Intrusion Problem!!

InvisibleSniper · 01-20-2006, 09:33 AM

Hello again,

I have an intrusion problem, it's to do with when I open firefox, it always connects to a site... namely msxsecurity.com on port 1028 and 1027. I do not know how to close it or get rid of what is doing it, can some one please give some support on this topic thanks.

Here is an image link to what I am seeing as I start up firefox.

http://putfile.com/pic.php?pic=1/1909321511.jpg&s=x12

Thanks Again

bulliver · 01-20-2006, 04:31 PM

msxsecurity.com seems to be some sort of site for gaming cheats. Are you a gamer? Did you purchase a hack from this site? If not, looks like you may be part of someone's botnet...

A quick scan reveals:

Code:

PORT     STATE    SERVICE
1027/tcp filtered IIS
1028/tcp filtered unknown

1027 is not a registered port, but they seem to be running some sort of web server there. I could not connect when I attempted (it timed out).

Can you not set up your firewall to block these connections?

InvisibleSniper · 01-20-2006, 09:21 PM

Is there a way I can block a port with cmd?

masonm · 01-20-2006, 09:29 PM

Troj/AdClick-AV is a Trojan for the Windows platform that attempts to connect to various websites and then display selected banner advertisements.

Troj/AdClick-AV queries the www.msxsecurity.com in attempt to open redirect.php, a script file that contains redirect instructions.

You should be able to clean this with a decent AV app.

InvisibleSniper · 01-24-2006, 02:37 PM

I have another picture of what has happened but this time it's a picture of a BitDefender Firewall complaining about www.msxsecurity.com accessing the Internet. But the terrible thing is that when I don't allow it access, I can not use firefox, because it blocks the firefox.exe program and not just the ports that site is using.

Here is that picture of BitDefender Firewall complaining.
http://putfile.com/pic.php?pic=1/2314380743.jpg&s=x4

Some more help would be good... any recommendations on some good port blocking firewalls?

InvisibleSniper · 01-25-2006, 02:22 PM

Hi again,

I tried to tracert LocalHost today... in other words I tried the command:
tracert 127.0.0.1 and for some reason the only traced path it gave me was www.msxsecurity.com. Can someone please tell me what is going on and how I can fix it please. Thanks All.

Also here is a screen shot of a cmd after I tried to tracert the local host.
http://putfile.com/pic.php?pic=1/2414210365.jpg&s=x4

tredegar · 01-26-2006, 08:45 AM

InvisibleSniper,

Your screenshots show that you are running windows.
So why are you asking questions on a linux forum?

Edit: I realise that this is "General", but I think you'd get better advice from a windows forum.

alred · 01-26-2006, 09:31 AM

if you wanted to , probably you can try these two app for xp if you had not came across them already ::

Starter

and

ProcessExplorer

the first one may show you some unwarranted startups in your machine(can choose to temp. disable or delete them) while the second one probably will help you in tracing the location of troublesome app/services but beware of the first one though ...

not really an answer but hope it helps ...

.