Bots and Simulations > Internet Mode Commentary
What's going on with the DB server?
Peter:
--- Quote ---I did what you suggests. I didn't see anything on the autostart or service tab I didn't recognise. Still I disabled most of them, but the ones I need for sound, graphic, OP and security software. My computer still tries access through those ports with strange letters; nbname(137)), Ms-ds(445)), nbsess(139)) etc. Whatever it is it's hooked deep in the system. It says it's UDP incoming but it comes from my IP address.
--- End quote ---
The strange letters are names for the ports. The commonly used ports have names, most don't . Try disconnectiong a network cable. Look if it still tries to get acces. If so disable everything in msconfig in the one tab before the last, well and the last too. Security is then not starting up, you would have to manually start up your firewall to see if there is something that tries to get acess, and in that case don't have acess to internet, this is a waste of time if there isn't a try of connection if the connection cable is loos.
If you can find ip's of the computers there is acess to, well post them or try to verify them yourself. You could post a security log too.
--- Quote from: Testlund ---It's my borrowed Ip, for my Internet adaptor. I have dynamic IP. It's not from the DHCP or DNS servers.
--- End quote ---
--- Quote ---The IP you typed above is not from me. I don't recognise it.
--- End quote ---
It are ip addresses often/anytime used for internal networks, so you get them if you get a router.
Edit
Oh yeah the port names, what do they mean.
nbname, nbsess : ports used by netbios. This is used for in an LAN. (so, do you use a router?)
ms-ds, MicroSoft Directory Sharing. Speaks for itself.
If you are not sharing files and/or using a router. Then there is somebody for sure trying to get access to your possible not (existing) network. And to your files.
Edit2
(wait, it came from your computer right. Sounds like a botnet.)
Testlund:
I should probably research this some more, but what you're saying is interesting. It could be the malware is just trying different ways to access, one way in case I COULD be on a LAN with a router. I'm not though. Just one computer connected through an ADSL modem. My ISP might be a little like a router with a LAN network. I don't know.
I don't have any file sharing active. I even uninstalled the hidden 'WebFldrs XP' program. If it still tries to do file sharing smells like malware to me. Maybe that's how BitTorrent works. Ones you've installed it it will continue to do file sharing forever wether you like it or not, until you format the hard drive!
Numsgil:
The bittorrent client is opensource, IIRC, or at least used by a lot of people. A lot of people who use it to download games to get around the copy protections. Meaning they're the sort of people who don't like programs doing sneaky things behind the scenes, and they're smart enough to catch it and connected enough to make sure everyone else knows, too. It's just not the primary culprit here if you uninstalled it. You might have installed something else by accident with the client, but if your virus checker and something like ad-aware don't find anything on your hard drive, then you would have to have something very new, and pretty smart to hide itself well enough that you can't find it. Which is possible, but I don't think it should be the first assumption you jump to.
In msconfig, turn off everything (yes, everything. Even the virus protection, firewalls, everything), unplug yourself from the internet entirely (so it won't matter if you're unprotected for 5 minutes because it's impossible for anything to enter or leave your computer), and then restart windows. Then load up only what you need to see if you're still getting weird firewall things. That will give you a good base point to start from. If you're not, then you know it's something you unchecked. You can check one thing, restart windows, and continue like that (still unconnected from the internet), until you find the culprit.
If it still is doing weird things, double check your msconfig start up tab. If something that you unchecked has checked itself, that's suspicous. Double check that it is what you think it is (it's possible something has attached itself in to that program's exe). If they're still all unchecked, then it's either Windows itself acting weird or a smart and new trojan/adware/virus/etc. Which either way might be a good time to reinstall or switch to another partition or something.
Testlund:
I decided to uncheck everything I don't need regularly. If this is hooked into something I need to have running than there is no other option than a complete uninstall, so no point in disabling it just to see if it's one of those. This access try is done about every 25 minutes through the ports I mensioned above. No harm done, because my firewall blocks whatever it's trying to do, and it doesn't seem to cause system instability.
Alright, this is what I think it's all about:
When you install BitTorrent you also install a server client called BTDNA. This client will always run in the background nomatter if you quit BitTorrent or not. Your computer will be a permanent file server after this. If you uninstall this though it should probably stop. I'm not absolutely sure about that though. These access tries I'm talking about happend AFTER the install of BitTorrent. Maybe some hacker was lucky to get into my system through BitTorrent just for the few minutes I was downloading the file. I don't know. The fact remains that immediately under the install process of BitTorrent there were lots of UNUSUAL popup warnings from my firewall.
Most people may not care if files are getting uploaded/downloaded after install of BitTorrent, even if they quit the program, especially if they keep sharing files a lot anyway, but I don't like it when I can't control WHEN a P2P client is running. The longer you keep running a file sharing application, having ports open for it, the higher the risk some hacker gets through.
I just think BitTorrent is risky business and that's all I'm going to say about it. That's my opinion.
goffrie:
BitTorrent, by itself, is not risky business unless someone tampered with your executable. (Illegally downloaded programs, though, are.) BTDNA is a seperate program installed with BitTorrent - http://www.bittorrent.com/dna/ - and is uninstalled seperately, from what I've heard ( http://forum.bittorrent.com/viewtopic.php?id=663 ). You are right though, it does act as a file server for the BitTorrent network, just not permanently. Nothing is permanent, you know Anyways, if you don't want to deal with the official client, there are lots of others, like Azureus and uTorrent.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version