Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 171
  • Last Modified:

Firewall leakage??

Hi,

I have a W2000 machine connected to the net via a cable modem and with Norton Personal Firewall (I've taken away all the predefined rules).

A couple of times I have seen my mouse pointer moving without touching the mouse myself and decided to install ZoneAlarm as well. Works fine, except that I still see the mouse moving sometimes...

Does anybody has an idea how serious this can is and how to avoid this in the future?
Could it be somebody "presented" me with something like Back Orifice? how can I find out? My virus scanner detects nothing.

Thanks for your help!!
0
Vriesman
Asked:
Vriesman
  • 3
  • 2
  • 2
  • +4
1 Solution
 
HousenetCommented:
-When you say "mouse moving", do you mean more than a little shift over (by a .mm) or do you mean you're seeing someone make mouse movements like a typical user would make (clicking on icons etc) ?
-If its the first, it is most likley to be driver or hardware related. If its the second then it definalty is a remote control software, like vnc or a backdoor remote control software.

-I suggest you scan your computer from another source using a good port scanner like ws_ping_pro_pack.. Scan the entire port range for your IP. 1 to 65535 .
-Post the results of the scan.
0
 
VriesmanAuthor Commented:
I have never seen any typical user movements like with a remote control program, but the mouse sometimes moves 5-10 cm.

As you suggested I'll scan my computer and post the results asap. Thanks!
0
 
The--CaptainCommented:
Unlpug your computer from the network for a while, and tell me if your mouse pointer still moves.

No reason to treat this as a networking problem until you have absolute verification that it is.

-Jon
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
kikkertmCommented:
agreed, I would expect zonealarm to warn you if someone connects to a trojan or so.. probably just a rogue driver or a desk that needs leveling !
0
 
CompuNerd19Commented:
Damn those leaking firewalls!!  Sorry, just commenting on the title. :)   Anyhow, I agree with above.  I don't even believe this is an issue with drivers.  Is your mouse a standard ball mouse or something fancy like an optical mouse or whatnot.  Something could be wrong with it (dirty etc..) and the computer is getting false vibes (bad signals from the mouse, saying it actually moved but didn't). If a user had compromised your system with BO or SubSeven etc... they would probably have done more to you now then play with the mouse functions.  Try using another mouse or unplug like suggested above.   Hope I was of help.
0
 
bluewaspCommented:
Hello,

if you happen to see the mouse moving considerably to make to the CNN then......
what you have i think is a sub-seven trojan on your system.  you will have to run a anti-virus and throw it off.

bluewasp
0
 
kikkertmCommented:
bluewasp,

I see you are new here, welcome to EE.
Please do not post an answer if you're not sure it solves the problem. Using an answer will lock the question preventing other experts from responding. Please use comments so the person asking the question can decide for himself if it solves the problem or not. If your comment solves the question, the person asking the question can still accept your comment as an answer.

Regards,
Mike.
0
 
CompuNerd19Commented:
Not to mention the fact that we have already thown the trojan idea out the window.  It is very unlikely that somebody would compromise a system and then make a user aware of the exploit by "playing" with the mouse.  If the user still believes a trojan is on his system, I would suggest that he simply go to start and then run.  Under run type: command.   Once in msdos prompt type:  
ntstat -a -n   and see what ports are open.  If he has a port that is not in the common range (0-1024) then we know maybe something is going on.  If not, mouse trouble. I am aware that SubSeven gives you alot of options, even changing the port number, but I do not believe this is the issue. I have been smacked around a great deal of times because I forgot to read other people's posts before I commented on a post.  ;)   I hope this helps  
0
 
The--CaptainCommented:
Yeah, you can always spot the newbies when they start going around locking up questions with redundant advice.  No way bluewasp should get points here - the 'solution' has already been proposed by others, not to mention the fact that there is no way (yet) to tell if it is even correct.

I still say unplug the machine from the net and watch a while...

-Jon
0
 
bluewaspCommented:
kikkertm,The--Captain,

yup a newbie here

didnt know that answering a question would lock it up.

--bluewasp
0
 
The--CaptainCommented:
No prob - glad to know we didn't scare you off ;-)

Hope to see you around...

-Jon

0
 
batkungCommented:
I've had this in the past with my mouse...turned out it was a bad mouse driver in win2k (apparently it's quite common)

do you by any chance have on eof those fancy logitech wheel mice?..

I'd try changing the mouse to a standard on first..

hope this helps
0
 
VriesmanAuthor Commented:
Thanks everybody for your help. I apologize for not having replied earlier.
Without network connection I couldn't detect any movements, but since they don't occur very often this will not definitively rule out a net-related cause.
I've reinstalled my PC some weeks ago, checked the ports as suggested and didn't see anyting suspicious. The movements did occur again though. After all your comments Probably the problem lies in the mouse/driver (it's a MS-wheel-mouse on W2k by the way).

Regards,
Peter

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 3
  • 2
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now