NEW HACKER possibly using open DFX Ports

[DC_Scout_67]

I was hacked 6 times in the last week and a half. The last 5 times was while I was online hosting DFX. He got past my "The Shield Deluxe 2008", Ad-aware, and the new Sevice Pack 3 for XP. Even when I ran my Virus Protector and Ad-aware three times each they could find nothing; even tho Windows was warning me that I had been hacked, and my IP and passwords were stolen. On a HUNCH I reinstalled SpyBot which I used to use years ago, and behold, it found a Win32 Trojan and four associated malware.

He uses a fake Google Search Window to cover his activity. After the first time, I reformatted the hard drive, NOT REINSTALLING GOOGLE, and put a new password on the Administrator. STILL a few days later when I was online hosting DFX; he was back to trying to hack me, as I noticed a Google Search Window opening, WHICH I did not reinstall. Four more times that happened, as I tried to close that window as fast as it opened, and my Shield 2008 said I was "Well Protected". Each time Spybot would find the malware. Then I decided I had better change the Administrator Password again, as he may have stolen passwords again. TO MY SHOCK he had apparently shut my password off and actually had the GALL to create his own User Account on my PC with a password.

I have Reported his activity to the authorities, my ISP, and to NovaLogic. So I hope he soon hears the "Bad Boys" tune at his door.

As I can no longer trust "The Shield Deluxe 2008" to protect me, what Internet Security Software would you recommend that will allow me to HOST DFX and DFLW, yet protect me from hackers?

[Hellfighter]

did you report this to google.com as will, i think they would love to get their hands on him as will

disable print and file sharing. there is a flow in windows print & share a hacker can get by all security

[been on the news about Microsoft patch rush job]

he using it to upload and taken over your system.

after you remove all them buggs then disable system restore wait for tobe disable then restart your system

if you can do a bootup scan for virus that maybe in your system

all have you use any 3rd party item to host your game online if so don't use it, he may have found a crack in it and using it to hack your system a back door to say

after system is clean and you done a bootup scan re-enable system restore then

[if system restore is enable and all the bad bugs files are in it can get reloaded back into the system! thats why when you clean the system you must disable it and restart the system it be clean out.]

[DC_Scout_67]

Yes, I did notify Google Techs also. Thanks for the info about the Printer Share problem, will disable it.

Still looking for what other Host's recommend for an Internet Security Suite.

Some of my Regulars use the Windows Live OneCare, and like it. But is it a HASSLE to keep from locking up while Hosting and blocking joiners like PC-cillan did?

[Hellfighter]

i been using

1.) Fix-it 8 never had any trouble with it. (system Suite software)
2.) Black ice (firewall)
3.) Avast (Anti-virus software)
4.) Malwarebytes' Anti-Malware (it even scan for root kits) Steve turn me on to it..

btw this is the news item i was talking about

link: http://www.nytimes.com/external/idg/...-code-for.html

[IcIshoot]

How do you know it was through DFX ports? and what was he doing?


I use comodo firewall - Free full commercial quality. covers both in/outbound traffic plus more.

http://www.comodo.com/

[Steve]

ah damn made a big post then scott turned the server off when i was replying see if i can remember what i put.

i don't quite understand what has happened from your post sorry.

it is very unusual for someone to hack a home user, there is just no point really. i think if someone was going to all that trouble then they would definitely not be opening internet explorer and letting you know they are there at all. really does sound like a piece of malware doing its thing.

if someone is gaining remote access then you would have a trojan in there somewhere, so yes get rid of that shield deluxe app, which sounds like some kind of malware application imo rather than a proper av tool. :/

if you want some free stuff it's worth checking out the following

av
avg http://free.avg.com/download-avg-ant...s-free-edition
or
avira http://www.avira.com/en/download/index.html

firewall
as icishoot said, check out comodo http://www.personalfirewall.comodo.c..._firewall.html but turn of the defence+ feature, it will cripple your system lol.

network monitor
NetLimiter 2 Monitor http://www.netlimiter.com/download.php is a great tool to see what connections there are to your pc, it will show the process, what ip is connecting and what port it is using


also as chief mentioned, malwarebytes http://www.malwarebytes.org/ is a cracking utility which i use in preference to spybot and adaware which i've used religiously for the past few years, but they just haven't been cutting it at the jobs i've been going to in the past few months.

don't forget to run all your scans in safemode

[atholon]

LOL @ steve.

I am going to try that other anti virus AVG is turning into a pig like Norton.

