Battle with the hacker continues.

Only way to get rid of this bootsector virus/ sploitz would be to start from scratch.

If anyone's using ubuntu or similar debian distro I need to ask you a Q. Is your gnome dictionary app working? Mine has never worked which leads me to be suspecious. It is possible the sploitz-hax0r is using my own dictionary database to hack into my linux box.

Btw, I've returned my lappy for it did not have bootsector protection. I needed that to know FOR sure I can eliminate one varieble at a time. I've notice I've installed antihook.exe and my lappy came to a crawl(fresh reinstall btw). So I've decided to try icesword.exe to see if pick's up anything, he/she/asshole promptly rebooted my lappy and It wouldn't boot anymore after that.

Heh. He's damn good.

Also could someone recommend a good fdisk utility for ntfs? Thanks.

Gibzilla said:

Also could someone recommend a good fdisk utility for ntfs? Thanks.

Click to expand...

You want a fdisk to like make sure the boot sector of the drive will be good?

Use dban and low level the entire drive. That should clear it up.

Thanks, I'll try that. next I need to flush out my bios.

check this out.

About the CIH Virus
Yesterday and today April 26, 1999 we have received a number of requests for information about the virus for this reason we are posting the information below

Once the virus is triggered the first 2048 sectors of each hard drive in the computer are overwritten with random data. This area of the hard drive contains important information about the files on the computer. Without this file information the computer will think the hard drive is empty. The virus will also write one byte of data to the BIOS boot block which is critical for booting a computer. Writing to the system BIOS can be prevented by setting a jumper on most motherboards. Contact the computer vendor or motherboard vendor for assistance with their product. If the virus succeeds in reprogramming the flash BIOS ROM, there is no software remedy for it: your PC will no longer be bootable and the flash BIOS will need to be replaced or re-programmed in a special EEPROM programming device. Where the flash BIOS ROM is permanently attached to the motherboard, the entire motherboard will need replacing. The damage caused to the information on the hard disk is possibly recoverable by using data recovery services, and the success depends on the disk size, format, fragmentation etc.

Click to expand...

Things are s tarting to make sense now.

my dictionary is working (ubuntu 6.06)
Is there a hole in that app?

Darakian said:

my dictionary is working (ubuntu 6.06)
Is there a hole in that app?

Click to expand...

Mine hangs forever. I have to forcekill it.

hmmmm that's really odd. The program does access a remote database for it's lookup so it might be due to this hacker guy. Good luck with this

Gibzilla said:

Thanks, I'll try that. next I need to flush out my bios.

check this out.

Things are s tarting to make sense now.

Click to expand...

Jebus Christ, do you have to start a new thread every single time? A search on your name pulls up over a dozen of your pointless ramblings. This is a PEBKAC issue.

And now you're implying that the CIH virus from 1999 is one of the reasons behind your mishaps?

I'm sure your make-believe uber-h4x0r has better things to do than dick around with your computer.

that's exactly what all his posts are , "make believe" , not enough attention from mommy and daddy or something...

the whole thing is flawed, has holes left and right, it's complete and utter BS and generally it makes me laugh and for that I am grateful

"next I need to flush out my bios" LMFAO

you never know until you experence these sort of things. Until then you'll be just like old self, completely oblivious. Yes the matrix has you.

This reminds me of my CS hacking days. though people say Vac2 will get every aimbot there are private hacks that never gets detected.

IF i had a way to compromise any system I wanted, Would I want to give that secret out?

The matrix has us? These posts go from wacky to just retarded.

Here's what you do:

1. Turn off your computer
2. Unplug everything from the back
3. Take all computer items to the curb with a sign saying: "Free stuff"
4. Enter into a closet
5. Start rocking back and forth saying "They won't find me"

Now go flush your BIOS!

flushing by flashing. thank you very much.

I am going to be unhooking everything just to be sure. It seemed to disappear on my main desktop after I followed people's advise and wrote zeros on my HD.

The reason I suspected him/she/it fucking with my motherbios was that.

