Welcome to WebmasterWorld Guest from

Forum Moderators: lawman

Message Too Old, No Replies

HELP. Do I have a backdoor.....? Please, no jokes :>)

I found something interesting tonight on winamp....


Thors Hammer

3:10 am on May 2, 2002 (gmt 0)

10+ Year Member

First of all, I hope this is an appropriate area to post this. If not just move it, and sticky me where it went. :)

Ok guys, I know im new here, but here is something that happened to me that is really strange....

I am not sure if i got a virus/backdoor from somewhere, or that if someone else in the house downloaded one (no names mentioned *cough* 'wife' *cough*) :)

when I went to launch winamp and listen to some music, while browsing the forum my play list was gone, and there was just one item in it.

"dj 'something or other' at iseral 'something else' etc.."

I went to play it, just to see what it was, and my puter froze. I rebooted and then it went to a screen I never have seen before, I think it is the live update screen for my mother board. (verrrrrrrry weird).

I had to restart several times, got it to boot. I had to choose which drive to boot from in this screen that I have never used before. Got that done.

Then launched winamp this time being cautious to not play the item....

I looked at the file properties, and it was a link to a ip address;

I did a trace route, and got just to aol firewalls, etc.. then it timed out from there.

Here is what the trace route said;

Tracing route to bsac1-0-s03.shoutcast.net []
over a maximum of 30 hops:

1 42 ms 27 ms 41 ms ------my info :>) -------- [xxx.xxx.xxx.xxx]
2 41 ms 55 ms 41 ms sl-gw37-fw-0-0-TS4.sprintlink.net [
3 41 ms 55 ms 41 ms sl-bb22-fw-4-0.sprintlink.net []
4 55 ms 55 ms 69 ms sl-bb20-atl-11-1.sprintlink.net []

5 69 ms 69 ms 82 ms sl-bb21-rly-14-0.sprintlink.net []

6 69 ms 82 ms 69 ms sl-bb27-rly-11-0.sprintlink.net []

7 82 ms 82 ms 69 ms sl-st20-ash-14-2.sprintlink.net []
8 68 ms 83 ms 82 ms sl-ameronl-14-0.sprintlink.net []

9 68 ms 83 ms 69 ms bb2-ash-P1-0.atdn.net []
10 82 ms 82 ms 69 ms bb2-dtc-P0-2.atdn.net []
11 82 ms 69 ms 82 ms pop1-dtc-P15-0.atdn.net []
12 69 ms 96 ms 69 ms ptne1-dc3-P0-0.atdn.net []
12 69 ms 96 ms 69 ms ptne1-dc3-P0-0.atdn.net []
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Trace complete.

I see that the ip family belongs to Spinner Networks.

When i put the ip address into my browser it did nothing. But then i noticed when i hovered my cursor over it, there was a new additional link in the address history that drops down, and added to that ip was /listen.pls Any idea what this is????

when i tried to go to that ip with the listen.pls extension, it continued to try to connect over and over, and then the name in winamp changed to;

ICY 401 service unavailable []

now is that weird or what???

My norton went south a few weeks ago, and I hadnt reinstalled, going to NOW (just after this post). And run an update and scan.

I tried to connect up to the ip w/port with ftp and telnet, and i was unable to make a connection (just wanted to try for the heck of it, to see if I would atleast get refused. One of them said the 'service' was unavailable

So, am I just playing to part of the Worry Wart, or do you all think something is up???



3:30 am on May 2, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Shoutcast is part of Winamp's streaming music service. Perhaps that file is just a "shortcut link" that tries to connect to one of their streaming stations. Like those REALPlayer links you can save.

Not sure why your motherboard update was popping up and how you got those screens but I'd run a few virus/trojan checks just to be sure.

Thors Hammer

4:29 am on May 2, 2002 (gmt 0)

10+ Year Member

well, now on top of everything else I cant resinstall norton. I go to uninstall it and it says i am missing nav95.isu . And when i try to install 2002 it wont let me install it, without uninstalling the previous version.

Gurrrrrrr, why me??????

This is more than just frustrating....

Any ideas??


Thors Hammer

5:20 am on May 2, 2002 (gmt 0)

10+ Year Member

Thanks pageoneresults. Im gonna bookmark that one. I took the plunge and went in to regedit, and got rid of all the keys for nav. And then edited my autoexec.bat file.

And am reeinstalling successfully finally nav.

Man I tell you, technology is supposed to make things so much easier, but doesnt it seem to be going backwards??





Featured Threads

Hot Threads This Week

Hot Threads This Month