card kept in contact with the cablemodem which kept you connected your isp's network...I forget the technical name for what this is called but its the equivalent of waiting for your popcorn to finish popping in the microwave. The led's blinking activity would slow down to maybe 5 to 10 seconds between flashes but they'd always blink. The more network activity you had (downloading or uploading) would increase the frequency of the blinking in the same manner as accessing files on your pc would cause your harddisk drive indicator light to blink as it registered activity.

3)A firewall program that will catch outbound activity on your computer to remote locations is atguard 3.22. A very small and old firewall no longer being made or supported but is great for detecting outbound and inbound traffic on your pc. It will alert you if you are trojanned.

Of course there are exceptions to every rule.

So a)how fast are you flashes? do the lights blink rapidly when you aren't using your computer for downloading or uploading that you're aware of?

b)did ya find and disable that wake on lan setting?

c)I remember krell talking to someone about a misconfigured router...was that you?

Guess that's as far as i can help you for now.

Dark Messenger - just a quick interjection here, the router reference was about people exposing their extrenal IP addresses and having a router with default passwords. As for the cable modem blinking, it may blink very quickly which will happen whether the PC is on or not, this is the broadcast traffic on the LAN, it is nornal, be worried if you do NOT see it. There should only be one light not lit when his PC is off.

.

So a)how fast are you flashes? do the lights blink rapidly when you aren't using your computer for downloading or uploading that you're aware of?

It's the PC Activity light, and it flashes pretty much consistently throughout the session until I click the modem to standby. The one support guy I talked to said it wasn't supposed to do that.

b)did ya find and disable that wake on lan setting?

No not yet. The only thing I know about a bios is articles I read tell me not to mess with it, unless I know what I'm doing. I don't qualify yet.

c)I remember krell talking to someone about a misconfigured router...was that you?

No not me.

Hey, another thing I was wondering about... I'm on what they call cable lite. They tell me I'm supposed to get around 1.5mbs, but mine tops out at 20kbs. Does that seem normal? Is it bad enough I should demand they come down here and fix it? You know after talking to you guys, I'm starting to think this is all just some kind of crappy cable thing.

Edit
Oh I just had another thought. When you say LAN, I'm not on any kind of personal network, so I'm guessing you're saying I'm on like a network with other cable users right? Does that mean one of them is turning my computer back on, or does it come from cable central somehow?

what area are you in, and who is your ISP?



.

Western Canada. Shaw Cable.

Western Canada. Shaw Cable.

With nothing else running, on a fresh reboot, I want you to test you speed at http://www.dslreports.com/stest

Save the results > Save as Report.htm



When you say LAN, I'm not on any kind of personal network, so I'm guessing you're saying I'm on like a network with other cable users right? Does that mean one of them is turning my computer back on, or does it come from cable central somehow?

Let's pretend that your ip address is 66.148.92.47

That means the subnet you are on is 66.148.92.xxx , there can be roughly 250 other people on your same subnet, and your router will see packets on the LAN that are not directed at you.

Yes, it is possible that someone else is sending a request that turns on your PC. Read your MB manual, and learn how to enter the BIOS and change that, it's not tough.


.

Here you go -

Welcome to BBR! Run more tests! see forums
2006-02-13 12:10:37 EST: 121 / 59
Your download speed : 121 kbps or 15.2 KB/sec.
Your upload speed : 59 kbps or 7.4 KB/sec.

Can I ask some more questions about bots? You have me convinced that's not my problem, but I'm still curious.

I think I may be starting to understand the process. Is the following more or less correctt?

to my knowledge a bot is a script ritten to manipulate or preforn A task,

Then in the article previously linked to they say this -

Maxwell simply created a program instructing his infected computers, or "bots," to download the adware. The bots then "phoned home" to the adware company, which credits the hacker's account, unaware that he hasn't gotten the computer owner's permission.

So a bot is a script with some simple instructions, right? It directs the target computer to a place where it can be trojanized more completely. Do I have it right so far?