1, I had downloaded bios from Asus.com and left it on my windows desktop for a few days before I flashed it.
2, computer hanged and acted in all weird behavior after the bios flash ( come on this is asus we are talking about )
3, When I reformatted to linux ( pre - zero out) and try to reflash the bios with fresh bios, my ubuntu kept wanted to write mysterious 400k invisible file on the floppy which didn't show up on nautilus. Only after I booted up using the floppy, someone copied "TRAS~1" folder onto my floppy thus filling up my floppy. So there was reason for him/her/it to try and prevent me from deleting the old bios that I flashed after leaving it on my desktop for a few days.
4. Few hours after saving my dlink router settings on my desktop, I couldn't access the router. Only after hardware resetting the router brought the internet backup. I suspect he/she/it edited the router config file .gws and uploaded it to the router.
5, He/she/it would lock my CTRL button down when he/she/it took over my computer thus making me unable to use netstat.
6, I'm not sure but, newer Asus boards come with 4 mb eeprom. Plenty of room to manuver if you ask me. I've pw locked my bios btw along with pw on the bootsector.

But like I said it "SEEMED" to have gone away since the flash, zero fill and fresh ubuntu. Still I'm a little leery because this ubuntu was downloaded on an infected ( oblivious at the time ) computer. That's why I've ordered a new copy of ubuntu from amazon along with new HD and possibly a new mother board. I've already threw out all the burned torrents and stuff.

As for why he/she/it is doing this to me, I cannot tell you but I believe I Know why.

wtf is going on in here?

the chances your ubuntu got hacked are slim to none. also, why are you running windows executables on a ubuntu machine to try to detect anything?

are you drunk? on drugs? retarded?

draconius said:

wtf is going on in here?

the chances your ubuntu got hacked are slim to none. also, why are you running windows executables on a ubuntu machine to try to detect anything?

are you drunk? on drugs? retarded?

Click to expand...

I cannot trust the downloaded copy of ubuntu on an infected machine. I'll let you know for CERTAIN when a known clean one comes in the mail from amazon.

Besides, Would you have believe If I told you I could hack into your phone before it was well publicized?

Why are you posting on these forums...We are the ones hacking you!!!! Duh! We are the matrix!

Gibzilla said:

I cannot trust the downloaded copy of ubuntu on an infected machine. I'll let you know for CERTAIN when a known clean one comes in the mail from amazon.

Besides, Would you have believe If I told you I could hack into your phone before it was well publicized?

Click to expand...

Wow dude.. thats some serious paranoia.. All it sounds like is a bad flash.. I've had those before.. just reflash (using a dos disk) with your old bios..

Next time you see these weird things going on.. pull your network cord and see if they stop...

Danith said:

Next time you see these weird things going on.. pull your network cord and see if they stop...

Click to expand...

Yes I've tried that and yes it did stop. Thanks.

Gibzilla said:

Yes I've tried that and yes it did stop. Thanks.

Click to expand...

I love this thread! Can we make this a sticky!

Gibzilla said:

I cannot trust the downloaded copy of ubuntu on an infected machine. I'll let you know for CERTAIN when a known clean one comes in the mail from amazon.

Besides, Would you have believe If I told you I could hack into your phone before it was well publicized?

Click to expand...

uhhh...there are MD5 checksums for a reason buddy. Take off your tinfoil hat, take a step away from computers for a day or two and try again. You are pebkacing on a legendary scale here, either to get attention or because you dont know better.

Oh btw, ripley's believe it or not, My mouse pointer just walked all the way across my screen on it's own. Surreal experience watching it dance slowly across the screen. ( i swear upon my family last name this has just happend )

Well I at least now I know this install is also borked. Only way to know for sure if I'll ever get rid of this "entity" is to wait for my ubuntu dvd to arrive.

well.. run netstat.. or etheral.. find out where the traffic is coming from and block the ip.. also if it's a linux machine download chkrootkit and run it.

Gibzilla said:

Oh btw, ripley's believe it or not, My mouse pointer just walked all the way across my screen on it's own. Surreal experience watching to dance slowly across the screen. ( i swear upon my family last name this has just happend )

Well I at least now I know this install is also borked. Only way to know for sure if I'll ever get rid of this "entity" is to wait for my ubuntu dvd to arrive.

Click to expand...

Umm. Stop taking drugs before you get on the computer and the internet please.

I've just turned off and on the modem. but thanks, I'll try what you recommended now.

My mouse pointer used to do that too. Didn't even consider a hacker. Figure it was the pattern on my keyboard tray. When the light in the mouse would dim down the pickup would think the pattern moved and activate my mouse and register a move in one direction or another.

Also my old logitech optical mouse would jump to the edge of the screen randomly.

Lol, did you get rid of your wireless mouse and keyboard? If so the cord probably dragged the mouse across the screen because you stepped on it.

The only way to get rid of anything is to buy new parts and spend no less then $3,000 on a new system, only then will they stop!



Yeah, a sticky on paranoia!

I told you nothing on my puter is wireless now. The laptop was wireless and I ditched that shit machine long ago. This is my second desktop machine. My main AMD machin at my condo doesn't do this kind weird shit.

tcp 0 0 localhost:42457 localhost:50558 ESTABLISHED
tcp 0 0 localhost:50558 localhost:42457 ESTABLISHED
tcp 0 0 192.168.1.2:43390 rev177.asus.com:www ESTABLISHED
tcp 0 0 192.168.1.2:41750 72.14.253.147:www ESTABLISHED

last ip is g00gle so ... so far nothing.

My bet is you are being hacked from 127.0.0.1....

It is a known super-hacker from germany..

try netstat -a
this should also show ports that are open waiting for information/connections..

Heres what mine shows at the end..

naw, it's not in my mind.

Thanks Danith for pointing me to ethereal. Now if I can just figure out how to bypass the install errors.

IIRC it should be in the ubuntu package repository.. the command should be something like apt-get install etheral and it should install every thing where it should be..

Not entirely sure on the command as I use gentoo..

arrowhead@dvd:~$ netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:51598 *:* LISTEN
tcp 0 0 localhost:ipp *:* LISTEN
tcp 0 0 localhost:42457 *:* LISTEN
tcp 0 0 192.168.1.2:45290 rev177.asus.com:www ESTABLISHED
tcp 0 0 localhost:42457 localhost:50558 ESTABLISHED
tcp 0 0 localhost:50558 localhost:42457 ESTABLISHED
tcp 0 0 192.168.1.2:43949 mirror.sg.depaul.ed:ftp ESTABLISHED
tcp 0 0 192.168.1.2:41750 72.14.253.147:www ESTABLISHED
udp 0 0 *:bootpc *:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 10937 /tmp/.gdm_socket
unix 2 [ ACC ] STREAM LISTENING 11026 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 12115 /tmp/ssh-eSuzrL4763/a gent.4763
unix 2 [ ACC ] STREAM LISTENING 12139 /tmp/orbit-arrowhead/ linc-12cb-0-1f3ff0eb5af28
unix 2 [ ACC ] STREAM LISTENING 12149 /tmp/orbit-arrowhead/ linc-129b-0-45d9ab106cb52
unix 2 [ ACC ] STREAM LISTENING 12309 /tmp/.ICE-unix/4763
unix 2 [ ACC ] STREAM LISTENING 12318 /tmp/keyring-kqeQIe/s ocket
unix 2 [ ACC ] STREAM LISTENING 12330 /tmp/orbit-arrowhead/ linc-12d0-0-451b21f41663
unix 2 [ ACC ] STREAM LISTENING 11225 @/tmp/hald-local/dbus -dqEIkAnTRC
unix 2 [ ACC ] STREAM LISTENING 12354 /tmp/orbit-arrowhead/ linc-12d2-0-7be0bcae87a58
unix 2 [ ACC ] STREAM LISTENING 12362 /tmp/.esd-1000/socket
unix 2 [ ACC ] STREAM LISTENING 12852 /tmp/orbit-arrowhead/ linc-1326-0-1850ef9f59b4b
unix 2 [ ACC ] STREAM LISTENING 12392 /tmp/orbit-arrowhead/ linc-12db-0-101d6e236890a
unix 2 [ ACC ] STREAM LISTENING 12424 /tmp/orbit-arrowhead/ linc-12e5-0-1e0876d71bdc1
unix 2 [ ACC ] STREAM LISTENING 12443 /tmp/orbit-arrowhead/ linc-12e1-0-1e0876d72e1a0
unix 2 [ ACC ] STREAM LISTENING 12477 /tmp/orbit-arrowhead/ linc-12e3-0-1e0876d75a596
unix 2 [ ACC ] STREAM LISTENING 12547 /tmp/orbit-arrowhead/ linc-12ee-0-1e0876d7dabf5
unix 2 [ ACC ] STREAM LISTENING 12563 /tmp/orbit-arrowhead/ linc-12f1-0-31be2cdae8890
unix 2 [ ACC ] STREAM LISTENING 12601 /tmp/orbit-arrowhead/ linc-12f3-0-da39aa74903b
unix 2 [ ACC ] STREAM LISTENING 12623 /tmp/orbit-arrowhead/ linc-12f5-0-da39aa7654e1
unix 2 [ ACC ] STREAM LISTENING 12655 /tmp/orbit-arrowhead/ linc-1303-0-3300398e552aa
unix 2 [ ACC ] STREAM LISTENING 12702 /tmp/mapping-arrowhea d
unix 2 [ ACC ] STREAM LISTENING 12726 /tmp/orbit-arrowhead/ linc-130e-0-571002006ff4a
unix 2 [ ACC ] STREAM LISTENING 12743 /tmp/orbit-arrowhead/ linc-1310-0-57100200c4a83
unix 2 [ ACC ] STREAM LISTENING 14453 /tmp/orbit-arrowhead/ linc-1aee-0-988dad2319e7
unix 2 [ ACC ] STREAM LISTENING 13433 /tmp/orbit-arrowhead/ linc-1470-0-7770b77fd8e6d
unix 2 [ ACC ] STREAM LISTENING 13754 /tmp/orbit-arrowhead/ linc-1593-0-5fae2d073f2b5
unix 2 [ ACC ] STREAM LISTENING 13609 /tmp/orbit-arrowhead/ linc-14f8-0-3cc57f5770de3
unix 2 [ ACC ] STREAM LISTENING 15347 /tmp/orbit-arrowhead/ linc-1cc7-0-4e69209672c17
