I really don't like nightmares.... O_o

[Rattrapmax6]

Dunno who has, or hasn't read the lil post I left in my x.t.r.GRAPHICS news post about being hacked....
http://forum.qbasicnews.com/viewtopic.php?t=12018
Well, it gets deeper it seems:

It started with GAIM booters.. then, I found out one of the ones sending the GAIM booters was cliaming to be hacking my computer too.. I had a firewall, but I took the advice of xteraco to get something a lil stronger.. mmm -_-, and being on dailup, it was an 1 hour download..

Well, I figure I got hacked somewhere in that 1 hour period, cause, where it was just a day before, a nice steady running computer, after all this mess, it was locking up, slowing down, etc..

Well, Saturday morning, NetZero pulled a crash (that I'm used to by now) where it just stops, but still claims it's online, (I think Cha0s can add comments here, GAIM goes nutz when this happens.. Making you look like your still log on, etc..) .... Well, I found in the past, Ctrl+Alt+Del was the fastest way to kill it, w/o going through a long wait before NetZero finialy got the idea it had crashed....

But when I did that time, 5 memory dumps started.. @_@ .. I found them in the Process section on Task Manager, taking up all the CPU it could find, paking up to 93-99% CPU -- 130,000+ k of memory each.... It was so called dumprep.exe .... That morning I didn't take note of it, I just wanted to kill them fast..

Then yesterday night, I noticed they started when ever I Ctrl+Alt+Del any crashed program, so I took note, and tracked them down.... I found it in the System32 folder, w/ the sub title:
"Windows Error Reporting Dump Reporting Tool"

I don't really understand that.... Only thing I can figure, is that a hack replaced that w/ a broken version or something, if that is even a real valid windows file (I wouldn't know), so when they locked up my GAIM prog, forcing me to End it's task, it would start all those jamming devices.... And trust me, what ever is in that EXE, jams the hell out of my computer....

Does anyone w/ a lil bit more knowledge about this stuff have any more insight to what's wrong with this picture? ....

[whitetiger0990]

1) Don't trust random exes
2) Format and reinstall
3) Get rid of Netzero.
3) Stop capitalizing GAIM. It doesn't stand for anything. It's name is Gaim.
4) Virus scan
5) Firewalls don't help against ping attacks.

[Rattrapmax6]

1) Don't trust random exes
2) Format and reinstall
3) Get rid of Netzero.
3) Stop capitalizing GAIM. It doesn't stand for anything. It's name is Gaim.
4) Virus scan
5) Firewalls don't help against ping attacks.

1) True.. tho, deleting this EXE causes alot of maddness.. -_- ..
2) Thought so.. I was hoping for a posible "less force" method, but oh well.... :roll:
3) Prolly a good idea
3?) It's actualy "gaim" on the logo, all lower case....
4) Done that
5) I knew that one already.. The firewall was for any posible hacks, not the pings..

[DrV]

You can stop those memory dumps by turning off crash reports: http://support.microsoft.com/?kbid=310414

Does NetZero have some kind of proprietary connection manager? It's usually better to use the regular built-in Windows dial-up connection support rather than some (possibly buggy) third-party app, but I guess some ISPs (AOL?) require special software...

5) Firewalls don't help against ping attacks.

You can make your firewall drop ICMP requests rather than responding or rejecting the connection. That should help reduce the problem, but being on dial-up, it's inevitable that someone with considerably more bandwidth can cause trouble.

The best way to prevent a ping attack or any similar attack is to avoid making your IP accessible to those who wish to attack you. For example, to perform a file transfer over most IM services, your IP must be sent to the other user.

[Rattrapmax6]

You can stop those memory dumps by turning off crash reports: http://support.microsoft.com/?kbid=310414

Hey, that even better.... I dislike that crash report anyway, 90% of the time I get it, is cause my program crashes over a bug.... XD

Does NetZero have some kind of proprietary connection manager? It's usually better to use the regular built-in Windows dial-up connection support rather than some (possibly buggy) third-party app, but I guess some ISPs (AOL?) require special software...

I tried it w/ NetZero, but it bands me as soon as I connect.... Which ISPs allow the use of Windows built in dialer? =\ Cause it seems steadier that way, at least before NetZero stops it.... =P

5) Firewalls don't help against ping attacks.

You can make your firewall drop ICMP requests rather than responding or rejecting the connection. That should help reduce the problem, but being on dial-up, it's inevitable that someone with considerably more bandwidth can cause trouble.

The best way to prevent a ping attack or any similar attack is to avoid making your IP accessible to those who wish to attack you. For example, to perform a file transfer over most IM services, your IP must be sent to the other user.

I don't follow that last bit.... I've got his name blocked, and this other out of the blue hacker, so file transfers are out of the question.... What other ways can I protect my IP?

[DrV]

Does NetZero have some kind of proprietary connection manager? It's usually better to use the regular built-in Windows dial-up connection support rather than some (possibly buggy) third-party app, but I guess some ISPs (AOL?) require special software...

I tried it w/ NetZero, but it bands me as soon as I connect.... Which ISPs allow the use of Windows built in dialer? =\ Cause it seems steadier that way, at least before NetZero stops it.... =P

I don't know; the only dial-up ISP I've ever used was a local mom-and-pop sort of thing, and it worked fine there.

The best way to prevent a ping attack or any similar attack is to avoid making your IP accessible to those who wish to attack you. For example, to perform a file transfer over most IM services, your IP must be sent to the other user.

I don't follow that last bit.... I've got his name blocked, and this other out of the blue hacker, so file transfers are out of the question.... What other ways can I protect my IP?

Well, if it's just one person in particular, and your ISP doesn't assign a different IP when you reconnect, you're out of luck, but most ISPs just assign a somewhat random IP from a pretty large block. If he can keep attacking you when you have different IPs (check whatismyip.com or similar), then he is still getting your IP somehow...

[yetifoot]

What firewall do you use?

I was reading recently on Steve Gibsons page (grc.com), that some software firewalls are worthless, they only stop some incoming connections (but not all). This would mean that if you have a trojan, it can broadcast your IP quite happily.

I have been using ZoneAlarm (free) for a while now, and it is quite good. Gibson gives it the thumbs up too.

I would suggest a complete re-install. Some trojans/viruses etc are undetectable, especially if you have a rootkit, so anti-virus/anti-spyware is only a limited help.

My recommendations would be.

1. Get Firewall/Anti-Virus/Anti-Spyware software.

My choices are Zonealarm (http://www.zonelabs.com/), AVG antivirus (http://free.grisoft.com), Spybot Search and Destroy (http://www.safer-networking.org/). Other people may be able to reccommend others.

2. Reinstall Windows, and then install the security software(firewall etc) first, before hitting the web and getting the latest updates.

3. Make sure you only access the internet through a user account, not administrator.

4. Visit grc.com and get his utils for switching off uPnP, WM Spam, and other things you will unlikely need, and pose a risk.

5. You could also use tools like xp-antispy, and safexp. however a little more care is needed with these as its easy to break your install.

6. Update with windows/automatic updates, at least the critical ones.

7. Consider using a different browser if using IE. other browsers are not perfect, but tend to have less exploits known and targetted as they are less popular.

This may seem all a bit extreme, and it does take a while on dial-up, but i find its worth it, i have hardly had any problems.

Anyone has any corrections, or other suggestions please post. I have to keep a few non-pc minded peoples PC's ticking over, and its often a losing battle with people who click just yes to anything.

[Anonymous]

Well, I found in the past, Ctrl+Alt+Del was the fastest way to kill it, w/o going through a long wait before NetZero finialy got the idea it had crashed....

I see you have learned the ways of the Dark Side as well.

[Rattrapmax6]

@DrV: Well, they seem to be able to ping gaim no matter if my IP changes (and it does) .... They are ment for gaim, and I take it, it just sends bugged IMs over and over locking it up.. Cause when they fail, I'll get:

(hh:mm.ss) Hacker'sIM:_____________________
_____________________________________________
_____________________________________________
_____________________________________________
_____________________________________________

Just longer.... And when I got mad at the other guy, the QBer, he explianed it was a hack for gaim, that pinged everyone on their buddy list, or something like that.. And I've sovled my problems so far by just staying off AIM.. Which I use rarely, cause MSN and YIM have better smileys.... XD

@Yetifoot: Yeah, I had a firewall before, twas the NVidia that came w/ my mobo.... But apon asking xteraco, he suggested ZoneAlarm also.. Which seems to be doing a good job..

I also have Avira AntiVir... (which is constantly updating every time I log on.. -_- .. Making me hate dail up even more.. lol ).. and I have Ad-Aware-SE for spyware, etc....

I use Firefox, works loads better imho.. =) ..

The only issue I have is the reinstall.... I have alot of data on here, etc.. Mods, settings, files I downloaded (and carelessly deleted the installers (I never thought about this until I corrupted the FBC.exe .. Luckly I managed to get a spare exe to replace mine, w/o getting the 1-2mb installer agian... -_-)) ..... Plus, I don't trust my current CDs, I got them years ago, and so far, they suck.... I need to get new ones....

I need it, 'cause AOL still has crap packed back in some of the dumbest places.... But, I'm paranoid.. heh, maybe if i get CDs I feel I can trust.... But then there is err on my part, if I forget to back up a file.... >_< .... yes, paraniod.....

[NecrosIhsan]

Does NetZero have some kind of proprietary connection manager? It's usually better to use the regular built-in Windows dial-up connection support rather than some (possibly buggy) third-party app, but I guess some ISPs (AOL?) require special software...

When I used NetZero many many moons ago, it used the same dialup adapters as any other normal ISP uses, but of course, they could have changed since then. Back then, the only ISPs to be retarded and use alternate dialup adapters were AOL and Compuserve...