WARNING****DNSchanger sounds fishy!! Here are a few tricks to check for infection. | |
Nostril Domus (OP) User ID: 9357516 United States 07/08/2012 08:34 PM Report Abusive Post Report Copyright Violation | |
Plane User ID: 17096887 Norway 07/08/2012 08:35 PM Report Abusive Post Report Copyright Violation | this is very fishy indeed. it has been making first page news for more than 2 months. and its not a big deal at all. just a hundred thousand computers.. btw they KNOW the IPs of those computers. because those IPs come throught THEIR servers already. so thy could instantly tell if you are infected. but nooooo. let all the noobs panic about some lame computer virus. i gues internet could go down for more people than it should. Last Edited by Plane on 07/08/2012 08:36 PM |
12.21.12 User ID: 9992933 United States 07/08/2012 08:37 PM Report Abusive Post Report Copyright Violation | |
Nostril Domus (OP) User ID: 9357516 United States 07/08/2012 08:37 PM Report Abusive Post Report Copyright Violation | Maybe its just me being paranoid but why would the FBI keep hosting DNS servers if they know infected clients will hit them?? Maybe to snoop on said computers? And with any infection there is always a notification by your AV provider and updated virus defs and or removal instructions. Something is not adding up. |
Anonymous Coward User ID: 19323139 United States 07/08/2012 08:45 PM Report Abusive Post Report Copyright Violation | |
Plane User ID: 17096887 Norway 07/08/2012 08:48 PM Report Abusive Post Report Copyright Violation | Maybe its just me being paranoid but why would the FBI keep hosting DNS servers if they know infected clients will hit them?? Maybe to snoop on said computers? And with any infection there is always a notification by your AV provider and updated virus defs and or removal instructions. Quoting: Nostril Domus Something is not adding up. this part is prety simple i gues. they dont wana be blamed for shutting down the internet for those people so they give ppl time to clean their computers. and those people are who doesnt have antivirus or doesnt know sht about computers. |
Nostril Domus (OP) User ID: 9357516 United States 07/08/2012 08:50 PM Report Abusive Post Report Copyright Violation | |
Nostril Domus (OP) User ID: 9357516 United States 07/08/2012 08:56 PM Report Abusive Post Report Copyright Violation | Maybe its just me being paranoid but why would the FBI keep hosting DNS servers if they know infected clients will hit them?? Maybe to snoop on said computers? And with any infection there is always a notification by your AV provider and updated virus defs and or removal instructions. Quoting: Nostril Domus Something is not adding up. this part is prety simple i gues. they dont wana be blamed for shutting down the internet for those people so they give ppl time to clean their computers. and those people are who doesnt have antivirus or doesnt know sht about computers. While i agree with it being the most common answer, this could be solved by taking it to your local PC shop if you dont know shit about PC's. I have never seen the Govt step up to offer a fix for an infected PC ever! The Antivirus companies are usually providing fixes. |
Nostril Domus (OP) User ID: 9357516 United States 07/08/2012 09:07 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 14408911 United States 07/08/2012 09:09 PM Report Abusive Post Report Copyright Violation | Maybe its just me being paranoid but why would the FBI keep hosting DNS servers if they know infected clients will hit them?? Maybe to snoop on said computers? And with any infection there is always a notification by your AV provider and updated virus defs and or removal instructions. Quoting: Nostril Domus Something is not adding up. This part is pretty simple I guess. They don't want to be blamed for shutting down the internet for those people, so they give people time to clean their computers, those people who don't have antivirus or don't know sht about computers. I agree. |
Anonymous Coward User ID: 17888588 United States 07/08/2012 09:19 PM Report Abusive Post Report Copyright Violation | |
Nostril Domus (OP) User ID: 9357516 United States 07/08/2012 09:25 PM Report Abusive Post Report Copyright Violation | My first thought was that this was BS. I know it is. Now all these people will go to the site to find out if they are affected. 60,0000 computers is NOTHING so why the heck would they care? Sounds really strange. Quoting: Anonymous Coward 17888588 Glad im not the only one! I would not go anywhere near that site. It may be fine but to error on the side of caution, i would rather be smart and check it myself. However i do know that there are a lot of people that are concerned. I would either take the time to run combofix or malwarebytes and run the netstat commands. Or you could just wait until morning and see. I have a suspicion that most users will not have any issues connecting. |
