[Coco] OT: ISP SOS
Mike Pepe
lamune at doki-doki.net
Wed Jul 25 23:21:41 EDT 2007
Gene Heskett wrote:
> On Wednesday 25 July 2007, kevdig at hypersurf.com wrote:
>> I can't send outgoing mail. Mozilla 1.8 gives an SMTP connection refused
>> error (This was sent using one of those web mail things). My ISP suggested
>> I try:
>>
>> telnet smtpauth.hypersurf.com 25
>>
>> This gives:
>>
>> telnet: connect to address 209.237.0.12: Network is unreachable
>>
>> I can ping it. I am on dialup and both systems I tried are running Linux
>> 2.4.31 (PowerMac 8600 and Toshiba laptop). Other than nat and masquerade
>> there are no iptable rules/chains installed that I know of.
>>
>> More disturbing, when I added a record <file> option to pppd and did:
>>
>> telnet smtpauth.hypersurf.com
>>
>> and then disconnected I saw some strange content from pppdump <file>:
>>
>> rcvd
>> "\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\f8\91{Z\00\ff\d0
>> \11\a9\b2\00\c0O\b6\e6\fc\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00
>> \00\00\00\00\00\01\00\00\00\00\00\00\00\00\00\ff\ff\ff\ff\18\01\00\00
>> \00\00\0a\00\00\00\00\00\00\00\0a\00\00\00SYSTEM"
>> rcvd "\00\00\00\00\00\00#\00\00\00\00\00\00\00#\00\00\00ALERT\00\00\00\00\00
>> \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00
>> \00\00\00\c2\00\00\00\00\00\00\00\c2\00\00\00 STOP! IMMEDIATE
>> ATTEN TI"
>> rcvd "ON REQUIRED\0a\0a Windows has found "
>> time 0.1s
>> rcvd "CRITICAL SYSTEM ERRORS.\0a\0a Download Registry Clean"
>> rcvd "er from: www.key32.com\0a\0aFAILURE TO ACT NOW MAY LEAD TO DATA LOSS
>> AN D CORRUPTION!\0a\0a\00\00\00\00\00\00\f7\a4~"
>>
>> Any suggestions welcome. My ISP thinks my systems are screwed up?
>>
>> kevin
>>
> www.key32.com, IIRC is a virii site. He's right I believe.
>
> That is disturbing in that the signs all point to the machine being
> compromised, possibly by a botnet infection.
>
> First is to unplug the phone line so it can't do any more damage.
>
> Copy off anything personal to some other storage media, and re-install, then
> make sure the first thing is an update to the latest patches.
>
> Or switch to linux.
>
Yep, you've been hax0r3d.
Time to reinstall!
More information about the Coco
mailing list