my computer turned into a zombie tonight.I have a zonealarm pro firewall up and a cable modem hook up. On a windows 98 machine.I had to reset almost every internet setting,and every setting for my firewall.My shutdown screen says YOU HAVE BEEN HACKED!

My norton anti-virus said no backdoors,trojans, or viruses
My registry monitor said there had been no modifiacatons to the registry.
My application monitor said nothing had been changed or modified..

My question is how did someone hack through my firewall without using backdoor programs,and viruses or trojans to gain access..they simply were able to bypass the firewall and get total control.

I have a few ?'s Where is this computer located. Home of office? Does anyone else have access to it?

It's a home computer, and no one but me has access to the computer.I know because I live by myself.....The firewall settings were set on high.

how did they get through you ask ?


Zone alarm had a vulnerability posted for it a while ago. It allowed for access to the computer. I suggest you look into it or change your firewall.

Oh yeah, that was on www.securityfocus.com at one time. . . I forgot about that.

Ok just a thought, is there a possible way to redirect the firewall to think that there is an attack at another port, kind of tricking the firwall long enough for an attacker to acces the port that he wants. Kind of like setting up a diverson long enough to get in.

sure there is a way, but it would be rather complicated and not worth the effort unless you were a major score for someone.

did you find any information on your firewall ?

All the zone alarm logs were deleted who ever did it new how to cover there tracks.I might be able to go through Norton and check the Nprotected bin that I have...but unlikely chance.

I wonder how they did it .I'm looking through zone alarm exploits right now. I wish I knew who did it so I could ask him or her how.But I should probably change the firewall are there anygood ones that are really secure.

I noticed some personal files that are missing, but most of my stuff that is really important is burned on cd's or is encrypted so I'm not in bad shape.

I would say either they used an exploit in the firewall itself... or maybe Netbios. From what I hear, all of the things that happened are more 'file stuff' than 'run program stuff'... unless you have registry changes.

Are you sure ZA blocks 137-139 (NetBios)from outside attack? If you have it unsecured, they could do most anything. Do you have File and Printer sharing on? (Settings->Control Panel->Network->File and Printer Sharing)

To get rid of the 'You've been hacked' screen, rename logos.sys and/or logow.sys in c:\windows to logo*.sys.bak. Those two files are basically .bmp files used by windows for the load/shutdown screens, except they end in .sys to make people worry about messing with them.

EDIT/ADDED LATER:

I use Tiny Personal Firewall (Tinysoftware.com). It's pretty good, albeit with a few bugs in the interface, like getting all your rules deleted when you remove a trusted host :p

hello

someone had access in your computer without trojans
and things like this .check your computer about nimda in it
maybe you have a guest share in your computer .

http://www.antivirusexpert.com

[QUOTE][i]


I dont mean to be rude, and Im sure alot of people will disagree, but In my opinion Zone Alarm is a piece of shit. It fails most of symantech's online security tests, even when "high settings" are selected. Give Tiny Softwares "Tiny Personal Firewall" a try. It works for me..:drink:

I happen to agree that, I do indeed think Zone Alarm is crap, and has been for a while. I have used and continue to use Tiny Personal Firewall, as I love the rules management. It is the closest to a good HW firewall as you will come.

Originally posted by RogueSpy
Oh yeah, that was on www.securityfocus.com at one time. . . I forgot about that.

Port 67 is unsafe, but a patch is available at zonelabs. Also there is a "mail safe bypass" exploit. No patches currently available.

Ok well thanks for all the help, much appreciated I will probably take you up on that deal with the tiny personal firewall.

If you have it on all the time it gives people more of a chance to break into it. how many logs a day do you get on attacks. Zonealarm doesn't block every port. there are udp ports that it won't block. If you want to see how secure your computer is goto Hackerwhacker.com (http://www.hackerwhacker.com) and do a scan of your ip address.

thx for hackerwhacker, casper...im gonna see just how good this XP firewall is... :D

Cool, will you post and let us know - i'm very interested to hear more about it.

The main problem with HackerWhacker is that you only get one scan per non-webmail address, unless you pay money. Being the cheapskate that I am, I'd rather just scan my computer from somewhere else.