Remote TCP Connections Established Without Any Alarms?

Discussion in 'Trojan Defence Suite' started by GRAYmatter, Sep 21, 2004.

Thread Status:
Not open for further replies.
  1. GRAYmatter

    GRAYmatter Registered Member

    Joined:
    Sep 15, 2004
    Posts:
    11
    Fellow TDS-3 users & moderators,

    I seem to be having problems with my registered version of TDS-3.

    My first problem is that when I come back to my computer from being inactive or in sleep mode, I open TDS-3 and launch a "netstat" check and lately, everytime I do so there is usually at least 1 to 3 established remote TCP connections.

    Shouldn't I be getting alerted to these ip's trying to connect? I get nothing. No alarms or TDS-3 launch. Shouldn't the connection be closed based on my settings?

    My sockets are initialized for automated scripting, on TCP connection request the box is checked to activate script sub event, plug-ins are loaded, executive protection is installed, tolken privileges are set to maximum. am I missing something else as far as my settings? o_O

    The other odd thing is that I have TDS-3 set to run at windows start-up, but I have had to launch it manually because it does not do so as configured.

    As you may have seen in my previous post, I had run a recent full system scan which found 28 positive detections. Could this be happeningas the end result to the damage? Thanks to everyone that posted a reply by the way. I learned alot on how to clean my system and keep it maintained.

    I'd appreciate any feedback or help I could get in regards to this new post.

    Thank you again all...Frankie
     
  2. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Graymatter,

    Do you have a firewall? Does it show these connections?
    I'm not 100%, but I think you should mess with the TDS-3 sockets only if you really know what you are doing.
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    https://www.wilderssecurity.com/showthread.php?t=48056
    We are all waiting for your replies in the 28 alarms thread and your cleaning up as Derek advised.
    It does seem rather urgent with what you describe now.
    Why should TDS alarm on servers and connections you have installed yourself even if those are trojans?
    I configured my socked automated and not scripted, had not heard from people who used the scripted settings, sounds interesting!
    But please in the meantime follow Derek's advices for cleansing your system as it is urgent.

    Besides having a working firewall, you can install Port Explorer showing you all about every connection, applications used and abilities to spy and block, etc.
     
    Last edited: Sep 22, 2004
  4. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
  5. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    It would be usefull if you informed us, which scripts you are using,
    i've only seen scipts here that react on INcoming network traffic,
    so if it is home-brew, you have to show the scripts here otherwise
    it would be impossible to help you.

    In the meantime you can use PE as Jooske advised you
    or resolve the IP's you found with TDS-3 and see if the answers
    can give you any clue.

    I would suggest that if you haven't got a firewall,
    (i asume you don't have one, because otherwise you knew which application(s)
    /processes cause this) ...
    to get a (free) version ASAP and not only see what is going on,
    but react on it by setting the rules you need.
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hey thanks Dolf, forgot about that interesting one, now looking forward to Graymatter's scripting settings.

    I see you just meant all the options in the automated sockets settings checked, not added a specific script for that.
    Heya, first time i get the different beeps "hearable" on this system, never heard them before on my old system. The whole of TDS is all of a sudden much more interesting on the XP system. Hmm i like it even more!
    (and now i can try Dollefie's other scripts too, the backToSender for instance)
     
    Last edited: Sep 26, 2004
  7. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    I doubt, there is anyone in the world who is spamming using the messenger service, has his own service still enabled....:(
    Dolf
     
  8. GRAYmatter

    GRAYmatter Registered Member

    Joined:
    Sep 15, 2004
    Posts:
    11
    TDS forum members & moderators,

    I stand corrected Jooske, in your understanding of my original post that my "socket control mode" is selected to be automated and my options are set to "activate script sub event" on socket activity.

    And does anyone have comments or feedback as to why TDS won't launch on start-up? I've selected and re-selected the selection in the configuration twice, but it still doesn't launch.

    Frankie
     
Thread Status:
Not open for further replies.