PDA

View Full Version : Someone using TOR is attacking me- HELP !



spungywungy
03-19-2009, 10:59 AM
I have a program which shows the incoming and outgoing connections and 2-* TOR servers is showing up-all at once. They're connecting to my computer...I'm beginning to think they have my IP address, which if they do, I'll be doomed till my ISP changes it (it's comcast cable and they dont change them very often).

Most of my browsers are rendered useless...in fact, if I don't post again and reply on this you'll know WHY.

I had McAfee and Ad-Aware. According to McAfee logs, this has been going on at least the past 4 days. No wonder my Firefox died eventually.

I disconnected from the internet and installed Zone Alarrm Firewall and Avira Antivirus. Guess what? Zone Alarm got bypassed like McAfees firewall.

***..I'm sick of this. If they have my IP like I'm thinking, this wont quit till comcast changes it, llike I said.

I have Vista Home Premium, btw.

The question I have to start with is : How do I stop these TOR server connections? Does anyone have experience on this or some info on how to stop it once and for all?

Need help soon.....:mad:

Thanx ahead of time for replies.

P.S. Speaking of the IP change thing, anyone know how to get the IP to change by doing it myself. I'm on a home network using a D-Link router EBR-2**0 (wired router, not wireless), so what are the instructions on this (I couldn't find any using Google a long time ago and it's hard to surf to Google now..damnit).

P.S. Mind you, these TOR connections are made into my computer when I don't even have any browsers open and have had the computer off for a while. I'll reword that, I tried shutting the computer off for a while, then started it and after a few moments, there it is again! And I didn't even open any browsers yet.

Worse yet, when I was disconnected from the internet I removed any infections. But as soon as my internet connection was reconnected, these TOR inbound connections came right back.

gordo
03-19-2009, 06:00 PM
Unpl***ing your router for about *0 minutes should change your ip address. But, if the trojan is a reverse connecting version, it will "call home". A reverse connecting trojan connects from you back to its client/home. Open your firewall active connections and look for connections that may seem odd. Like your browser connection to qwert@no-ip.com. End that connection and stop the process, if you can. Then do your virus scan.
Another option is to boot in safe mode with networking, update your virus scanner, and scan in safe mode. Try comodo firewall, it gets better ratings than zone alarm.
You can also try several different online virus scans.

spungywungy
03-19-2009, 06:32 PM
Update...............................

I forgot that I could take the PID # (process i.d. number) listed in the program which shows all connections going on, then look for that PID # in task manager which will then show which program this goes to. So, I finally recalled I could do this...when I did this I found out it was a program I'd had for a while running "enabled" in the background and hogging lots of system resources. In fact, that guilty program shouldn't have been disabled but it's written bad so it sits there enabled though you hit the disable button.

The bad program I speak of is called "Invisible Browsing 7.0", and to think I paid $*0 (with no chance of a refund!) for this trash program. I forgot to explain, the reason I found TOR server IP addresses in the active connection list is cause this program sometimes chooses IPs that TOR also uses...I found out this program had up to * proxies actively going constantly though I always disabled it when not using it (this is also why all my browsers were barely loading pages!). This program sux, use TOR if you need anonymous surfing...I found this out the hard way :mad: .

So, thankfully my PC wasn't infected after all. :D

Thanx for the help anyway gordo.