OK here's the thing, if the bot can direct the computer to be infected by spyware, I'm not sure I understand why it wouldn't work with something like a rootkit. In fact I'm not sure, but I believe I was reading on one of my paranoia sites this was a concern for the future - that spyware people might start using rootkits.

Here's the thing. I remember a time when people were swearing you couldn't be infected remotely by a virus. You had to click on something. The future proved them wrong. Why would I be incorrect to suspect this model might be applicable when considering whether or not it might be possible to install a rootkit surreptitiously?

My two cents if you end up getting a router change the default password.....

Oh on the speed thing, I called support again, and it turns out I'm getting what I'm supposed to be getting. I misinterpreted the scale.

Mbps is not to be confused with MBps

That's what I did. Oops.

Oh on the speed thing, I called support again, and it turns out I'm getting what I'm supposed to be getting. I misinterpreted the scale.



That's what I did. Oops.

so your problem is s0lved and you just wanna know how to hack people now?
where is the r3al unsueable davey brown?

Yeah pretty much solved, except for the wake lan thing. I'll get at that soon. It's odd you know. A lot of what made me suspicious was just this general system twitchiness, and slow down. That righted itself as soon as I uninstalled all the Norton software they'd installed on here. I'll bet I can hook up to online scanners now too. I'll try that.

On the hacker thing, you're joking right? You realize you're talking to a guy who doesn't know the difference between mbps, and MBps? They explained it to me, and I still don't understand it. :)

I think I get something now though. This is why you guys are so twitchy when I bring up the subject of bots. You think I want to know the secret handshake or something. No. Not at all. I just wanted a general idea of what might bite my ass.

It's OK. I think I've pretty much figured out all I need to know. I would like to know if I've more or less got it right though.

yes, I was just joking. manasmoker and kokanezebub probably have it right. ehrm....I have no idea how to hack people and cannot understand why anybody would want to do that anyway. :/

edit

On another related note. i just got protowall installed and working properly with my dialup connection on windows xp pro sp1.

Why is that good? Because the packet driver for protowall works at the system kernel levell and can stop both udp and tcp packets from connecting to any ip address either outbound or inbound. Only works on windows 2000 or above (meaning XP machines).

2nd edit Protowall is a part of hacking much the way using Proximitron Namo(?) June version or firefox is as you are customising (hacking) something to your liking.

A wise person once told me 'hacking' was cutting people's hands off. Usually if you hear me refer to hacking I mean customising when I use that term and by that I mean making something work the way i want it to.

Back to the Wake on Lan thing...(foregoing the Norton discussion for now) I remember you saying you were scared to mess with the bios. Don't be. The only thing you don't want to do is to try upgrading your bios.

On my pc which is made by dell I access the bios by holding down the Delete key ( Del ) when restarting.

I don't have any good guides and tutorials on this right now although I have a nice book on the subject.

Anyways bios settings are changeable usually by highlighting a selection and clicking either the plus or minus button to the right of your keyboard located in the numerical keypad on the far right of your keyboard.

Settings aren't changed unless you choose to save the changes before exiting the bios.

The bios and its settings are yours to use...sort of like your penis its there and its yours don't be scared to touch it. IT's Normal. :p

Thanks. I have been googling wake on lan a bit, but haven't found any instructions I'm comfortable with yet. I am going to dig up my manual soon, as Krell instructed.

Here's a weird thing though. I called support today, and they had me disconnect all the connections then reconnect them. This is weird, but later my system went to standby and stayed there until I woke it up. It didn't used to do that. It always woke itself up.

Oh and this second support guy I talked to told me the same thing Krell did. He said the flashing light is normal. I think maybe that first guy got me all confused for no reason. He was the one who put the virus idea in my head.

Edit

I admit, I was pretty easy to convince though. You just have to hint in my general direction something is out to get me - computer virus, chicken flu pandemic, or space alien - and I'm running around in all directions going "Oh my God. What is it? How do I stop it?"