homepage Welcome to WebmasterWorld Guest from 54.226.180.223
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Local / WebmasterWorld Community Center
Forum Library, Charter, Moderators: lawman

WebmasterWorld Community Center Forum

    
HELP. Do I have a backdoor.....? Please, no jokes :>)
I found something interesting tonight on winamp....
Thors Hammer




msg:501203
 3:10 am on May 2, 2002 (gmt 0)

First of all, I hope this is an appropriate area to post this. If not just move it, and sticky me where it went. :)

Ok guys, I know im new here, but here is something that happened to me that is really strange....

I am not sure if i got a virus/backdoor from somewhere, or that if someone else in the house downloaded one (no names mentioned *cough* 'wife' *cough*) :)

when I went to launch winamp and listen to some music, while browsing the forum my play list was gone, and there was just one item in it.

"dj 'something or other' at iseral 'something else' etc.."

I went to play it, just to see what it was, and my puter froze. I rebooted and then it went to a screen I never have seen before, I think it is the live update screen for my mother board. (verrrrrrrry weird).

I had to restart several times, got it to boot. I had to choose which drive to boot from in this screen that I have never used before. Got that done.

Then launched winamp this time being cautious to not play the item....

I looked at the file properties, and it was a link to a ip address;

205.188.234.3:8046/

I did a trace route, and got just to aol firewalls, etc.. then it timed out from there.

Here is what the trace route said;
C:\WINDOWS>tracert 205.188.234.3

Tracing route to bsac1-0-s03.shoutcast.net [205.188.234.3]
over a maximum of 30 hops:

1 42 ms 27 ms 41 ms ------my info :>) -------- [xxx.xxx.xxx.xxx]
2 41 ms 55 ms 41 ms sl-gw37-fw-0-0-TS4.sprintlink.net [144.232.223.1
25]
3 41 ms 55 ms 41 ms sl-bb22-fw-4-0.sprintlink.net [144.232.11.169]
4 55 ms 55 ms 69 ms sl-bb20-atl-11-1.sprintlink.net [144.232.18.22]

5 69 ms 69 ms 82 ms sl-bb21-rly-14-0.sprintlink.net [144.232.9.197]

6 69 ms 82 ms 69 ms sl-bb27-rly-11-0.sprintlink.net [144.232.14.162]

7 82 ms 82 ms 69 ms sl-st20-ash-14-2.sprintlink.net [144.232.20.7]
8 68 ms 83 ms 82 ms sl-ameronl-14-0.sprintlink.net [144.223.246.14]

9 68 ms 83 ms 69 ms bb2-ash-P1-0.atdn.net [66.185.139.213]
10 82 ms 82 ms 69 ms bb2-dtc-P0-2.atdn.net [66.185.152.118]
11 82 ms 69 ms 82 ms pop1-dtc-P15-0.atdn.net [66.185.140.10]
12 69 ms 96 ms 69 ms ptne1-dc3-P0-0.atdn.net [66.185.145.190]
12 69 ms 96 ms 69 ms ptne1-dc3-P0-0.atdn.net [66.185.145.190]
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Trace complete.

I see that the ip family belongs to Spinner Networks.

When i put the ip address into my browser it did nothing. But then i noticed when i hovered my cursor over it, there was a new additional link in the address history that drops down, and added to that ip was /listen.pls Any idea what this is????

when i tried to go to that ip with the listen.pls extension, it continued to try to connect over and over, and then the name in winamp changed to;

ICY 401 service unavailable [205.188.234.3:8046...]

now is that weird or what???

My norton went south a few weeks ago, and I hadnt reinstalled, going to NOW (just after this post). And run an update and scan.

I tried to connect up to the ip w/port with ftp and telnet, and i was unable to make a connection (just wanted to try for the heck of it, to see if I would atleast get refused. One of them said the 'service' was unavailable

So, am I just playing to part of the Worry Wart, or do you all think something is up???

Thor

 

msgraph




msg:501204
 3:30 am on May 2, 2002 (gmt 0)

Shoutcast is part of Winamp's streaming music service. Perhaps that file is just a "shortcut link" that tries to connect to one of their streaming stations. Like those REALPlayer links you can save.

Not sure why your motherboard update was popping up and how you got those screens but I'd run a few virus/trojan checks just to be sure.

Thors Hammer




msg:501205
 4:29 am on May 2, 2002 (gmt 0)

well, now on top of everything else I cant resinstall norton. I go to uninstall it and it says i am missing nav95.isu . And when i try to install 2002 it wont let me install it, without uninstalling the previous version.

Gurrrrrrr, why me??????

This is more than just frustrating....

Any ideas??

Thor

Thors Hammer




msg:501206
 5:20 am on May 2, 2002 (gmt 0)

Thanks pageoneresults. Im gonna bookmark that one. I took the plunge and went in to regedit, and got rid of all the keys for nav. And then edited my autoexec.bat file.

And am reeinstalling successfully finally nav.

Man I tell you, technology is supposed to make things so much easier, but doesnt it seem to be going backwards??

LOL

:)

Thor

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / WebmasterWorld Community Center
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved