Jump to content

Help !! Helkern and pop up


VampireXxX
 Share

Recommended Posts

Hi guys, few days ago my puter suddenly slowed down then i scanned it with ad-aware, ms anti spyware and kav to no avail so i thought that my sygate & kav incompatible. I uninstall sygate to see if it was the problem...big mistake....after i uninstall it suddenly i received an ad pop up message every half hour saying " Message from microsoft to system on 8/1/2005 10:18:08AM. Windows

Link to post
Share on other sites

click start - run - services.msc, scroll down to the Messenger service, stop it, and disable it.

That should take care of the popup, if not, you still have a "nasty" of some kind on your computer because that isn't a Windows message.

Link to post
Share on other sites

yea, then someone is attacking your computer... the message you got can be sent via the net send command, which is why I had you disable the messenger service (it's completely unnecessary to have enabled)  Maybe wait and see if the attacks continue...

Link to post
Share on other sites

Yeah i use sygate and disable the notification so i didn't know abt the helkern's attack until i uninstall it few days ago. Now i'm confused whether i keep kis or replace it with sygate & nav....i use nav just because i still have 2 months subcription  :D sygate and kis block 10 different ip address, kis identified them as helkern! well the attacks still continue and kis still blocking the attack every 1 hour or so.  :confused1: :confused1:

edit : well i still have kis installed on my server...and now i have lovesan!  :angry5: :angry5: anyone know how to rid this attack??

Detected

--------

Status Object

Event Time

Helkern! Attacker's IP: 61.185.24.67. Protocol/service:  on local port 1434 .  Time: 31/07/2005 9:29:23. 31/07/2005 9:29:23

Helkern! Attacker's IP: 217.118.220.75. Protocol/service:  on local port 1434 . Time: 31/07/2005 10:35:25. 31/07/2005 10:35:25

Helkern! Attacker's IP: 219.111.101.52. Protocol/service:  on local port 1434 . Time: 31/07/2005 13:17:46. 31/07/2005 13:17:46

Helkern! Attacker's IP: 210.74.224.79. Protocol/service:  on local port 1434 .  Time: 31/07/2005 13:45:18. 31/07/2005 13:45:17

Helkern! Attacker's IP: 218.87.42.202. Protocol/service:  on local port 1434 .  Time: 31/07/2005 14:12:29. 31/07/2005 14:12:29

Helkern! Attacker's IP: 61.180.86.11. Protocol/service:  on local port 1434 .  Time: 31/07/2005 14:21:50. 31/07/2005 14:21:49

Helkern! Attacker's IP: 221.202.129.164. Protocol/service:  on local port 1434 .Time: 31/07/2005 15:40:05. 31/07/2005 15:40:04

Helkern! Attacker's IP: 61.185.142.14. Protocol/service:  on local port 1434 .  Time: 31/07/2005 15:49:59. 31/07/2005 15:49:59

Helkern! Attacker's IP: 60.191.129.114. Protocol/service:  on local port 1434 . Time: 31/07/2005 16:23:03. 31/07/2005 16:23:02

Helkern! Attacker's IP: 60.18.168.25. Protocol/service:  on local port 1434 .  Time: 31/07/2005 19:41:00. 31/07/2005 19:41:00

Helkern! Attacker's IP: 61.145.227.5. Protocol/service:  on local port 1434 .  Time: 31/07/2005 22:16:50. 31/07/2005 22:16:50

Helkern! Attacker's IP: 219.132.16.242. Protocol/service:  on local port 1434 . Time: 01/08/2005 1:23:48. 01/08/2005 1:23:48

Helkern! Attacker's IP: 61.143.101.100. Protocol/service:  on local port 1434 . Time: 01/08/2005 2:43:52. 01/08/2005 2:43:51

Helkern! Attacker's IP: 199.203.54.218. Protocol/service:  on local port 1434 . Time: 01/08/2005 5:14:29. 01/08/2005 5:14:28

Helkern! Attacker's IP: 202.99.159.6. Protocol/service:  on local port 1434 .  Time: 01/08/2005 6:10:46. 01/08/2005 6:10:44

Helkern! Attacker's IP: 219.153.14.94. Protocol/service:  on local port 1434 .  Time: 01/08/2005 7:10:12. 01/08/2005 7:10:11

Helkern! Attacker's IP: 66.70.74.120. Protocol/service:  on local port 1434 .  Time: 01/08/2005 9:59:19. 01/08/2005 9:59:18

Lovesan! Attacker's IP: 203.84.136.253. Protocol/service:  on local port 135 .  Time: 01/08/2005 10:48:11. 01/08/2005 10:48:09

Helkern! Attacker's IP: 61.157.208.124. Protocol/service:  on local port 1434 . Time: 01/08/2005 11:31:07. 01/08/2005 11:31:05

Lovesan! Attacker's IP: 203.84.136.253. Protocol/service:  on local port 135 .  Time: 01/08/2005 13:09:46. 01/08/2005 13:09:45

Helkern! Attacker's IP: 218.64.55.25. Protocol/service:  on local port 1434 .  Time: 01/08/2005 16:40:24. 01/08/2005 16:40:24

Settings

--------

Security Level: Recommended

i doesn't know how to insert a file from my puter to this post, so i use copy paste  :oops: :oops:

Link to post
Share on other sites

odd thing happens today....when i open my network place i have 3 more connection that doesn't belong to me and give me full access to their folder  :confused2: :confused2: told my isp abt it and they said it was the user's fault for being careless so others can access their files  :icon_scratch: :icon_scratch: my isp changed the ip address to open public so the helkern, lovesan and pop up things that were originally their problem, now are user's problem :angry5: :angry5:

Link to post
Share on other sites

  • 2 weeks later...

In the last 6 days I replaced my 160 gig hard drive back to an 80 gig hard drive...I removed Norton because Norton did NOT catch the wrom and it slowed my 160 down to a crawl....I now have defender Pro 10-in-1 my computer is MUCH faster and I counted 20 kelkern worm attacks that have been blocked by my def firewall....the pop-up is driving me mad....but I don't have the worm anymore and my Norton WORM protection was onand I never turn off my firewall for ANY reason now.  Helkern comes from a different IP address each time....2 from China and two from right here in Anoka MN.......

Marilyn

Link to post
Share on other sites

marilyn...just block the port mention by your firewall although if someone know how to get rid of this helkern for good, i'll gladly try it :)  2 days ago i did a clean install on my puter, messenger's pop up messages come out of nowhere when i plug the cable and i hadn't install any program yet :confused1: anyone know where is this pop up message come from ?? so i don't have to disable messenger service everytime i reinstall xp....thanks

Link to post
Share on other sites

On my firewall pop-up there is no port just an IP address and a different one each time....according to the geeks its evidently someone whom I opened an email from or something I clicked on and opened a website.....from email so now I open NOTHING that I don't know who it came from.  the one that are popping up now are the ones that got into my email the first time (before replacement) and are trying again....but my firewall won't let them...so now I only download from secure sites and trusted sites....nothing that anyone says go here and download this....I got a fake email from PayPal yesterday that looks very authentic but they said they didn't send it....so thats how hackers get into your system you click on the site they send you....its better to get the pop-up saying it was repulsed then replacing your hard drive again ......thanks

Marilyn

Link to post
Share on other sites

  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...