leathersmt
Spydex, Inc. Forum Newbie
Posts: 1
|
 |
Wierd Files loaded after loading your files
« on: Apr 2nd, 2005, 3:23pm » |
 Quote  Modify
|
A few days after loading the trial version of your program, I got this stuff happening:
First, it loaded this
File Version :3.4.2.0
File Description :Advanced Anti Keylogger Lite shell (aak.exe)
File Path :C:\Program Files\Advanced Anti Keylogger Lite\aak.exe
Process ID :0x448 (Heximal) 1096 (Decimal)
Connection origin :remote initiated
Protocol :TCP
Local Address : 192.168.1.100
Local Port :1036
Remote Name :
Remote Address :66.197.143.198
Remote Port : 80
Ethernet packet details:
Ethernet II (Packet Length: 60)
Destination: 00-0c-6e-3a-6d-aa
Source: 00-0c-41-4e-b5-ee
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 56
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0x636c (Correct)
Source: 66.197.143.198
Destination: 192.168.1.100
Transmission Control Protocol (TCP)
Source port: 80
Destination port: 1036
Sequence number: 2457150353
Acknowledgment number: 32635530
Header length: 20
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...1 = Fin: Set
Checksum: 0xe8e1 (Correct)
Data (0 Bytes)
Binary dump of the packet:
0000: 00 0C 6E 3A 6D AA 00 0C : 41 4E B5 EE 08 00 45 00 | ..n:m...AN....E.
0010: 00 28 41 D5 40 00 38 06 : 6C 63 42 C5 8F C6 C0 A8 | .(A.@.8.lcB.....
0020: 01 64 00 50 04 0C 92 75 : 23 91 01 F1 FA 8A 50 11 | .d.P...u#.....P.
0030: 82 74 E1 E8 00 00 00 00 : 5D 71 0A 09 | .t......]q..
Then it loaded these dll's n my System 32 files, is this your program doing this?
The new DLLs have been loaded:
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\system32\comres.dll
C:\WINDOWS\system32\apphelp.dll
To disable DLL Authentication go to the security tab under the Tools, Options menu.
File Version :3.4.2.0
File Description :Advanced Anti Keylogger Lite shell
File Path :C:\Program Files\Advanced Anti Keylogger Lite\aak.exe
Process ID :0x448 (Heximal) 1096 (Decimal)
Connection origin :remote initiated
Protocol :TCP
Local Address : 192.168.1.100
Local Port :1036
Remote Name :
Remote Address :66.197.143.198
Remote Port : 80
Ethernet packet details:
Ethernet II (Packet Length: 60)
Destination: 00-0c-6e-3a-6d-aa
Source: 00-0c-41-4e-b5-ee
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 56
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0x4f27 (Correct)
Source: 66.197.143.198
Destination: 192.168.1.100
Transmission Control Protocol (TCP)
Source port: 80
Destination port: 1036
Sequence number: 2457150353
Acknowledgment number: 32635530
Header length: 20
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...1 = Fin: Set
Checksum: 0xe8e1 (Correct)
Data (0 Bytes)
Binary dump of the packet:
0000: 00 0C 6E 3A 6D AA 00 0C : 41 4E B5 EE 08 00 45 00 | ..n:m...AN....E.
0010: 00 28 86 E9 40 00 38 06 : 27 4F 42 C5 8F C6 C0 A8 | .(..@.8.'OB.....
0020: 01 64 00 50 04 0C 92 75 : 23 91 01 F1 FA 8A 50 11 | .d.P...u#.....P.
0030: 82 74 E1 E8 00 00 00 00 : 4D A3 39 09 | .t......M.9.
Please advise so I know if I have a hacker or not.
Greg
|
Spydex, Inc. Forum
Home
Search
Members
Login
Register
Reply
Notify of replies
Print
Author
IP Logged