unix 2 [ ] DGRAM 13409 /dev/log
unix 2 [ ] DGRAM 5069 @/org/kernel/udev/ude vd
unix 2 [ ] DGRAM 11234 @/org/freedesktop/hal /udev_event
unix 2 [ ACC ] STREAM LISTENING 11226 @/tmp/hald-runner/dbu s-lLRdojE8j8
unix 2 [ ACC ] STREAM LISTENING 13244 /var/run/cups/cups.so ck
unix 2 [ ACC ] STREAM LISTENING 11202 /var/run/dbus/system_ bus_socket
unix 2 [ ACC ] STREAM LISTENING 12120 @/tmp/dbus-eus7H6Y02j
unix 2 [ ACC ] STREAM LISTENING 9952 /var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 11767 /var/run/sdp
unix 3 [ ] STREAM CONNECTED 15360
unix 3 [ ] STREAM CONNECTED 15359
unix 3 [ ] STREAM CONNECTED 15357 /tmp/.esd-1000/socket
unix 3 [ ] STREAM CONNECTED 15356
unix 3 [ ] STREAM CONNECTED 15354 /tmp/orbit-arrowhead/ linc-1cc7-0-4e69209672c17
unix 3 [ ] STREAM CONNECTED 15353
unix 3 [ ] STREAM CONNECTED 15352 /tmp/orbit-arrowhead/ linc-12d0-0-451b21f41663
unix 3 [ ] STREAM CONNECTED 15351
unix 3 [ ] STREAM CONNECTED 15350 /tmp/orbit-arrowhead/ linc-1cc7-0-4e69209672c17
unix 3 [ ] STREAM CONNECTED 15349
unix 3 [ ] STREAM CONNECTED 15346 /tmp/orbit-arrowhead/ linc-12cb-0-1f3ff0eb5af28
unix 3 [ ] STREAM CONNECTED 15345
unix 3 [ ] STREAM CONNECTED 15342 /tmp/.ICE-unix/4763
unix 3 [ ] STREAM CONNECTED 15341
unix 3 [ ] STREAM CONNECTED 15337 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15336
unix 3 [ ] STREAM CONNECTED 15304 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15303
unix 3 [ ] STREAM CONNECTED 14497 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 14496
unix 3 [ ] STREAM CONNECTED 14456 /tmp/orbit-arrowhead/ linc-1aee-0-988dad2319e7
unix 3 [ ] STREAM CONNECTED 14455
unix 3 [ ] STREAM CONNECTED 14452 /tmp/orbit-arrowhead/ linc-12cb-0-1f3ff0eb5af28
unix 3 [ ] STREAM CONNECTED 14451
unix 3 [ ] STREAM CONNECTED 14440 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 14439
unix 3 [ ] STREAM CONNECTED 13769 /tmp/orbit-arrowhead/ linc-1310-0-57100200c4a83
unix 3 [ ] STREAM CONNECTED 13768
unix 3 [ ] STREAM CONNECTED 13767 /tmp/orbit-arrowhead/ linc-1593-0-5fae2d073f2b5
unix 3 [ ] STREAM CONNECTED 13766
unix 3 [ ] STREAM CONNECTED 13765 /tmp/orbit-arrowhead/ linc-14f8-0-3cc57f5770de3
unix 3 [ ] STREAM CONNECTED 13764
unix 3 [ ] STREAM CONNECTED 13763 /tmp/orbit-arrowhead/ linc-1593-0-5fae2d073f2b5
unix 3 [ ] STREAM CONNECTED 13762
unix 3 [ ] STREAM CONNECTED 13761 /tmp/orbit-arrowhead/ linc-12d0-0-451b21f41663
unix 3 [ ] STREAM CONNECTED 13760
unix 3 [ ] STREAM CONNECTED 13757 /tmp/orbit-arrowhead/ linc-1593-0-5fae2d073f2b5
unix 3 [ ] STREAM CONNECTED 13756
unix 3 [ ] STREAM CONNECTED 13753 /tmp/orbit-arrowhead/ linc-12cb-0-1f3ff0eb5af28
unix 3 [ ] STREAM CONNECTED 13752
unix 3 [ ] STREAM CONNECTED 13617 /tmp/orbit-arrowhead/ linc-14f8-0-3cc57f5770de3
unix 3 [ ] STREAM CONNECTED 13616
unix 3 [ ] STREAM CONNECTED 13615 /tmp/orbit-arrowhead/ linc-12d0-0-451b21f41663
unix 3 [ ] STREAM CONNECTED 13614
unix 3 [ ] STREAM CONNECTED 13612 /tmp/orbit-arrowhead/ linc-14f8-0-3cc57f5770de3
unix 3 [ ] STREAM CONNECTED 13611
unix 3 [ ] STREAM CONNECTED 13608 /tmp/orbit-arrowhead/ linc-12cb-0-1f3ff0eb5af28
unix 3 [ ] STREAM CONNECTED 13607
unix 3 [ ] STREAM CONNECTED 13604 /tmp/.ICE-unix/4763
unix 3 [ ] STREAM CONNECTED 13603
unix 3 [ ] STREAM CONNECTED 13599 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 13598
unix 3 [ ] STREAM CONNECTED 13438 @/tmp/dbus-eus7H6Y02j
unix 3 [ ] STREAM CONNECTED 13437
unix 3 [ ] STREAM CONNECTED 13436 /tmp/orbit-arrowhead/ linc-1470-0-7770b77fd8e6d
unix 3 [ ] STREAM CONNECTED 13435
unix 3 [ ] STREAM CONNECTED 13432 /tmp/orbit-arrowhead/ linc-12cb-0-1f3ff0eb5af28
unix 3 [ ] STREAM CONNECTED 13431
unix 3 [ ] STREAM CONNECTED 13427 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 13426
unix 3 [ ] STREAM CONNECTED 13417 /tmp/.esd-1000/socket
unix 3 [ ] STREAM CONNECTED 13416
unix 3 [ ] STREAM CONNECTED 13249 /var/run/cups/cups.so ck
unix 3 [ ] STREAM CONNECTED 13248
unix 3 [ ] STREAM CONNECTED 12859 /var/run/dbus/system_ bus_socket
unix 3 [ ] STREAM CONNECTED 12858
unix 3 [ ] STREAM CONNECTED 12857 @/tmp/dbus-eus7H6Y02j
unix 3 [ ] STREAM CONNECTED 12856
unix 3 [ ] STREAM CONNECTED 12855 /tmp/orbit-arrowhead/ linc-1326-0-1850ef9f59b4b
unix 3 [ ] STREAM CONNECTED 12854
unix 3 [ ] STREAM CONNECTED 12851 /tmp/orbit-arrowhead/ linc-12cb-0-1f3ff0eb5af28
unix 3 [ ] STREAM CONNECTED 12850
unix 3 [ ] STREAM CONNECTED 12846 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 12845
unix 3 [ ] STREAM CONNECTED 12773 /tmp/.esd-1000/socket
unix 3 [ ] STREAM CONNECTED 12772
unix 3 [ ] STREAM CONNECTED 12771 /tmp/orbit-arrowhead/ linc-12e1-0-1e0876d72e1a0
unix 3 [ ] STREAM CONNECTED 12770
unix 3 [ ] STREAM CONNECTED 12769 /tmp/orbit-arrowhead/ linc-130e-0-571002006ff4a
unix 3 [ ] STREAM CONNECTED 12768
unix 3 [ ] STREAM CONNECTED 12764 /tmp/.esd-1000/socket
unix 3 [ ] STREAM CONNECTED 12763
unix 3 [ ] STREAM CONNECTED 12762 /tmp/orbit-arrowhead/ linc-12e1-0-1e0876d72e1a0
unix 3 [ ] STREAM CONNECTED 12761
unix 3 [ ] STREAM CONNECTED 12760 /tmp/orbit-arrowhead/ linc-1310-0-57100200c4a83
unix 3 [ ] STREAM CONNECTED 12758
unix 3 [ ] STREAM CONNECTED 12750 /tmp/orbit-arrowhead/ linc-1310-0-57100200c4a83
unix 3 [ ] STREAM CONNECTED 12749
unix 3 [ ] STREAM CONNECTED 12748 /tmp/orbit-arrowhead/ linc-12d0-0-451b21f41663
unix 3 [ ] STREAM CONNECTED 12747
unix 3 [ ] STREAM CONNECTED 12746 /tmp/orbit-arrowhead/ linc-1310-0-57100200c4a83
unix 3 [ ] STREAM CONNECTED 12745
unix 3 [ ] STREAM CONNECTED 12742 /tmp/orbit-arrowhead/ linc-12cb-0-1f3ff0eb5af28