Resister User ID: 1461638 United States 07/08/2012 09:40 PM Report Abusive Post Report Copyright Violation | None one should trust the FBI (or CIA, or NSA, or DHS, or insert government alphabet agency) as far as you could throw the buildings they work in. That said, there really is no security on line. Sure, there are reliable ISPs and webites that are more reliable and trustworthy than others, but really, once your signal goes out of your house/phone/laptop/tablet it is out there where you have no control whatsoever over it. The internet isn't like real life where you can choose to walk only through the good side of town. Servers and websites are all blind allies of varying levels of risk. Happy surfing folks. "God forbid we should ever be 20 years without such a rebellion. The people cannot be all, & always, well informed... If they remain quiet under such misconceptions it is a lethargy, the forerunner of death to the public liberty... Let them take arms... What signify a few lives lost in a century or two? The tree of liberty must be refreshed from time to time with the blood of patriots & tyrants. " - Thomas Jefferson in 1787 |
Anonymous Coward User ID: 17888588 United States 07/08/2012 09:57 PM Report Abusive Post Report Copyright Violation | |
Nostril Domus (OP) User ID: 9357516 United States 07/08/2012 10:16 PM Report Abusive Post Report Copyright Violation | Flame can gather data files, remotely change settings on computers, turn on PC microphones to record conversations, take screen shots and log instant messaging chats. Kaspersky Lab said Flame and Stuxnet appear to infect machines by exploiting the same flaw in the Windows operating system and that both viruses employ a similar way of spreading. With a new National Security Agency data center coming online and capable of capturing, aggregating and analyzing every digital communication in the United States, cellphones and computers having in excess of 99% penetration across the country, and some 30,000 drones being prepared for domestic operations, we can safely say that a total police state surveillance infrastructure is now in place and fully capable of monitoring everything - and we mean EVERYTHING – that you do. [link to usahitman.com] |
Anonymous Coward User ID: 18096709 United States 07/08/2012 10:24 PM Report Abusive Post Report Copyright Violation | |
Nostril Domus (OP) User ID: 9357516 United States 07/08/2012 11:03 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 19382816 United States 07/08/2012 11:06 PM Report Abusive Post Report Copyright Violation | |
Nostril Domus (OP) User ID: 9357516 United States 07/08/2012 11:11 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 18089244 United States 07/08/2012 11:13 PM Report Abusive Post Report Copyright Violation | |
Sandi_T User ID: 15828781 United States 07/08/2012 11:13 PM Report Abusive Post Report Copyright Violation | I don't understand. I ran the netstat, but what should I be seeing? I'm seeing localhost:##### and then there's like, for example: godlikeproductions.com:http So how would I know if something was connecting to foreign hosts? No more requests in the "Strangest things" thread please. :hf: Past Lives requests thread: Thread: That Which Once Was: Past Lives |
Nostril Domus (OP) User ID: 9357516 United States 07/08/2012 11:15 PM Report Abusive Post Report Copyright Violation | I don't understand. I ran the netstat, but what should I be seeing? Quoting: Sandi_T I'm seeing localhost:##### and then there's like, for example: godlikeproductions.com:http So how would I know if something was connecting to foreign hosts? If all you have open is GLP and its the only thing showing when you runt the commands the you are good. |
Sandi_T User ID: 15828781 United States 07/08/2012 11:18 PM Report Abusive Post Report Copyright Violation | I don't understand. I ran the netstat, but what should I be seeing? Quoting: Sandi_T I'm seeing localhost:##### and then there's like, for example: godlikeproductions.com:http So how would I know if something was connecting to foreign hosts? If all you have open is GLP and its the only thing showing when you runt the commands the you are good. Hmmm, no, I had a couple other things up in firefox. But I also have this 1ga15s28 thing that I don't know what it is. It doesn't go away when I close firefox. and minea11mine something on the -p tcp thing. Last Edited by Sandi_T on 07/08/2012 11:19 PM No more requests in the "Strangest things" thread please. :hf: Past Lives requests thread: Thread: That Which Once Was: Past Lives |
