[eagem]

Recently my pc got attacked from someone who is sending
Inbound UDP packet.
Local address,service is (0.0.0.0,1027).
Remote address,service is (204.16.XXX.XXX,41838).
Process name is "C:\WINDOWS\System32\svchost.exe".

After awhile, when I browse websites, I keep getting dns error and webpage with error message even network connection is there.

so I disconnect and reboot the pc and restart again, connect to net, browse IE , it still shows that error msg. So finally I had to boot up from cd using 98 boot up version to go command prompt, then reformat c drive and reinstall windows. Now I can connect to internet.

However, I 'd like to know how to fix that problem if it happens again.? and I wish to know how can they send those udp inbound file from their remote address and port.

Edited by eagem, 31 August 2006 - 04:28 AM.

[Advertisements]

Sounds to me like you do not have a third-party firewall installed. It would stop such attacks before they could do any harm to your system. A good free one is ZoneAlarm and setting it up is easy most of the settings are done automatically:
http://www.zonelabs.com
If you are using Windows XP, it has a built in firewall but it's woefully inadequate because it only monitors traffic one way, on top of which unless you are running SP2 it is not turned on by default. Zonelarm monitors traffic in both directions. Even the free version is miles better than the XP firewall.

You should also consider getting a router to place between your PC and modem. Routers have a built in hardware firewall which offers another level of protection which works invisibly (doesn't tell you anything, just gets on with the job). But the router would also come in useful for sharing a single net connection between 2 or 3 computers in your house (get a wireless router and you won't even need to use wires between them).

[pip22]

Sounds to me like you do not have a third-party firewall installed. It would stop such attacks before they could do any harm to your system. A good free one is ZoneAlarm and setting it up is easy most of the settings are done automatically:
http://www.zonelabs.com
If you are using Windows XP, it has a built in firewall but it's woefully inadequate because it only monitors traffic one way, on top of which unless you are running SP2 it is not turned on by default. Zonelarm monitors traffic in both directions. Even the free version is miles better than the XP firewall.

You should also consider getting a router to place between your PC and modem. Routers have a built in hardware firewall which offers another level of protection which works invisibly (doesn't tell you anything, just gets on with the job). But the router would also come in useful for sharing a single net connection between 2 or 3 computers in your house (get a wireless router and you won't even need to use wires between them).

[eagem]

Thanks for your reply pip22. I had Zone alam pro before I got that svchost.exe udp inbound packet. And I set firewall section to High as well as Alert section. So when I opened up any programs including chat programs, alert popped up and notified me everytime. But I forgot to check the DNS or any ISP in alert pop up when any program start. I did click Allow most of the time...but I guess, those programs are being bined with hacker's file to monitor user's activity. When I noticed those DNS, ISP in alerts were not mine..I clicked Deny but that alert was kept coming like over 500 times (yahoo updater.exe was prevented from monitoring user activity). I could get rid off that alert by turning off, but I'd like to see alert with dns, isp details when I open different programs. My another question is how can I check which hacker's file is infacted or bined with existing program files? I tried with Essential Tool, CommView, Process Explorer 6.4...couldn't see any suspected files. Further advices or suggestions are really appreciated.

EageM aka Nick