Hacking Problem

[Freeker]

Alright I have been infected with multiple virus and trojans, sneaky bastards that survive full formats, hiding in the Bios or waiting until I hook back up to the internet, firewall and all.

So my question is when I check my netowkr connections (all the open ports) if an address reads:

TCP 1032 claudius.sla.purdue.edu128.210.82.158:FTP server

is this some asshole, fucking around with me, the guy who is running uninstalls while I'm in the middle of installing AV...and the smae FUCKER who is making the "download done" ping noise every 3 seconds

So I went out and got this kickass program to trace the bastards called neotrace, hers what I found out

__________________________________________-

Name: claudius.sla.purdue.edu

IP Address: 128.210.82.158

Location: 40.483N, 86.978W

Network: PURDUE-CCNET

Registrant:

Purdue University

150 N. University Street

Mathematical Sciences Building Room B60

West Lafayette, IN 47907

UNITED STATES

Registrant:

Purdue University

150 N. University Street

Mathematical Sciences Building Room B60

West Lafayette, IN 47907

UNITED STATES

Contacts:

Administrative Contact:

Scott M. Ballew

Network Software Specialist

Purdue University

150 N. University Street

Math B60

West Lafayette, IN 47907

UNITED STATES

(765) 496-8232

smb@purdue.edu

Technical Contact:

Kenneth F. Rice

Purdue University

150 N. University Street

Math B60

West Lafayette, IN 47907

UNITED STATES

(765) 496-8320

rice@purdue.edu

Name Servers:

NS.PURDUE.EDU 128.210.11.5

MOE.RICE.EDU 128.42.5.4

PENDRAGON.CS.PURDUE.EDU 128.10.2.5

HARBOR.ECN.PURDUE.EDU 128.46.154.76

Domain record activated: 24-Apr-1985

OrgName: Purdue University

OrgID: PURDUE

Address: Information Technology

Address: 150 N. University Street

City: West Lafayette

StateProv: IN

PostalCode: 47907

Country: US

NetRange: 128.210.0.0 - 128.210.255.255

CIDR: 128.210.0.0/16

NetName: PURDUE-CCNET

NetHandle: NET-128-210-0-0-1

Parent: NET-128-0-0-0-0

NetType: Direct Assignment

NameServer: NS.PURDUE.EDU

NameServer: PENDRAGON.CS.PURDUE.EDU

NameServer: HARBOR.ECN.PURDUE.EDU

Comment:

RegDate:

Updated: 2003-01-13

AbuseHandle: PUISP-ARIN

AbuseName: Purdue University IT Security and Policy

AbusePhone: +1-765-496-8289

AbuseEmail: abuse@purdue.edu

TechHandle: SMB17-ARIN

TechName: Ballew, Scott M.

TechPhone: +1-765-496-8232

TechEmail: smb@purdue.edu

OrgAbuseHandle: PUISP-ARIN

OrgAbuseName: Purdue University IT Security and Policy

OrgAbusePhone: +1-765-496-8289

OrgAbuseEmail: abuse@purdue.edu

OrgNOCHandle: PNOC-ARIN

OrgNOCName: Purdue Network Operations Center

OrgNOCPhone: +1-765-496-6200

OrgNOCEmail: noc@purdue.edu

OrgTechHandle: KFR9-ARIN

OrgTechName: Rice, Kenneth F

OrgTechPhone: +1-765-496-8320

OrgTechEmail: rice@purdue.edu

ARIN WHOIS database, last updated 2004-03-24 19:15

now I figure with all this info I must be abble to do something...guess I'll start by emailing their abuse email address, any other suggestions?

[Booche]

"any other suggestions?"

Put down the bong.

[Guest Low Roller]

Wow. You got fucked.

Yeah definitely report the guy to Purdue to start. Chances are you opened an infected e-mail or you downloaded some bad porn. Hackers like hiding little bits of code in the skin flicks. I find it hard to believe that the hack can survive a full format though.

[Esau]

I've had the same problems over the last two weeks,trojans,viruses,home page hi-jackers,dialers etc.Causes alot of fuckin headaches thats for sure.

Finally I got zone alarm pro 4 and all seems to have stopped,I do get alerts like the one you've posted too.Not sure if I have had one from that one though.

I'm still not sure what to do myself,thinking a router is in order.

Does your program also have a option for reporting this occurence?

I noticed after I have reported a few things that they have seemed to stop and the follow up says that the source has recognized the report and will attend to the problem.

[Freeker]

Damn, porn is always my downfall. Not sure how I got it originally with so many problems after the fall down the stairs I didn'tr even think to suspect a virus.

Hey Greg, I'm going to try zonealarm see if that works...I've ealready gone through so many third party progs...trojan guarder, solo, AVG, Avast, PC- Cillin, Black Ice...right now I'm running Trend Micro Security, which seems good, but I think its time for a full force firewall like Zonealarm.

The program (nerotrace, doesn't have a reporting feature, but in every trace it brings up 4 pages of info on the source including (in every one so far) an abuse email address as well as phone and emails of people, so you can definetly get to the bottom of it, I'm emailing all these c@cksurkers right now.

just got another hit...

OrgName: SecureTechServices

OrgID: SECUR-4

Address: 11301 West Olympic Blvd.

Address: Suite 330

City: Los Angeles

StateProv: CA

PostalCode: 90064

Country: US

NetRange: 216.250.112.0 - 216.250.127.255

CIDR: 216.250.112.0/20

NetName: SECURETECHSERVICES

NetHandle: NET-216-250-112-0-1

Parent: NET-216-0-0-0-0

NetType: Direct Assignment

NameServer: NS1.SECURETECHSERVICES.COM

NameServer: NS2.SECURETECHSERVICES.COM

Comment:

RegDate: 2003-03-17

Updated: 2003-04-16

OrgAbuseHandle: ABUSE207-ARIN

OrgAbuseName: Abuse Center

OrgAbusePhone: +1-310-346-7994

OrgAbuseEmail: abuse@securetechservices.com

OrgTechHandle: TECHN44-ARIN

OrgTechName: Technical Center

OrgTechPhone: +1-310-346-7994

OrgTechEmail: tech@securetechservices.com

ARIN WHOIS database, last updated 2004-03-24 19:15

Enter ? for additional hints on searching ARIN's WHOIS database