I'm having the same issues on my computer. Have been for months now. I googled an IP address that was tring to control RPC (221.208.208.96:36479) and found your thread. There are other IPs too, for instance (60.11.125.54:58423). I have other motherboards and stuff, but that isn't the issue! I'm determined to find out what the hell is going on! I have tried Gnoppix without my hard drive even plugged in, with same result. Can't even get online anymore when I boot to it. I also have an Asus MB...what are some of the other specs on your Hardware? I'm using AV700-MX MB with newest BIN from ASUS (1009.BIN) I also have an ATI RADEON 9500 that I installed about the same time this all started. Let me know if you figure anything out please.

PS - It is understandable why all of you mock us and make fun (I wouldn't believe it either had this not happened to me), but if you don't have anything helpful to say, please don't clutter up this thread more than it already is.

Probably half of those mock us and most of the lurkers have already been compromised already and don't know it or in denial or they are THE antagonists.

Just doing Search on the word ethereal brings up all kinds of "war" techs. Frieghtening.... I must read more of these war stuff.

Once again thanks Danith.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>cd\

C:\>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP gnomie:epmap gnomie:0 LISTENING
TCP gnomie:microsoft-ds gnomie:0 LISTENING
TCP gnomie:50300 gnomie:0 LISTENING
TCP gnomie:netbios-ssn gnomie:0 LISTENING
TCP gnomie:1025 gnomie:0 LISTENING
TCP gnomie:1025 localhost:1105 TIME_WAIT
TCP gnomie:1025 localhost:1107 TIME_WAIT
TCP gnomie:1025 localhost:kpop TIME_WAIT
TCP gnomie:1025 localhost:1111 TIME_WAIT
TCP gnomie:1025 localhost:1113 TIME_WAIT
TCP gnomie:1027 gnomie:0 LISTENING
TCP gnomie:1028 gnomie:0 LISTENING
TCP gnomie:1029 localhost:1030 ESTABLISHED
TCP gnomie:1030 localhost:1029 ESTABLISHED
UDP gnomie:microsoft-ds *:*
UDP gnomie:isakmp *:*
UDP gnomie:1031 *:*
UDP gnomie:4500 *:*
UDP gnomie:ntp *:*
UDP gnomie:netbios-ns *:*
UDP gnomie:netbios-dgm *:*
UDP gnomie:ntp *:*

C:\>

Gibzilla said:

stuff..

Click to expand...

Wow.. not sure how your system is set up.. but if it were me.. I would disconnect it from the network, go into the /tmp directory.. and do a "rm -rf" which would force remove all files recursivly in that directory..

warning - make sure you are in /tmp if you use that command cause if you do it from the root, you will delete everything..

edit: from what it looks like someone (you?) is running basically a whole system out of the tmp directory.. that stuff should not be in there unless ubuntu is setup like that.. (which I'm unsure of and can't check atm..)

edit2: I'm guessing at all of this.. I do not take any responsibility if your computer explodes or someone else's does by following my advice

thadpg, you are way ahead of me. I don't even know what RPC is. This "compromised" system is made up of left over parts. asus p4p se p4 2.8 and nv4.

thadpg and Gibzilla....

Same IP or a friends house? lol Just a guess..


I told you Gibzilla...we are the ones that are the matrix...your actions are causing a wave of problems in it. Wait....

"WHERE DID NEO GO?!??!?!?!" Did you take him Gib?

Danith said:

Wow.. not sure how your system is set up.. but if it were me.. I would disconnect it from the network, go into the /tmp directory.. and do a "rm -rf" which would force remove all files recursivly in that directory..

warning - make sure you are in /tmp if you use that command cause if you do it from the root, you will delete everything..

Click to expand...

Dan, that's just a portion of the file. orginal file was 26086 characters long and posting is limited to 20000 characters so I just cut and pasted the top portion. Anyway, I'll try your suggestion. thanks again.

Bowhuntr11 said:

thadpg and Gobzilla....

Same IP or a friends house? lol Just a guess..

Click to expand...

It's GIb zilla. thanks. as in GIb = from my Quake 1 & 2 days.

Yeah I changed it just for you.

Oh, and you might want to check the following commands..

who - will show you who's currently logged on
lastlog - will show you the last time users were logged in
ps aux - will show you a proccess list of currently running processes - with the all option, wide format, and showing processes that arn't attached to any tty's