Solved

Firewall leakage??

Posted on 2001-07-28
13
152 Views
Last Modified: 2013-11-16
Hi,

I have a W2000 machine connected to the net via a cable modem and with Norton Personal Firewall (I've taken away all the predefined rules).

A couple of times I have seen my mouse pointer moving without touching the mouse myself and decided to install ZoneAlarm as well. Works fine, except that I still see the mouse moving sometimes...

Does anybody has an idea how serious this can is and how to avoid this in the future?
Could it be somebody "presented" me with something like Back Orifice? how can I find out? My virus scanner detects nothing.

Thanks for your help!!
0
Comment
Question by:Vriesman
  • 3
  • 2
  • 2
  • +4
13 Comments
 
LVL 12

Accepted Solution

by:
Housenet earned 200 total points
ID: 6329757
-When you say "mouse moving", do you mean more than a little shift over (by a .mm) or do you mean you're seeing someone make mouse movements like a typical user would make (clicking on icons etc) ?
-If its the first, it is most likley to be driver or hardware related. If its the second then it definalty is a remote control software, like vnc or a backdoor remote control software.

-I suggest you scan your computer from another source using a good port scanner like ws_ping_pro_pack.. Scan the entire port range for your IP. 1 to 65535 .
-Post the results of the scan.
0
 

Author Comment

by:Vriesman
ID: 6329912
I have never seen any typical user movements like with a remote control program, but the mouse sometimes moves 5-10 cm.

As you suggested I'll scan my computer and post the results asap. Thanks!
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 6330400
Unlpug your computer from the network for a while, and tell me if your mouse pointer still moves.

No reason to treat this as a networking problem until you have absolute verification that it is.

-Jon
0
 
LVL 2

Expert Comment

by:kikkertm
ID: 6330522
agreed, I would expect zonealarm to warn you if someone connects to a trojan or so.. probably just a rogue driver or a desk that needs leveling !
0
 
LVL 1

Expert Comment

by:CompuNerd19
ID: 6330650
Damn those leaking firewalls!!  Sorry, just commenting on the title. :)   Anyhow, I agree with above.  I don't even believe this is an issue with drivers.  Is your mouse a standard ball mouse or something fancy like an optical mouse or whatnot.  Something could be wrong with it (dirty etc..) and the computer is getting false vibes (bad signals from the mouse, saying it actually moved but didn't). If a user had compromised your system with BO or SubSeven etc... they would probably have done more to you now then play with the mouse functions.  Try using another mouse or unplug like suggested above.   Hope I was of help.
0
 

Expert Comment

by:bluewasp
ID: 6331087
Hello,

if you happen to see the mouse moving considerably to make to the CNN then......
what you have i think is a sub-seven trojan on your system.  you will have to run a anti-virus and throw it off.

bluewasp
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 2

Expert Comment

by:kikkertm
ID: 6331133
bluewasp,

I see you are new here, welcome to EE.
Please do not post an answer if you're not sure it solves the problem. Using an answer will lock the question preventing other experts from responding. Please use comments so the person asking the question can decide for himself if it solves the problem or not. If your comment solves the question, the person asking the question can still accept your comment as an answer.

Regards,
Mike.
0
 
LVL 1

Expert Comment

by:CompuNerd19
ID: 6331314
Not to mention the fact that we have already thown the trojan idea out the window.  It is very unlikely that somebody would compromise a system and then make a user aware of the exploit by "playing" with the mouse.  If the user still believes a trojan is on his system, I would suggest that he simply go to start and then run.  Under run type: command.   Once in msdos prompt type:  
ntstat -a -n   and see what ports are open.  If he has a port that is not in the common range (0-1024) then we know maybe something is going on.  If not, mouse trouble. I am aware that SubSeven gives you alot of options, even changing the port number, but I do not believe this is the issue. I have been smacked around a great deal of times because I forgot to read other people's posts before I commented on a post.  ;)   I hope this helps  
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 6333734
Yeah, you can always spot the newbies when they start going around locking up questions with redundant advice.  No way bluewasp should get points here - the 'solution' has already been proposed by others, not to mention the fact that there is no way (yet) to tell if it is even correct.

I still say unplug the machine from the net and watch a while...

-Jon
0
 

Expert Comment

by:bluewasp
ID: 6333817
kikkertm,The--Captain,

yup a newbie here

didnt know that answering a question would lock it up.

--bluewasp
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 6334070
No prob - glad to know we didn't scare you off ;-)

Hope to see you around...

-Jon

0
 
LVL 1

Expert Comment

by:batkung
ID: 6343454
I've had this in the past with my mouse...turned out it was a bad mouse driver in win2k (apparently it's quite common)

do you by any chance have on eof those fancy logitech wheel mice?..

I'd try changing the mouse to a standard on first..

hope this helps
0
 

Author Comment

by:Vriesman
ID: 6663868
Thanks everybody for your help. I apologize for not having replied earlier.
Without network connection I couldn't detect any movements, but since they don't occur very often this will not definitively rule out a net-related cause.
I've reinstalled my PC some weeks ago, checked the ports as suggested and didn't see anyting suspicious. The movements did occur again though. After all your comments Probably the problem lies in the mouse/driver (it's a MS-wheel-mouse on W2k by the way).

Regards,
Peter

0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now