Peeper 120

Discussion in 'malware problems & news' started by phduffey, Jul 15, 2005.

Thread Status:
Not open for further replies.
  1. phduffey

    phduffey Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    34
    I believe I have a backdoor named Peeper 120. I can't figure out how to get rid of it. It uses Port 5180. Also, what is Ati hotkey poller? looks to me like it might be a keystroke logger. Any help appreciated. Paul
     
  2. dog

    dog Guest

    Hi phduffey, ;)

    The ATI Hotkey Poller ... is useless and harmless ... it's connect to your Video Card and allows you to set hotkeys for different video setups/settings - if you don't use this, you can safely disable it. ;)

    Start -> Run -> services.msc highlight the entry - stop the service and set it to disable.

    As far as the trojan goes, see this thread a Castle Cops and see if it gives you any assistance. If you don't have an Anti-trojan on board I suggest you tried A2 and Ewido, both have free versions, or download a trial of TDS or Trojan Hunter.

    HTH,

    Steve
     
  3. dog

    dog Guest

    One more article to look at regarding deciphering if you actually have the Peeper Trojan ... you can read it at this LINK ... but I've taken the liberty to paste the appropriate text here
    Steve
     
  4. phduffey

    phduffey Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    34
    Steve, Thanks. I disabled Ati hotkey poller, and closed the browsers and reran Trojan Hunter, and it was clean.

    The thing that makes me think I have a backdoor or trojan is that ever since signing up with Adelphia cable, I have had frequent popups of Norton Internet security warning me a remote computer is trying to access my computer. I always block them, but they are interrupting my computer use frequently. Perhaps I should call the paid help line for Symantec and ask their help, but I have read many derogatory reports of their tech support. Any other ideas? Paul
     
  5. dog

    dog Guest

    Even better - CrazyM, one of our firewall moderators/experts has a very nice site regarding setting up the Norton Firewall, it was done using an older version but it is still applicable today as Norton's Firewall hasn't changed too much since then.

    Don't be too concern with the popups, Norton is just informing you that it blocked an attempt. Many of the attempts you are seeing are just errant traffic and aren't necessarily a threat (and Norton is blocking them so they aren't really a concern regardless if it is an actual threat or not). CrazyM's site will help you minimize those warnings through proper configuration. If you have any questions after you read through the site, please start a new thread in the other Firewall forum and ask away, there are many knowledge people here to help guide you along, and CrazyM will likely pop by to assist too. ;)

    This is the site -> http://www.gpick.com/agnisrules/index.html

    HTH,

    Steve
     
  6. phduffey

    phduffey Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    34
    I have set my Personal firewall to block the address range of these incoming messages, and it is better. The basic problem began when I moved to
    colorado springs and signed up with Adelphia cable internet access. I couldn't access the Internet, and Adelphia tech support blamed it on Norton, saying I should call Norton for tech support. Instead, I called a local techie and he changed TCP/IP general rule in the personal firewall from block to permit and
    then I could access the Internet, but all the popups began appearing. The 2005 NIS personal firewall settings look very different than on Crazy M's website. Still having a problem, just less often. Thanks for your help! Paul
     
Thread Status:
Not open for further replies.