[IcIshoot]

avast is better then avg - I have heard of cases where people had avg, then ran avast and found tons of virus - plus, it has a cool sounding nuclear warning siren that goes off, making it almost worth it to get a virus


www.avast.com

[Hellfighter]

Quote:

Originally posted by Steve
ah damn made a big post then scott turned the server off when i was replying see if i can remember what i put.

i don't quite understand what has happened from your post sorry.

it is very unusual for someone to hack a home user, there is just no point really. i think if someone was going to all that trouble then they would definitely not be opening internet explorer and letting you know they are there at all. really does sound like a piece of malware doing its thing.

if someone is gaining remote access then you would have a trojan in there somewhere, so yes get rid of that shield deluxe app, which sounds like some kind of malware application imo rather than a proper av tool. :/

if you want some free stuff it's worth checking out the following

av
avg http://free.avg.com/download-avg-ant...s-free-edition
or
avira http://www.avira.com/en/download/index.html

firewall
as icishoot said, check out comodo http://www.personalfirewall.comodo.c..._firewall.html but turn of the defence+ feature, it will cripple your system lol.

network monitor
NetLimiter 2 Monitor http://www.netlimiter.com/download.php is a great tool to see what connections there are to your pc, it will show the process, what ip is connecting and what port it is using


also as chief mentioned, malwarebytes http://www.malwarebytes.org/ is a cracking utility which i use in preference to spybot and adaware which i've used religiously for the past few years, but they just haven't been cutting it at the jobs i've been going to in the past few months.

don't forget to run all your scans in safemode

like to add to this: about comodo defence+ feature

reason it hog the system and may make it run really slow as hell...to disable this item image below says it all



btw i uncheck the green check mark in it all so

Ps don't install Ask.com toolbar into it, i don't like installing toolbars unless i use them a lot, like google.com or ms live toolbar...don't care about other toolbars

some toolbars come with adware to them

Icq toolbar is part of AOL now, so i pass on it as will. sooner or later they kill off ICQ too when they get tire of it

[DevilDog#1]

My solution is simple. Quit playing the dang game

[~MOUSE~]

Quote:

Originally posted by William
like to add to this: about comodo defence+ feature

reason it hog the system and may make it run really slow as hell...to disable this item image below says it all



btw i uncheck the green check mark in it all so

Ps don't install Ask.com toolbar into it, i don't like installing toolbars unless i use them a lot, like google.com or ms live toolbar...don't care about other toolbars

some toolbars come with adware to them

Icq toolbar is part of AOL now, so i pass on it as will. sooner or later they kill off ICQ too when they get tire of it

Why bother installing it if you are just going to turn the defense off ?

[Steve]

tbh its like a lot of apps, it does waaaaay too much stuff, i just want a firewall, not a ton fo other crap that slows down my pc. the firewall is still active afaik

[Hellfighter]

Quote:

Originally posted by Steve
tbh its like a lot of apps, it does waaaaay too much stuff, i just want a firewall, not a ton fo other crap that slows down my pc. the firewall is still active afaik

as steve says its basic a over kill adflack

[IcIshoot]

I turned it off also, got tired of having to approve all the changes. its really a feature for the paranoid - It would for example help slow down the spread of a virus on your computer.


But since I use avast, 90% of the time avast can just repair the file, restoring it to its original condition before the virus infected it. so that with comodo for the firewall I'm all set

IcI

[DC_Scout_67]

ICISHOOT, I am reasonably sure he was using the DFX port because 5 of the 6 times he tried, the ONLY internet program I was using was DFX. AND his fake Google Search Window popped up very shortly after I started hosting the first map. ALSO, I have not seen him try since I switched to Password Games, but that may only be because of SpyBot detecting him, or maybe he got what he wanted. I hope not.

[DC_Scout_67]

STEVE, Yes, Spybot, found the Trojan, when The Shield 2008 failed to find it. AND the MAJOR reason I am sure it was a HACKER not just Malware, is he shut my password off on my Administrator and a USER name was added to my PC with it's own Password.

[IcIshoot]

interesting - never heard of a hacker getting in through dfx, Though on my bhd server I just had a virus a couple weeks back that only seemed to infect the update.exe program in my bhd folders.

FYI, dfx wouldn't have been the only internet program running - you would have had several services running in the background with internet access.

go to start -> run type in cmd. In the command window type in

"netstat -a -b -n" with out the quotes and hit enter - You will then see a list of all the connections on your computer, including those just sitting their listening.


What I would do is change the port number for DFX maybe that on top of a better firewall will keep him away. Would love to know how he did it.

Though - If he is getting in through dfx, your not going to be able to stop it, unless he is using a different protocal then UDP to get in. In order for you to host a DFX server, you will have open up your DFX port in the firewall, allowing the UDP traffic to flow through, thereby exposing your self to his attempts again.


This is where that defense + for comodo would be handy - because if tries to change any files, it should intercept that, requiring you to give the ok. The bad thing of defense+ is to know when to say yes or no - say no to the wrong thing you will mess up the system

[DC_Scout_67]

Okay, then it could have been another way he got in. But it just appeared that way to me, because I was only on the first map. Still, I will leave my site on Passwords for awhile.

I STILL NEED TO KNOW, if anyone is using MS Live OneCare while hosting any of the NovaLogic games IF SO, is it running smooth in the background or causing any problems during the Game?

[IcIshoot]

I agree with you - him getting in only when DFX running is highly suspicious - just keep in mind that in order to host you have to open up the port he is most likely getting in in any firewall you use

I wouldn't use MS Live OneCare - Just look at their record with OS's and all the issues they have - I wouldn't trust them with anti-virus/firewall stuff. Kind of like the saying "jack of all trades, master of none" - they need to stick to OS's and games - leave the firewalls/antivirus to those who specialize in it.


On my game server I use comodo (with defense turned off) and avast antivirus with no issues what so ever.
ici