netstat.txt please help me?

I mean i log into a site......so each time i login they hack it.....so could they have hacked the site..yes it is not a https connection normal site?
 
In my backup of Norton Antivirus I had 45 trojan and virus....oops....thank God....I hope Dyserq, these files wouldnot have attacked me.....why they are backing it up.....In the options I have "restore" and "delete" shall I permanently keep it "delete" for the backup files in the Norton Antivirus?
Does it sound any good? I can manually change to restore if I want during the scan, right?

Sorry for whole lot of questions.....seeing so much of trojans is a very funny feeling ..hope you can understand :)

I got unauthorized access -winlogon.exe

The location were it resides are
C:\WINDOWS\$NtUninstallKB841533$
C:\WINDOWS\$NtServicePackUninstall$
C:\WINDOWS\ServicePackFiles\i386
C:\WINDOWS\System32


Is it ok if it remains in all places I read somewhere that it need to be in only C:\WINDOWS\System32. Please clarify my never ending issues..:)

Event Details:
Time: 8/11/2005 8:47:29 AM
Actor: C:\WINDOWS\system32\winlogon.exe (PID=812)
Target: C:\Program Files\Norton AntiVirus\SAVScan.exe
Action: Unauthorized access
Reaction: Unauthorized access stopped




Ananthan
 
ananthan said:
In my backup of Norton Antivirus I had 45 trojan and virus....oops....thank God....I hope Dyserq, these files wouldnot have attacked me.....why they are backing it up.....In the options I have "restore" and "delete" shall I permanently keep it "delete" for the backup files in the Norton Antivirus?
Does it sound any good? I can manually change to restore if I want during the scan, right?

Sorry for whole lot of questions.....seeing so much of trojans is a very funny feeling ..hope you can understand :)

I got unauthorized access -winlogon.exe

The location were it resides are
C:\WINDOWS\$NtUninstallKB841533$
C:\WINDOWS\$NtServicePackUninstall$
C:\WINDOWS\ServicePackFiles\i386
C:\WINDOWS\System32


Is it ok if it remains in all places I read somewhere that it need to be in only C:\WINDOWS\System32. Please clarify my never ending issues..:)

Event Details:
Time: 8/11/2005 8:47:29 AM
Actor: C:\WINDOWS\system32\winlogon.exe (PID=812)
Target: C:\Program Files\Norton AntiVirus\SAVScan.exe
Action: Unauthorized access
Reaction: Unauthorized access stopped




Ananthan

What the ... winlogon.exe is a windows process
Norton backs up your files so that if you need to restore it, for example if a program can not function without it, you can, it is in quarantine so it will definately not harm your computer, it is like a trojan, virus and malware vault ...
 
Hello dyserq,

Well regarding winlogon.exe I removed which is unwanted and suspicious not the win32 one....all others had diffrent kilobytes which is dubious.

My firewall is helping me now...See what Iam getting...this guy is poking me a lot....Buddy can I change my IP address so he cant trace me...the ISP guys told the IP will be different each time transmitted through them.But this guy is trying to intrude my pc ....from many days....

Can you help me changing my IP address......


See what I got the warning from the Norton.

Protecting your connection to a newly detected network on adapter "Cable Modem" (IP address: xxx.xx.xx.xxx).


ethernet adapter ADL

IP address :xxx.xx.xx.1
default gateway :xxx.xx.xx.1
subnetmask :xxx.255.252.0


The above IP is trying to attack me from many days.......I strongly feel I should change my IP so he will miss me. He traced my IP from my email or registeration to his site.....Good heavens people are so dirty these days.....:)

Thanks in advance

Ananthan
 
the ISP guys told the IP will be different each time transmitted through them

That is only true if you have a dynamic ip address
But from what i see, you should have a static ip address seeing as though there has been repetitive attacks on your computer
You can always set up a proxy servers of some sort but my best bet is to go tell the ISP to change your ip address
 
open ports

I find that the ports: 81, 82, and 83 look really weird. If you have a router, then you could block those and see what happens. But everything looks legit. Although, I think that you should have erased you ip address (unless it's dynamic) because a malicious user now has your ip. You might want to erase it...

-thecoolkidontheblock
 
Hello guys,
sorry for late reply....I talked to my ISP....they told it is dynamic and each time it changes so no worries..the above shown ip is mine itself...dynamically formed by ISP....not my static...so It is just that site got hacked as Dyserq said..all is well that ends well..thanks to coolkid also....
Have a good weekend soon..
Ananthan
 
Back
Top Bottom