Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Recent attack from someone sending udp packet of svchost.exe and dump


  • Please log in to reply

#1
eagem

eagem

    New Member

  • Member
  • Pip
  • 2 posts
Recently my pc got attacked from someone who is sending
Inbound UDP packet.
Local address,service is (0.0.0.0,1027).
Remote address,service is (204.16.XXX.XXX,41838).
Process name is "C:\WINDOWS\System32\svchost.exe".

After awhile, when I browse websites, I keep getting dns error and webpage with error message even network connection is there.

so I disconnect and reboot the pc and restart again, connect to net, browse IE , it still shows that error msg. So finally I had to boot up from cd using 98 boot up version to go command prompt, then reformat c drive and reinstall windows. Now I can connect to internet.

However, I 'd like to know how to fix that problem if it happens again.? and I wish to know how can they send those udp inbound file from their remote address and port.

Edited by eagem, 31 August 2006 - 04:28 AM.

  • 0

Advertisements


#2
pip22

pip22

    Trusted Tech

  • Banned
  • PipPipPipPipPip
  • 2,663 posts
Sounds to me like you do not have a third-party firewall installed. It would stop such attacks before they could do any harm to your system. A good free one is ZoneAlarm and setting it up is easy most of the settings are done automatically:
http://www.zonelabs.com
If you are using Windows XP, it has a built in firewall but it's woefully inadequate because it only monitors traffic one way, on top of which unless you are running SP2 it is not turned on by default. Zonelarm monitors traffic in both directions. Even the free version is miles better than the XP firewall.

You should also consider getting a router to place between your PC and modem. Routers have a built in hardware firewall which offers another level of protection which works invisibly (doesn't tell you anything, just gets on with the job). But the router would also come in useful for sharing a single net connection between 2 or 3 computers in your house (get a wireless router and you won't even need to use wires between them).
  • 0

#3
eagem

eagem

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thanks for your reply pip22. I had Zone alam pro before I got that svchost.exe udp inbound packet. And I set firewall section to High as well as Alert section. So when I opened up any programs including chat programs, alert popped up and notified me everytime. But I forgot to check the DNS or any ISP in alert pop up when any program start. I did click Allow most of the time...but I guess, those programs are being bined with hacker's file to monitor user's activity. When I noticed those DNS, ISP in alerts were not mine..I clicked Deny but that alert was kept coming like over 500 times (yahoo updater.exe was prevented from monitoring user activity). I could get rid off that alert by turning off, but I'd like to see alert with dns, isp details when I open different programs. My another question is how can I check which hacker's file is infacted or bined with existing program files? I tried with Essential Tool, CommView, Process Explorer 6.4...couldn't see any suspected files. Further advices or suggestions are really appreciated.

EageM aka Nick
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP