LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices



Reply
 
Search this Thread
Old 01-20-2006, 10:33 AM   #1
InvisibleSniper
Member
 
Registered: Jul 2005
Location: Australia
Distribution: Debian
Posts: 113

Rep: Reputation: 15
Intrusion Problem!!


Hello again,

I have an intrusion problem, it's to do with when I open firefox, it always connects to a site... namely msxsecurity.com on port 1028 and 1027. I do not know how to close it or get rid of what is doing it, can some one please give some support on this topic thanks.

Here is an image link to what I am seeing as I start up firefox.

http://putfile.com/pic.php?pic=1/1909321511.jpg&s=x12

Thanks Again
 
Old 01-20-2006, 05:31 PM   #2
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760
Blog Entries: 4

Rep: Reputation: 77
msxsecurity.com seems to be some sort of site for gaming cheats. Are you a gamer? Did you purchase a hack from this site? If not, looks like you may be part of someone's botnet...

A quick scan reveals:
Code:
PORT     STATE    SERVICE
1027/tcp filtered IIS
1028/tcp filtered unknown
1027 is not a registered port, but they seem to be running some sort of web server there. I could not connect when I attempted (it timed out).

Can you not set up your firewall to block these connections?

Last edited by bulliver; 01-20-2006 at 05:32 PM.
 
Old 01-20-2006, 10:21 PM   #3
InvisibleSniper
Member
 
Registered: Jul 2005
Location: Australia
Distribution: Debian
Posts: 113

Original Poster
Rep: Reputation: 15
Is there a way I can block a port with cmd?
 
Old 01-20-2006, 10:29 PM   #4
masonm
Senior Member
 
Registered: Mar 2003
Location: Following the white rabbit
Distribution: Slackware64 13.37 Android 4.0
Posts: 2,248

Rep: Reputation: 46
Troj/AdClick-AV is a Trojan for the Windows platform that attempts to connect to various websites and then display selected banner advertisements.

Troj/AdClick-AV queries the www.msxsecurity.com in attempt to open redirect.php, a script file that contains redirect instructions.

You should be able to clean this with a decent AV app.

Last edited by masonm; 01-20-2006 at 10:30 PM.
 
Old 01-24-2006, 03:37 PM   #5
InvisibleSniper
Member
 
Registered: Jul 2005
Location: Australia
Distribution: Debian
Posts: 113

Original Poster
Rep: Reputation: 15
I have another picture of what has happened but this time it's a picture of a BitDefender Firewall complaining about www.msxsecurity.com accessing the Internet. But the terrible thing is that when I don't allow it access, I can not use firefox, because it blocks the firefox.exe program and not just the ports that site is using.

Here is that picture of BitDefender Firewall complaining.
http://putfile.com/pic.php?pic=1/2314380743.jpg&s=x4

Some more help would be good... any recommendations on some good port blocking firewalls?

Last edited by InvisibleSniper; 01-24-2006 at 03:43 PM.
 
Old 01-25-2006, 03:22 PM   #6
InvisibleSniper
Member
 
Registered: Jul 2005
Location: Australia
Distribution: Debian
Posts: 113

Original Poster
Rep: Reputation: 15
Hi again,

I tried to tracert LocalHost today... in other words I tried the command:
tracert 127.0.0.1 and for some reason the only traced path it gave me was www.msxsecurity.com. Can someone please tell me what is going on and how I can fix it please. Thanks All.

Also here is a screen shot of a cmd after I tried to tracert the local host.
http://putfile.com/pic.php?pic=1/2414210365.jpg&s=x4
 
Old 01-26-2006, 09:45 AM   #7
tredegar
LQ 5k Club
 
Registered: May 2003
Location: London, UK
Distribution: Debian "Jessie"
Posts: 6,038

Rep: Reputation: 373Reputation: 373Reputation: 373Reputation: 373
InvisibleSniper,

Your screenshots show that you are running windows.
So why are you asking questions on a linux forum?

Edit: I realise that this is "General", but I think you'd get better advice from a windows forum.

Last edited by tredegar; 01-26-2006 at 09:51 AM.
 
Old 01-26-2006, 10:31 AM   #8
alred
Member
 
Registered: Mar 2005
Location: singapore
Distribution: puppy and Ubuntu and ... erh ... redhat(sort of) :( ... + the venerable bsd and solaris ^_^
Posts: 658
Blog Entries: 8

Rep: Reputation: 31
if you wanted to , probably you can try these two app for xp if you had not came across them already ::


Starter

and

ProcessExplorer

the first one may show you some unwarranted startups in your machine(can choose to temp. disable or delete them) while the second one probably will help you in tracing the location of troublesome app/services but beware of the first one though ...


not really an answer but hope it helps ...


.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
intrusion? tincat2 Linux - Security 2 01-01-2005 02:56 AM
ssh intrusion! DavidPhillips Linux - General 17 11-19-2004 07:39 AM
Intrusion Detection L1nuxbug Linux - Security 4 07-21-2004 06:20 AM
Intrusion Detection!!! egyptian Linux - Security 2 04-02-2004 12:37 PM
Intrusion Detection? matador Linux - Security 5 09-03-2003 05:44 AM


All times are GMT -5. The time now is 06:37 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration