Solved

Firewall leakage??

Posted on 2001-07-28
13
160 Views
Last Modified: 2013-11-16
Hi,

I have a W2000 machine connected to the net via a cable modem and with Norton Personal Firewall (I've taken away all the predefined rules).

A couple of times I have seen my mouse pointer moving without touching the mouse myself and decided to install ZoneAlarm as well. Works fine, except that I still see the mouse moving sometimes...

Does anybody has an idea how serious this can is and how to avoid this in the future?
Could it be somebody "presented" me with something like Back Orifice? how can I find out? My virus scanner detects nothing.

Thanks for your help!!
0
Comment
Question by:Vriesman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +4
13 Comments
 
LVL 12

Accepted Solution

by:
Housenet earned 200 total points
ID: 6329757
-When you say "mouse moving", do you mean more than a little shift over (by a .mm) or do you mean you're seeing someone make mouse movements like a typical user would make (clicking on icons etc) ?
-If its the first, it is most likley to be driver or hardware related. If its the second then it definalty is a remote control software, like vnc or a backdoor remote control software.

-I suggest you scan your computer from another source using a good port scanner like ws_ping_pro_pack.. Scan the entire port range for your IP. 1 to 65535 .
-Post the results of the scan.
0
 

Author Comment

by:Vriesman
ID: 6329912
I have never seen any typical user movements like with a remote control program, but the mouse sometimes moves 5-10 cm.

As you suggested I'll scan my computer and post the results asap. Thanks!
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 6330400
Unlpug your computer from the network for a while, and tell me if your mouse pointer still moves.

No reason to treat this as a networking problem until you have absolute verification that it is.

-Jon
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 2

Expert Comment

by:kikkertm
ID: 6330522
agreed, I would expect zonealarm to warn you if someone connects to a trojan or so.. probably just a rogue driver or a desk that needs leveling !
0
 
LVL 1

Expert Comment

by:CompuNerd19
ID: 6330650
Damn those leaking firewalls!!  Sorry, just commenting on the title. :)   Anyhow, I agree with above.  I don't even believe this is an issue with drivers.  Is your mouse a standard ball mouse or something fancy like an optical mouse or whatnot.  Something could be wrong with it (dirty etc..) and the computer is getting false vibes (bad signals from the mouse, saying it actually moved but didn't). If a user had compromised your system with BO or SubSeven etc... they would probably have done more to you now then play with the mouse functions.  Try using another mouse or unplug like suggested above.   Hope I was of help.
0
 

Expert Comment

by:bluewasp
ID: 6331087
Hello,

if you happen to see the mouse moving considerably to make to the CNN then......
what you have i think is a sub-seven trojan on your system.  you will have to run a anti-virus and throw it off.

bluewasp
0
 
LVL 2

Expert Comment

by:kikkertm
ID: 6331133
bluewasp,

I see you are new here, welcome to EE.
Please do not post an answer if you're not sure it solves the problem. Using an answer will lock the question preventing other experts from responding. Please use comments so the person asking the question can decide for himself if it solves the problem or not. If your comment solves the question, the person asking the question can still accept your comment as an answer.

Regards,
Mike.
0
 
LVL 1

Expert Comment

by:CompuNerd19
ID: 6331314
Not to mention the fact that we have already thown the trojan idea out the window.  It is very unlikely that somebody would compromise a system and then make a user aware of the exploit by "playing" with the mouse.  If the user still believes a trojan is on his system, I would suggest that he simply go to start and then run.  Under run type: command.   Once in msdos prompt type:  
ntstat -a -n   and see what ports are open.  If he has a port that is not in the common range (0-1024) then we know maybe something is going on.  If not, mouse trouble. I am aware that SubSeven gives you alot of options, even changing the port number, but I do not believe this is the issue. I have been smacked around a great deal of times because I forgot to read other people's posts before I commented on a post.  ;)   I hope this helps  
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 6333734
Yeah, you can always spot the newbies when they start going around locking up questions with redundant advice.  No way bluewasp should get points here - the 'solution' has already been proposed by others, not to mention the fact that there is no way (yet) to tell if it is even correct.

I still say unplug the machine from the net and watch a while...

-Jon
0
 

Expert Comment

by:bluewasp
ID: 6333817
kikkertm,The--Captain,

yup a newbie here

didnt know that answering a question would lock it up.

--bluewasp
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 6334070
No prob - glad to know we didn't scare you off ;-)

Hope to see you around...

-Jon

0
 
LVL 1

Expert Comment

by:batkung
ID: 6343454
I've had this in the past with my mouse...turned out it was a bad mouse driver in win2k (apparently it's quite common)

do you by any chance have on eof those fancy logitech wheel mice?..

I'd try changing the mouse to a standard on first..

hope this helps
0
 

Author Comment

by:Vriesman
ID: 6663868
Thanks everybody for your help. I apologize for not having replied earlier.
Without network connection I couldn't detect any movements, but since they don't occur very often this will not definitively rule out a net-related cause.
I've reinstalled my PC some weeks ago, checked the ports as suggested and didn't see anyting suspicious. The movements did occur again though. After all your comments Probably the problem lies in the mouse/driver (it's a MS-wheel-mouse on W2k by the way).

Regards,
Peter

0

Featured Post

Windows running painfully slow? Try these tips..

Stay away from Speed Up Computer Programs that do more harm than good.
Try these tips instead.
Step by step instructions in trouble shooting Windows Performance issues.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question