Nostril Domus (OP) User ID: 9357516 United States 07/08/2012 11:19 PM Report Abusive Post Report Copyright Violation | I don't understand. I ran the netstat, but what should I be seeing? Quoting: Sandi_T I'm seeing localhost:##### and then there's like, for example: godlikeproductions.com:http So how would I know if something was connecting to foreign hosts? If all you have open is GLP and its the only thing showing when you runt the commands the you are good. Are you seeing something like this? netstat -b Proto Local Address Foreign Address State TCP 172.16.100.11:57752 a23-64-31-144:http TIME_WAIT TCP 172.16.100.11:57777 74:http ESTABLISHED [iexplore.exe] TCP 172.16.100.11:57779 www-slb-10-01-prn1:http ESTABLISHED [iexplore.exe] TCP 172.16.100.11:57780 www-slb-10-01-prn1:http ESTABLISHED [iexplore.exe] TCP 172.16.100.11:57784 atl14s08-in-f9:https ESTABLISHED [iexplore.exe] TCP 172.16.100.11:57785 atl14s08-in-f9:https ESTABLISHED [iexplore.exe] TCP 172.16.100.11:57786 a23-64-31-144:http ESTABLISHED [iexplore.exe] TCP 172.16.100.11:57792 172.35.0.14:http SYN_SENT [PNAMAIN.EXE] TCP 172.16.100.11:57793 172.35.0.15:http SYN_SENT [PNAMAIN.EXE] TCP 172.16.100.11:57794 192.168.180.235:epmap SYN_SENT RpcEptMapper [svchost.exe] |
Sandi_T User ID: 15828781 United States 07/08/2012 11:21 PM Report Abusive Post Report Copyright Violation | these don't have the [iexplorer] thing next to them (though I use firefox, but we get the idea here). I do have WMP on though. No more requests in the "Strangest things" thread please. :hf: Past Lives requests thread: Thread: That Which Once Was: Past Lives |
Nostril Domus (OP) User ID: 9357516 United States 07/08/2012 11:24 PM Report Abusive Post Report Copyright Violation | I don't understand. I ran the netstat, but what should I be seeing? Quoting: Sandi_T I'm seeing localhost:##### and then there's like, for example: godlikeproductions.com:http So how would I know if something was connecting to foreign hosts? If all you have open is GLP and its the only thing showing when you runt the commands the you are good. Hmmm, no, I had a couple other things up in firefox. But I also have this 1ga15s28 thing that I don't know what it is. It doesn't go away when I close firefox. and minea11mine something on the -p tcp thing. Copy the output and paste it here. Right click on the command prompt and click "Mark" highlight all the text on the screen, the go to the top left on the blue bar and right click, select edit and copy then paste it here. For some reason ctrl-c will not copy correctly. |
Sandi_T User ID: 15828781 United States 07/08/2012 11:25 PM Report Abusive Post Report Copyright Violation | TCP mine11mine:#### 1ga##s##-in-f7.1e###.net:http TIME_WAIT 0 That's what one looks like (with some missing numbers, but you get the idea). No more requests in the "Strangest things" thread please. :hf: Past Lives requests thread: Thread: That Which Once Was: Past Lives |
Nostril Domus (OP) User ID: 9357516 United States 07/08/2012 11:27 PM Report Abusive Post Report Copyright Violation | |
Sandi_T User ID: 15828781 United States 07/08/2012 11:28 PM Report Abusive Post Report Copyright Violation | C:\Documents and Settings\Admin>netstat -b Active Connections Proto Local Address Foreign Address State PID TCP mineallmine:1316 www-slb-10-02-ash3.facebook.com:http TIME_WAIT 0 TCP mineallmine:1319 lga15s28-in-f8.1e100.net:https TIME_WAIT 0 TCP mineallmine:1332 a23-48-127-144.deploy.akamaitechnologies.com:htt p TIME_WAIT 0 TCP mineallmine:1356 r-199-59-150-43.twttr.com:http TIME_WAIT 0 TCP mineallmine:1357 a23-48-127-144.deploy.akamaitechnologies.com:htt p TIME_WAIT 0 C:\Documents and Settings\Admin>netstat -p Active Connections Proto Local Address Foreign Address State C:\Documents and Settings\Admin>netstat -p tcp Active Connections Proto Local Address Foreign Address State TCP mineallmine:1316 www-slb-10-02-ash3.facebook.com:http TIME_WAIT TCP mineallmine:1319 lga15s28-in-f8.1e100.net:https TIME_WAIT TCP mineallmine:1332 a23-48-127-144.deploy.akamaitechnologies.com:htt p TIME_WAIT TCP mineallmine:1356 r-199-59-150-43.twttr.com:http TIME_WAIT TCP mineallmine:1357 a23-48-127-144.deploy.akamaitechnologies.com:htt p TIME_WAIT C:\Documents and Settings\Admin> No more requests in the "Strangest things" thread please. :hf: Past Lives requests thread: Thread: That Which Once Was: Past Lives |
Sandi_T User ID: 15828781 United States 07/08/2012 11:29 PM Report Abusive Post Report Copyright Violation | I dunno why twitter or facebook are on there, I don't use either. No more requests in the "Strangest things" thread please. :hf: Past Lives requests thread: Thread: That Which Once Was: Past Lives |