Author Topic: What's going on with the DB server?  (Read 6393 times)

Offline Testlund

  • Bot God
  • *****
  • Posts: 1574
    • View Profile
    • Games And Electronica
What's going on with the DB server?
« on: May 09, 2008, 10:00:05 AM »
I've been getting all sorts of strangeness over here. DB freeze and unauthorized access logged in the firewall from the DB server IP, and 5 ours ago some ftp from a similar IP tried access to my computer?  
"God is an ever receding pocket of scientific ignorence." - Neil DeGrasse Tyson

"God is a kid with an ant farm" - Constantine

Offline Testlund

  • Bot God
  • *****
  • Posts: 1574
    • View Profile
    • Games And Electronica
What's going on with the DB server?
« Reply #1 on: May 09, 2008, 11:10:40 AM »
I would also like to know if a program called 'WebFldrs XP' is needed for DB. It is a program I found as a HIDDEN install (doesn't show up in add/remove programs. It has to do with FTP sharing.
"God is an ever receding pocket of scientific ignorence." - Neil DeGrasse Tyson

"God is a kid with an ant farm" - Constantine

Offline EricL

  • Administrator
  • Bot God
  • *****
  • Posts: 2266
    • View Profile
What's going on with the DB server?
« Reply #2 on: May 09, 2008, 11:16:13 AM »
Server's working just fine.  The server will never initiate communicaiton to you.  I've never heard of the program you mention although XP has code for accessing "Web Folders" via the DAV protocol so it might be part of Windows.
Many beers....

Offline Testlund

  • Bot God
  • *****
  • Posts: 1574
    • View Profile
    • Games And Electronica
What's going on with the DB server?
« Reply #3 on: May 09, 2008, 12:52:08 PM »
Well... I did the mistake of installing Bittorrent which I suspect started all sorts of nasties both inside and outside my computer. I have uninstalled it now and removed all associated files I could find. Still it appears someone has sniffed me out and tries a directed Denial of Service attack at me, coming from US.
It could have been some temporary glitch that caused my firewall to suddenly block access to DB. Usually it doesn't block anything I've allowed, unless that program's signature changes, or some strange behavior occur, like it tries to do another kind of access.
In any case it appears my own computer is also trying all sorts of accesses which my firewall blocks, like 'nbname, MS-ds, nbsess, http, snmp', which seems associated with my network card. I just hope I didn't get a rootkit installed or something.  
"God is an ever receding pocket of scientific ignorence." - Neil DeGrasse Tyson

"God is a kid with an ant farm" - Constantine

Offline EricL

  • Administrator
  • Bot God
  • *****
  • Posts: 2266
    • View Profile
What's going on with the DB server?
« Reply #4 on: May 09, 2008, 12:53:53 PM »
Sounds like a spam bot.  Better run some AV and anti-spyware stuff soon.
Many beers....

Offline Testlund

  • Bot God
  • *****
  • Posts: 1574
    • View Profile
    • Games And Electronica
What's going on with the DB server?
« Reply #5 on: May 09, 2008, 01:10:18 PM »
DAMN! You think because of those names I mensioned in the log? I HAVE great antivirus and antispy installed already, but I'm aware it can only keep up with the most common malware out there. I guess I'm gonna have to reformat and install.   BAH! I get a bunch of fragmented packages too but I can't block those because it messes up the renewal of my IP. Yawn!
"God is an ever receding pocket of scientific ignorence." - Neil DeGrasse Tyson

"God is a kid with an ant farm" - Constantine

Offline EricL

  • Administrator
  • Bot God
  • *****
  • Posts: 2266
    • View Profile
What's going on with the DB server?
« Reply #6 on: May 09, 2008, 01:14:24 PM »
Just a guess.  If something like Windows Defender says you're clean, then you're probably fine.
Many beers....

Offline Peter

  • Bot God
  • *****
  • Posts: 1177
    • View Profile
What's going on with the DB server?
« Reply #7 on: May 09, 2008, 05:00:34 PM »
Hmm, strange. It could be that the webfldrs xp is some kind of update or something like it.

There is a part of windows that uses it, and it is something you can kill.  

It sounds like this, Iám not completely sure.
 ''msiexec /x C:\Windows\System32\webfldrs.msi''


I would think you would be the last person that gets infected, you seem pretty serious obout system protection.


Probably you have got some program against malware, you could try testing with another one. Atleast it can´t do any harm.
If nothing, there is probably nothing.

I don´t know exactly what it means you´re getting. What program is there being blocked by your firewall.


Hiya, Iám back.

A housefire, a IPS where I had serious troubles with, kept me from wasting my time here.
Oh my god, who the hell cares.

Online Numsgil

  • Administrator
  • Bot God
  • *****
  • Posts: 7714
    • View Profile
What's going on with the DB server?
« Reply #8 on: May 09, 2008, 05:17:10 PM »
Quote from: Peter
Hiya, Iám back.

A housefire, a IPS where I had serious troubles with, kept me from wasting my time here.

A house fire?  That's no excuse!  Maybe if aliens had come down and burned all of Europe off the face of the Earth, you might have an excuse.  

Welcome back

Offline Peter

  • Bot God
  • *****
  • Posts: 1177
    • View Profile
What's going on with the DB server?
« Reply #9 on: May 09, 2008, 05:47:47 PM »
Quote from: Numsgil
Quote from: Peter
Hiya, Iám back.

A housefire, a IPS where I had serious troubles with, kept me from wasting my time here.

A house fire?  That's no excuse!  Maybe if aliens had come down and burned all of Europe off the face of the Earth, you might have an excuse.  

Welcome back
Well, probably I will not come much here in the coming weeks. It is these weeks day nice weather outside(that is´nt really normal in the netherlands , maybe I make take fotos of the sunny days), and I´ve got to finish an intern report.

Well, I am not afraid for aliens that destroy europe. The netherlands is too small to be hit anyway. But, wait you knew it lies in europe. Many other americans just think it is a part of mexico  .

Have you moved or something. I could remember something about you living in kentucky.
Oh my god, who the hell cares.

Online Numsgil

  • Administrator
  • Bot God
  • *****
  • Posts: 7714
    • View Profile
What's going on with the DB server?
« Reply #10 on: May 09, 2008, 05:50:54 PM »
Yep, I moved to sunny California for a programming gig with a video game startup.

Offline Testlund

  • Bot God
  • *****
  • Posts: 1574
    • View Profile
    • Games And Electronica
What's going on with the DB server?
« Reply #11 on: May 09, 2008, 09:23:20 PM »
Quote from: Peter
I would think you would be the last person that gets infected, you seem pretty serious obout system protection.

I needed something that was only available as a Bittorrent file, nothing illegal though. So I took my chances and opened a bag of worms called Bittorrent. I should have cared more about the warnings from my firewall, but I thought I would just give it a try and allow it temporary just to get this file, then I could uninstall it.
I suspect this client is malicious code by itself. The reason I believe that is that I was running under a user account, installed Bittorrent with administrator priviligies by right-clicking and chosing 'Run as...', and imediately I got lots of unusual firewall warnings and this spam bot or whatever got installed. Logically nothing should be able to get downloaded and installed in the system afterwards if it doesn't have administrator access. Bittorrent had though.
I also noticed that traffic continued to/from my computer even after quitting Bittorrent. I've seen that on other people's computers.
Your computer becomes a file server/spam deliverer which you have no control over after installing this program. Don't use it!
"God is an ever receding pocket of scientific ignorence." - Neil DeGrasse Tyson

"God is a kid with an ant farm" - Constantine

Offline Trafalgar

  • Bot Destroyer
  • ***
  • Posts: 122
    • View Profile
What's going on with the DB server?
« Reply #12 on: May 09, 2008, 09:35:15 PM »
Where did you get that Bittorrent client, which one was it? There are a many many different bittorrent clients.


Offline goffrie

  • Bot Builder
  • **
  • Posts: 65
    • View Profile
What's going on with the DB server?
« Reply #13 on: May 09, 2008, 10:00:27 PM »
The official BitTorrent client (at http://www.bittorrent.com/) does not have any malware in it. "Bittorrent" is an improper capitalization, by the way

Also, Window's "administrator"/"limited user" split is a joke. You can do tons with a limited user.
« Last Edit: May 09, 2008, 10:02:04 PM by goffrie »

Offline Testlund

  • Bot God
  • *****
  • Posts: 1574
    • View Profile
    • Games And Electronica
What's going on with the DB server?
« Reply #14 on: May 10, 2008, 09:08:34 AM »
That's the site where I downloaded the client. People may have different opinion what malware is. I just described above what happend when I installed it. If that's not the behavior of malware then I don't know what is. If I was to turn off my firewall for a few days I wouldn't be surprised to get a call from my ISP wondering why my PC has turned into a spam zombie. I don't know what all those letters means with the various ports that my PC suddenly tries to get out on after I've both installed and uninstalled BitTorrent. Never seen it before. Eric suspects the behavior of a spam bot and I have no reason to disbelieve him. I will try to find more information about this later but it's not easy to find. Mostly you just end up on forums where people making guessing games about what it is.
« Last Edit: May 10, 2008, 09:09:12 AM by Testlund »
"God is an ever receding pocket of scientific ignorence." - Neil DeGrasse Tyson

"God is a kid with an ant farm" - Constantine