I got a question involving being hacked.

[jalbes]

Just the other day, I decided to put up a server to share files with my friends. When I rebooted my pc I noticed something funny and ran my virus scan. Sure enough I had a trojen and I had to remove them and delete the load commands in my WIN.INI. How does a hacker get into my pc even though I have a firewall up? Appearently they got in through a backdoor. What is this backdoor? What can I do to prevent this in the future?

I thought that I'd ask you guys, because you's are always so helpful. Thanks again.

[HAL9000]

To get in, one either needs a trojan to open a port, or there to be an existing port open. What services do you have running? FTP, Web server, do you have ICQ running? MSN instant messanger?

[Statica]

Trojans can go through firewalls too .. the firewall can only prevent attacks from outside, not from within .. the trojan has basically openned up means of moving relevant traffic through ports.

Delete the files pertaining to the trojan

rebuild your IP stacks

Get your comp checked by at least 2 a.virus programs

research the trojan that affected you .. find out what port was used to allow traffic in.

set your firewall to trap and log traffic to the ports defined by that trojan. [make sure that u identify if any other progs use it]

contact system administrator of trojan user if possible

FIND OUT HOW YOU GOT INFECTED IN THE FIRST PLACE

[mairving]

Probably not a bad idea to check your system at http://www.grc.com . You can probe ports and all kinds of stuff there.

[glc]

The Cleaner at http://www.moosoft.com has an active background trojan monitor and a monitor that alerts you when anything tries to write to certain registry keys.

[jalbes]

In response to HAL9000! All that I had open was my hotline server and client.

So I'm assuming that someone used a program like "port sniff" or something like that to determine the open port. Is that correct? If so, can I somehow hide this information from being seen by a hacker?

I find it hard to understand how someone can plant a trojen directly into my pc. Yet again, it makes me wonder what else a hacker can control on my PC.

This is kinda starting to get scary!

"Toto, I don't think that we're in Kansas anymore!"

[HAL9000]

To reduce your risk in the future, take the advice from the other guys, go to http://www.zonelabs.com and get a firewall, it's free. Even without any programs running, NETBIOS (port 139) and IDENT (Port 113) will be open. You can go to http://www.grc.com for a quick report on what is open (it only tests a few) or you can go to http://www.dslreports.com for a more detailed scan. http://www.hackerwhacker.com will test your system pretty hard, but you can only do one scan before you have to pay for the scans.

Trojans can get placed on your system quite easily, especially if you do a lot of downloading (from warez sites in particular).

[jalbes]

I'm definately going to try out all of the links that you all posted.

But one question that didn't get directly answered and I'm still currious about. On the night that I got hacked into, I didn't personaly download anything, I just had my server open for my friends. So how is a hacker able to upload a trojen into my Windows Directory when he shouldn't have access to that directory, let alone change my WIN.INI file? If he can already get in to upload this trojen, then can he do any other harm to my pc that I'm not already aware of?

Thanx alot for your help. I really appreciate all the support.

[Statica]

Some thoughts:

Do you have adequate antivirus? Perhaps one of your friends uploaded something that was infected without knowing it.

Does it allow anonymous access??

It is also highly likely that the trojan has been on your system a lot longer than just the other day.

[HAL9000]

As soon as you have a server open, you also have a port open. Either way, you need to lock that system down a little bit to keep intruders out.

[jalbes]

I found out today on what had actually happened.

It turned out that since my server was up, my roommate didn't want to disconnect me from the net, so he hopped onto my pc and added his ICQ# on to my PC so that he could talk to his friends.

Well one of his friends told him to download this little program that he made at school. So my idiot of a retard of bonehead of a roommate downloadeded it. He tried to run it but it didn't work. (Obviously a trojen). So he told his buddy that it didn't work. Not much later my room mate said that my firewall asked pemission to connect somewhere. Fortunately my roomate said no and disconnected me from the net, but retard there only disconnected my pc so that he could connect with his pc in order to get the file from his friend on his own pc. Well, needless to say he infected his PC as well.

Some peoples children, I tell you!

But yeah, I ran all the tests on the links that all of you provided and my PC is supposedly safe. Thanx for all of the help and support.

jalbes