Remote acessing?

The constant threat: viruses, trojans, spyware, ... the list goes on

Remote acessing?

Post by xTractatorix on Thu May 31, 2012 3:26 pm
([msg=66720]see Remote acessing?[/msg])

So a while ago i found out i had a Trojan horse(Ad-Aware detected it)i have quarantined and deleted it from my system, but i have some questions. Okay so as far as i understand what a Trojan horse does is makes a back door for a hacker to be able to hack my computer?I know the only way a hacker... cracker can remote access my computer is only if i'm connected to the internet, now can a hacker only access my computer through an open port or is there another way he can access my computer? Also how much of a deterrent is a dynamic IP, and also how good is Ad-Awre and AVG against Trojan horses?
Oh yes one more thing yes i am using windows 7... I know, I know but before you judge, i am getting my own computer soon(I'm using the family computer right now) and i will run Ubuntu Linix on it its just that i have used Virtual Box to run Ubuntu on windows but it slowed the computer down, so in the meantime i'm stuck using windows.
xTractatorix
Experienced User
Experienced User
 
Posts: 61
Joined: Sun May 13, 2012 8:42 am
Blog: View Blog (0)


Re: Remote acessing?

Post by WallShadow on Thu May 31, 2012 3:58 pm
([msg=66721]see Re: Remote acessing?[/msg])

A Trojan doesn't have to set up a connection and allow a hacker access, It can have just a regular payload (ex: to delete your System32 folder) just as any other virus can. But as you said, yes, many Trojans do set up an open port and wait for commands from the remote hacker. I'm not exactly sure if a Dynamic IP may save you, but I'd say that it won't. If it is the Trojan that connects to an IRC server, regardless of your IP, the Trojan will still be able to connect. But there are other means of connection, IRC isn't the only thing out there.
User avatar
WallShadow
Contributor
Contributor
 
Posts: 594
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Re: Remote acessing?

Post by LoGiCaL__ on Thu May 31, 2012 4:12 pm
([msg=66722]see Re: Remote acessing?[/msg])

If you do have a dynamic ip address it could just send a ping request to your server that is setup while packet sniffing, or visit a webpage you've set up specifically for this and you would be able to get the current ip address that way.
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1060
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


Re: Remote acessing?

Post by xTractatorix on Thu May 31, 2012 4:23 pm
([msg=66723]see Re: Remote acessing?[/msg])

Once the Trojan has been deleted, am i safe?
xTractatorix
Experienced User
Experienced User
 
Posts: 61
Joined: Sun May 13, 2012 8:42 am
Blog: View Blog (0)


Re: Remote acessing?

Post by wan26 on Thu May 31, 2012 5:02 pm
([msg=66724]see Re: Remote acessing?[/msg])

I am going to suggest that sometimes you may not be safe even after removal of the trojan, because if your attacker was watching your efforts to remove it, they could have worked on your AV to ignore the next trojan they are going to install - letting you believe you have solved the problem so they can continue with whatever they are doing.

Might be a good idea to do a full re install if you're concerned still.
User avatar
wan26
Experienced User
Experienced User
 
Posts: 91
Joined: Sun Jan 22, 2012 6:46 pm
Blog: View Blog (0)


Re: Remote acessing?

Post by xTractatorix on Thu May 31, 2012 8:32 pm
([msg=66726]see Re: Remote acessing?[/msg])

So what your saying is that the Trojan may not have been deleted, but if the Trojan is removed for good am i safe? In other words once the Trojan is removed for good will i still be as susceptible?
xTractatorix
Experienced User
Experienced User
 
Posts: 61
Joined: Sun May 13, 2012 8:42 am
Blog: View Blog (0)


Re: Remote acessing?

Post by limdis on Fri Jun 01, 2012 12:50 pm
([msg=66739]see Re: Remote acessing?[/msg])

xTractatorix wrote:So what your saying is that the Trojan may not have been deleted, but if the Trojan is removed for good am i safe? In other words once the Trojan is removed for good will i still be as susceptible?


I'm not an expert on trojans but I know a little bit about how they can work. From a concept perspective, more advanced trojans will split themselves up so in the event an AV does catch it, only a small portion of code is deleted. This prevents the hacker from having root access to your machine but it still allows a keygen to operate or a automated message to the hacker informing him of losing his access to which machine with all your details. However, MOST trojans you come across aren't like that. You get hit with a trojan cocktail of things, which disables your task manager, deletes your system restore saves, opens ports, etc.

My suggestion to you is that after running your AV, download a fresh copy of it. Disconnect from the net and reinstall. This will give you fresh default settings and will ensure that if the hacker/trojan put itself on the exception list without you easily able to see it, it gets caught. In this case I say you start using Spybot Search & Destroy and make use of the TeaTimer. It alerts you when registry items are changed or something tries to install or access the internet and you can stop it. Finally run a check for registry errors. Check out this thread for some suggestions. SS&D also has a tool for this.

If you still notice strange things happening. Yes a fresh install might be a good idea.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1166
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Remote acessing?

Post by LoGiCaL__ on Fri Jun 01, 2012 2:02 pm
([msg=66742]see Re: Remote acessing?[/msg])

I'd just like to mention that if you're using windows you should run and update all the scans in "safe mode with networking". Also make sure you OS is up to date when you're finished.
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1060
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


Re: Remote acessing?

Post by mShred on Sun Jun 03, 2012 12:43 pm
([msg=66792]see Re: Remote acessing?[/msg])

Yes, viruses can leave backdoors. But like already said above, they can do a number of things. They could unleash a payload just to fuck with your computer. Or they could just be part of a botnet, which is pretty likely. In that case, your computer will probably be making a connection back to him every once in a while. And it probably isn't likely that he's going to be targeting you specifically by keylogging for your Facebook password, but it is something to be aware of. If your virus scanners are updated, and all checks are clean, then you can probably start to feel a little better.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1612
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)



Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests