So after months I finally get back on the internet, and boom, just like that I've got problems.
I'm thinking virus/spyware of course so I scan with everything I can think of and I'm clean.
It's the first time I've used cable so I contact support, and they tell me, no, they're innocent.
So then I'm thinking what are these bot things I used to hear about? All I know is they can turn my computer into some kind of zombie machine answering to their remote instructions.
I know nothing about them. I was hoping one of you did.
So questions.
1. Will anti-virus scanners catch them?
2. Will my firewall see them?
3. Is there a way I can look for them?
4. Is there any free software that will help protect me from them?
Are you talking about Trojans? Such as Sub7, SkD Rat, Cia Trojan, Net-Devil, Pro-Rat, etc that can control your computer from another computer if you have a server file installed on you computer? Firewalls will block remote control trojans like that when they try to connect to another computer that infected you with them.
Theres been plenty of discussion here about what is the best firewall, antivirus, etc.
Heres what I would suggest;
Anti-Virus: NOD32
Firewall: if you have NAT I wouldnt use a firewall, if you dont I suggest Outpost
Scanners: Ad-aware, a squared, spybot and NOD32's scanner.
1. Will anti-virus scanners catch them? Yes. The more modern Anti-Virus programs include spyware scanners as standard.
2. Will my firewall see them? It won't see them in a sense but it can prevent them from executing the programs and communicating.
3. Is there a way I can look for them? With your own two eyes, yes but it's painfully slow. I suggest a Spyware scanner like Ad-aware.
4. Is there any free software that will help protect me from them? Plenty, Ad-aware, Spybot Search and Destroy, Microsoft Anti-Spyware.
http://www.pcworld.com/downloads/col...47,pg,1,00.asp
I'm not sure. Is that what I'm talking about? Just a conventional trojan.Originally Posted by lifehacker
I was meaning something like what Steve Gibson was talking about when he was discussing the denial of services attack on his website. Something like this -
http://www.grc.com/dos/grcdos.htmWhile I was monitoring several online hacker hangouts (with the aid of custom spy-bots I created for the purpose — more on that below), I often overheard hackers referring to various lists of "cable Bots" and saying things like "Heh, but how many of his Bots are cable?"
It is clear that the "cable Bot" — a remote control Zombie program installed on a high bandwidth, usually on, Windows machine — has become a highly sought-after resource among malicious "Zombie/Bot running" Internet hackers.
Now that I think about it, yeah, that would just be a trojan, right? More like I would be part of a trojan army. I don't wanna be part of that. I did read Auggie's post also. If I use Zone alarm, it will see them calling out, right? If I get infected before I install the firewall, can the malware spoof itself as an accepted program like IE, and get out that way?
You see what I was thinking is these particular little trojany things Gibson is talking about seem to be getting made on the fly and distributed through IRC. They won't have names, or be recognized by AV software will they? Although I don't know, if the AV is using heuristics it might get them I guess. Do most AVs use heuristics in real time protection?
One night I turned my computer off at the tower, but left the cable modem running. Something turned on my computer in the middle of the night.
unsuable . . .
Lets clarify somethings
Do you have a problem with your PC?
If so, what is the indication . . skulls & crossbones popping up, freezing up, redirection . . . Celine Dion music playing for no reason? *shudder*
Dont take everything Steve Gibson pushes as the bible, take it with a grain of salt, and dont invent problems (with your system) where there are none.
.
Yeah I guess I should have clarified my problems, so you know what I'm talking about. Sorry about that.
As I said in the previous post, one time I turned off the computer at the tower, went to sleep, and was awakened by the computer turning itself back on. I did have the cable modem turned on. I've never used cable before. Is that normal?
The PC activity light on the modem flashes continuously, never turning off. I call support, and they tell me the PC activity light is not supposed to flash continuously.
My speed is way below what they promised. They promised me 1.5 mbs. I'm getting around 18kbs.
Weird stuff was happening with my system fonts. I think I got that righted somehow though.
Other small stuff but those are the first things to come to mind.
On Gibson: No problem, I'll ask you then. Are there IRC channels where hackers go to get custom-made trojan-bot thingies that may not be recognized by AV software?
You should have a router if at all possible, that is password protected. You should at LEAST have a firewall running with your OS if you dont have a router.
You can turn off the Wake on Lan feature to your PC in the BIOS.
.
Thanks. I'll look that up.
If you have ever seen this, you have truly stared into the depths of hell!!!
“The martyr sacrifices themselves entirely in vain. Or rather not in vain; for they make the selfish more selfish, the lazy more lazy, the narrow narrower.” - Florence Nightingale
Akin to a scene from The Exocist, and I would set my PC on the street next to the trash can.
.
Oh yeah.. There is lot of porn on the internet now days to.
__ 〃
`ヽ, `ヽ 《
,.' -◎-ヽ 》
<( ´・ω・)>〃 I put on my robe and wizard hat
⊂ \ / つ./
|__:_| 〃
(__)_)/
Rest in peace mother
16.1.2006
You will always be with me.
il'.゙゙"'.=:、,
OMG il' . . . . .` ゙'=:、
. il' . . . . . . . . .`゙'=;;、
,,_ lll . . . . . . . . . . . . `゙'=;、
,i|゙゙゙"''=;;、_ il l . . . . . . . . . . . . . . . `'=;、
TEH il' . . . . . . .゙゙''=;;、. lll . . . . . . . . . . . . . . . . . .`'=;,
. lll . . . . . . . . . . `゙'=;、 ,,、;;'!! . . . . . . . . . . . . . . . . . . . .`'=
ill . . . . . . . . . . . . . .`゙". . . . . . . . . . . . . . . . . . . . . . . . . .`
lll . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
BOTS!!!!!!!!!!!!! lll . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .,.、、,- - 、, . . . ..
lll . . . . . . . . . . . . . . . . . . . . . . . . . . . .,.ril|lllllllllli;, ゙';: . .
. lll . . . . . . . . . . . . . . . . . . . . . . . . . . / !lllllllllllllll; ,r'. . ..
. lll . . . . . . . . . . . . . . . . . . . . . . . . . ,' ゙'llllllllllllljr'". . . . .
lll . . . . . . . . . . . ,、r、.‐‐ - 、., . . . . ゙'''‐--- ゙''''" . . . . . . ..
. lli . . . . . . . . ,r'llllllllllllli;, ,'. . . . . . . . . . . . . . . . . . . . . .
,,.、、 lli . . . . . . ./ '!lllllllllllllll; ,r' . . . . . . . . . . . . . . . . . . . . . .
. il'. . .゙'i;, 'll; . . . . . ,' ゙'lllllllllllljr'" . . . . . . . . . . .,;' . . . . . . . . . ..
. 'li,. . . .゙l;, .'ll, . . . . .'‐----‐゙''"´ . . . . . .,. _,、-'''''".'; . . . . . . . . . ..
. 'l;, . . . ゙l;, 'li, . . . . . . . . . . . . . . . . . . . .`゙~、 ノ . . . . . . . . . . Fear me!
'l;, . . . ゙'l;, 'li, . . . . . . . . . . . . . . . . . . . . . ゙ゝ-‐'' . . . . . . . . . . ..
'l;, . . . ゙'i;, 'li, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
'l;, . . . .゙l;,, 'li, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
'i;, . . . .゙.'i;,, 'li, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. ゙=,, . . . . ゙=;,, 'li, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
゙'=,, . . . . ゙''=;,, 'li, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
゙''=;,, . . . . .゙'''=:.,,_ 'li, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
゙''=;,, . . . . . . ゙''' =、、.,,,.'li, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Rest in peace mother
16.1.2006
You will always be with me.
LOL good one
A bot is not just a trojan, it can be, but it would be really unlikely. They are used mostly for IRC, with botnets (group of "zombie computers used to DDOS and maliciously attack all at once) or as download wh0res. These bots are installed with rootkits, not spyware or SubSeven bullcrap. A rootkit is much more advanced, usually installing into the os kernel, making it undetected by today's AV and yes even firewalls. The rootkit is installed through one of the many exploits out there and they are usually completely custom for the big IRC warez channels. I do not know if you are a victim of one, but your 1.5 MBPS net speed tells me you are not. The hackers go after highspeed bots for downloading, unless you are one of the "cabe" bots for a botnet, which is possible.
1. Will anti-virus scanners catch them?
No, rootkits in todays world are completely custom and private for the sole rooter, your everyday AV will not do a thing. There are some anti-rootkit programs popping up here and there, and I have run a few tests with some rootkits myself on them and they detect the few public ones, however when I ran a custom kit the program was useless.
2. Will my firewall see them?
No, rootkits take place inside the kernel replacing a system process with a modified version, those that are already oked by the firewall.
3. Is there a way I can look for them?
Yes TCPview, and the drivers.exe utillities will let you view all drivers including the hidden rootkits ones, as well as which processes opened which ports etc.. it is over your head however
4. Is there any free software that will help protect me from them?
No
Don't panic though, you might not be a victim. If your bandwith issue continues and your isp says it is not them, then I would do a clean reformat (back-up your important files first) and a clean install of windows just to be safe.
Only God Can Judge Me.All you other Fu*kers get out of my business.
Posting Permissions
Reply With Quote
Bookmarks