homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Local / WebmasterWorld Community Center
Forum Library, Charter, Moderators: lawman

WebmasterWorld Community Center Forum

HELP. Do I have a backdoor.....? Please, no jokes :>)
I found something interesting tonight on winamp....
Thors Hammer

10+ Year Member

Msg#: 515 posted 3:10 am on May 2, 2002 (gmt 0)

First of all, I hope this is an appropriate area to post this. If not just move it, and sticky me where it went. :)

Ok guys, I know im new here, but here is something that happened to me that is really strange....

I am not sure if i got a virus/backdoor from somewhere, or that if someone else in the house downloaded one (no names mentioned *cough* 'wife' *cough*) :)

when I went to launch winamp and listen to some music, while browsing the forum my play list was gone, and there was just one item in it.

"dj 'something or other' at iseral 'something else' etc.."

I went to play it, just to see what it was, and my puter froze. I rebooted and then it went to a screen I never have seen before, I think it is the live update screen for my mother board. (verrrrrrrry weird).

I had to restart several times, got it to boot. I had to choose which drive to boot from in this screen that I have never used before. Got that done.

Then launched winamp this time being cautious to not play the item....

I looked at the file properties, and it was a link to a ip address;

I did a trace route, and got just to aol firewalls, etc.. then it timed out from there.

Here is what the trace route said;

Tracing route to bsac1-0-s03.shoutcast.net []
over a maximum of 30 hops:

1 42 ms 27 ms 41 ms ------my info :>) -------- [xxx.xxx.xxx.xxx]
2 41 ms 55 ms 41 ms sl-gw37-fw-0-0-TS4.sprintlink.net [
3 41 ms 55 ms 41 ms sl-bb22-fw-4-0.sprintlink.net []
4 55 ms 55 ms 69 ms sl-bb20-atl-11-1.sprintlink.net []

5 69 ms 69 ms 82 ms sl-bb21-rly-14-0.sprintlink.net []

6 69 ms 82 ms 69 ms sl-bb27-rly-11-0.sprintlink.net []

7 82 ms 82 ms 69 ms sl-st20-ash-14-2.sprintlink.net []
8 68 ms 83 ms 82 ms sl-ameronl-14-0.sprintlink.net []

9 68 ms 83 ms 69 ms bb2-ash-P1-0.atdn.net []
10 82 ms 82 ms 69 ms bb2-dtc-P0-2.atdn.net []
11 82 ms 69 ms 82 ms pop1-dtc-P15-0.atdn.net []
12 69 ms 96 ms 69 ms ptne1-dc3-P0-0.atdn.net []
12 69 ms 96 ms 69 ms ptne1-dc3-P0-0.atdn.net []
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Trace complete.

I see that the ip family belongs to Spinner Networks.

When i put the ip address into my browser it did nothing. But then i noticed when i hovered my cursor over it, there was a new additional link in the address history that drops down, and added to that ip was /listen.pls Any idea what this is????

when i tried to go to that ip with the listen.pls extension, it continued to try to connect over and over, and then the name in winamp changed to;

ICY 401 service unavailable []

now is that weird or what???

My norton went south a few weeks ago, and I hadnt reinstalled, going to NOW (just after this post). And run an update and scan.

I tried to connect up to the ip w/port with ftp and telnet, and i was unable to make a connection (just wanted to try for the heck of it, to see if I would atleast get refused. One of them said the 'service' was unavailable

So, am I just playing to part of the Worry Wart, or do you all think something is up???




WebmasterWorld Senior Member 10+ Year Member

Msg#: 515 posted 3:30 am on May 2, 2002 (gmt 0)

Shoutcast is part of Winamp's streaming music service. Perhaps that file is just a "shortcut link" that tries to connect to one of their streaming stations. Like those REALPlayer links you can save.

Not sure why your motherboard update was popping up and how you got those screens but I'd run a few virus/trojan checks just to be sure.

Thors Hammer

10+ Year Member

Msg#: 515 posted 4:29 am on May 2, 2002 (gmt 0)

well, now on top of everything else I cant resinstall norton. I go to uninstall it and it says i am missing nav95.isu . And when i try to install 2002 it wont let me install it, without uninstalling the previous version.

Gurrrrrrr, why me??????

This is more than just frustrating....

Any ideas??


Thors Hammer

10+ Year Member

Msg#: 515 posted 5:20 am on May 2, 2002 (gmt 0)

Thanks pageoneresults. Im gonna bookmark that one. I took the plunge and went in to regedit, and got rid of all the keys for nav. And then edited my autoexec.bat file.

And am reeinstalling successfully finally nav.

Man I tell you, technology is supposed to make things so much easier, but doesnt it seem to be going backwards??




Global Options:
 top home search open messages active posts  

Home / Forums Index / Local / WebmasterWorld Community Center
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved