No pop-ups, but lots of attacks

Hey there,
Back at the beginning of October 2004 I was having lots of problems and I came on here, got some great help from you guys, and I have had nary a pop-up since then. Thanks for that! However, at the time I also installed ZoneAlarm, and even though I haven't faced anything malicious since then, I continue to be attacked, almost constantly. Of course, ZoneAlarm blocks it all, so nothing gets through, but it still is kind of worrisome to me that I get attacked so often (i.e. 50 times in the last 12 minutes, all but one of them high-rated). But I use the programs you guys suggest on here often, and there's never any sort of slow-down in these attacks (I use SPywareBlaster, Search and Destroy, a2, etc. etc. all of the ones mentioned in the FAQ). So I was looking around in my C:\WINDOWS folder just now, and saw a bunch of files sitting in there that were just random strings of letters (i.e. Xwzxxrxg.eyj, Qwzxrlsqm.mfy, etc). There's a bunch of them! And they all basically have in common that they were last modified when I was having all of those original problems. So my question is, would these be what are causing these current attacks? I should delete them, right? And is there a particular way I should get rid of them? Any other ideas for why I'm still being attacked? I'll be happy to post a HJT log or anything else you'd like to see in case you think it's necessary, just let me know. Thanks for your time!

--MrTim

 

I had the same problem a while back. I got attacked, deleted stuff, then installed zone alarm and was continually attacked.
I think the way it worked was some of the original programs that were on my computer sent out information to someone with my specific info on it, so they could easily find me.
Example; a keylogger is installed on your computer. It just sits there and collects information silently. Then someone sends a request to your computer requesting the information it's gathered. Zonealarm would block it.

If your on a cable modem, try unplugging it and plugging it back in (router too). This should, (unless your ISP has it set up differantly) change your IP addy making it a bit tougher, if not impossible, for the same person to send you information

Another good thing to try would be to find out who and where the 'attacks' are comming from.
If you go into zone alarm you should be able to grab the IP addy of whomever is bugging you. All thats left now is to trace the person.
I think theres a way to do it from cmd. Try typing in
"tracert ip.ip.ip.ip"
If that doesn't work theres always the program called neotrace, which will also give you a nice map of where there comming from.

Anyways, once you have the IP, you can find out their email using google or whatever search engine your familer with. Tell them what's goin on and see if they can do anything..

If the Ip address all differant, maybe your computer has been marked as a server for others?

If none of these work you can always just disable the notifcation of medium and high level alerts. Zone alarm will still stop them, but it won't bug ya every time it does.

-oshout

 

Ah yes, well I have been getting these attacks from many different people, and I've looked at the map and done a little tracing, etc., but it's rare that the same address sends to me more than 2 or 3 times. And I have disabled the notifications, I'd be going nuts if I had to click every time I got one of those, haha. I've got DSL as well, so I don't know if it'll change the address when I unplug it or not (since you suggested it for cable) but I'll try that tomorrow morning, as my roommate's a little busy using the internet at the moment on his computer. I'll post on here what happens. Any ideas of what I should do with those random character files, by the way?

 

Okay, so I went ahead and just unplugged my router and DSL cable and all that, and put it back together and booted up again, and I've still got the same IP address, and I'm still getting a few attacks a minute. Anybody got any ideas?

 

Hehe,

None of my ideas worked =-(

When your getting these attacks, is your roomate using the internet?

You could always try calling your ISP and try requesting a dynamic IP - although, I'm not sure if that's possible with dls (I don't see why it wouldn't be)
If they can't do dynamic - maybe you can just request it be changed.

 

Nope, I get these attacks regardless of whether he's using the internet at the time or not, it all seems to have to do with mine. He doesn't use a firewall (other than the built-in Windows one) so I can't look at a log or anything to see if he gets these sort of things too.

And thanks for your suggestions about calling my ISP. I'll probably do that in a few days if I can't work anything else out. Not that I don't trust your advice here, I just really never have a good time calling companies. You know, being on hold for half an hour, then getting disconnected, that sort of thing.