Visit Jeremy's Blog.
Go Back > Forums > Non-*NIX Forums > General
User Name
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!


  Search this Thread
Old 01-20-2006, 09:33 AM   #1
Registered: Jul 2005
Location: Australia
Distribution: Debian
Posts: 113

Rep: Reputation: 15
Intrusion Problem!!

Hello again,

I have an intrusion problem, it's to do with when I open firefox, it always connects to a site... namely on port 1028 and 1027. I do not know how to close it or get rid of what is doing it, can some one please give some support on this topic thanks.

Here is an image link to what I am seeing as I start up firefox.

Thanks Again
Old 01-20-2006, 04:31 PM   #2
Senior Member
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760
Blog Entries: 4

Rep: Reputation: 78 seems to be some sort of site for gaming cheats. Are you a gamer? Did you purchase a hack from this site? If not, looks like you may be part of someone's botnet...

A quick scan reveals:
1027/tcp filtered IIS
1028/tcp filtered unknown
1027 is not a registered port, but they seem to be running some sort of web server there. I could not connect when I attempted (it timed out).

Can you not set up your firewall to block these connections?

Last edited by bulliver; 01-20-2006 at 04:32 PM.
Old 01-20-2006, 09:21 PM   #3
Registered: Jul 2005
Location: Australia
Distribution: Debian
Posts: 113

Original Poster
Rep: Reputation: 15
Is there a way I can block a port with cmd?
Old 01-20-2006, 09:29 PM   #4
Senior Member
Registered: Mar 2003
Location: Following the white rabbit
Distribution: Slackware64 14.2 Solus
Posts: 2,264

Rep: Reputation: 51
Troj/AdClick-AV is a Trojan for the Windows platform that attempts to connect to various websites and then display selected banner advertisements.

Troj/AdClick-AV queries the in attempt to open redirect.php, a script file that contains redirect instructions.

You should be able to clean this with a decent AV app.

Last edited by masonm; 01-20-2006 at 09:30 PM.
Old 01-24-2006, 02:37 PM   #5
Registered: Jul 2005
Location: Australia
Distribution: Debian
Posts: 113

Original Poster
Rep: Reputation: 15
I have another picture of what has happened but this time it's a picture of a BitDefender Firewall complaining about accessing the Internet. But the terrible thing is that when I don't allow it access, I can not use firefox, because it blocks the firefox.exe program and not just the ports that site is using.

Here is that picture of BitDefender Firewall complaining.

Some more help would be good... any recommendations on some good port blocking firewalls?

Last edited by InvisibleSniper; 01-24-2006 at 02:43 PM.
Old 01-25-2006, 02:22 PM   #6
Registered: Jul 2005
Location: Australia
Distribution: Debian
Posts: 113

Original Poster
Rep: Reputation: 15
Hi again,

I tried to tracert LocalHost today... in other words I tried the command:
tracert and for some reason the only traced path it gave me was Can someone please tell me what is going on and how I can fix it please. Thanks All.

Also here is a screen shot of a cmd after I tried to tracert the local host.
Old 01-26-2006, 08:45 AM   #7
LQ 5k Club
Registered: May 2003
Location: London, UK
Distribution: Debian "Jessie"
Posts: 6,087

Rep: Reputation: 407Reputation: 407Reputation: 407Reputation: 407Reputation: 407

Your screenshots show that you are running windows.
So why are you asking questions on a linux forum?

Edit: I realise that this is "General", but I think you'd get better advice from a windows forum.

Last edited by tredegar; 01-26-2006 at 08:51 AM.
Old 01-26-2006, 09:31 AM   #8
Registered: Mar 2005
Location: singapore
Distribution: puppy and Ubuntu and ... erh ... redhat(sort of) :( ... + the venerable bsd and solaris ^_^
Posts: 658
Blog Entries: 8

Rep: Reputation: 31
if you wanted to , probably you can try these two app for xp if you had not came across them already ::




the first one may show you some unwarranted startups in your machine(can choose to temp. disable or delete them) while the second one probably will help you in tracing the location of troublesome app/services but beware of the first one though ...

not really an answer but hope it helps ...



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
intrusion? tincat2 Linux - Security 2 01-01-2005 01:56 AM
ssh intrusion! DavidPhillips Linux - General 17 11-19-2004 06:39 AM
Intrusion Detection L1nuxbug Linux - Security 4 07-21-2004 05:20 AM
Intrusion Detection!!! egyptian Linux - Security 2 04-02-2004 11:37 AM
Intrusion Detection? matador Linux - Security 5 09-03-2003 04:44 AM > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 07:06 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration