[Coco] OT: ISP SOS

Gene Heskett gene.heskett at verizon.net
Wed Jul 25 22:28:55 EDT 2007 

On Wednesday 25 July 2007, kevdig at hypersurf.com wrote:
>I can't send outgoing mail. Mozilla 1.8 gives an SMTP connection refused
>error (This was sent using one of those web mail things). My ISP suggested
>I try:
>
>telnet smtpauth.hypersurf.com 25
>
>This gives:
>
>telnet: connect to address 209.237.0.12: Network is unreachable
>
>I can ping it. I am on dialup and both systems I tried are running Linux
>2.4.31 (PowerMac 8600 and Toshiba laptop). Other than nat and masquerade
>there are no iptable rules/chains installed that I know of.
>
>More disturbing, when I added a record <file> option to pppd and did:
>
>telnet smtpauth.hypersurf.com
>
>and then disconnected I saw some strange content from pppdump <file>:
>
>rcvd
> "\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\f8\91{Z\00\ff\d0
> \11\a9\b2\00\c0O\b6\e6\fc\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00
> \00\00\00\00\00\01\00\00\00\00\00\00\00\00\00\ff\ff\ff\ff\18\01\00\00
> \00\00\0a\00\00\00\00\00\00\00\0a\00\00\00SYSTEM"
>rcvd "\00\00\00\00\00\00#\00\00\00\00\00\00\00#\00\00\00ALERT\00\00\00\00\00
>      \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00
>      \00\00\00\c2\00\00\00\00\00\00\00\c2\00\00\00     STOP! IMMEDIATE
> ATTEN TI"
>rcvd "ON REQUIRED\0a\0a   Windows has found "
>time  0.1s
>rcvd "CRITICAL SYSTEM ERRORS.\0a\0a Download Registry Clean"
>rcvd "er from: www.key32.com\0a\0aFAILURE TO ACT NOW MAY LEAD TO DATA LOSS
> AN D CORRUPTION!\0a\0a\00\00\00\00\00\00\f7\a4~"
>
>Any suggestions welcome. My ISP thinks my systems are screwed up?
>
>kevin
>
www.key32.com, IIRC is a virii site.  He's right I believe.

That is disturbing in that the signs all point to the machine being 
compromised, possibly by a botnet infection.

First is to unplug the phone line so it can't do any more damage.

Copy off anything personal to some other storage media, and re-install, then 
make sure the first thing is an update to the latest patches.

Or switch to linux.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
When the speaker and he to whom he is speaks do not understand, that is
metaphysics.
		-- Voltaire

More information about the Coco mailing list