Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Have I Been Hacked?

  1. #1
    Junior Member
    Join Date
    Jan 2003
    Posts
    6

    Angry Have I Been Hacked?

    I've been experiencing problems since I received an email from somebody (in alias form) stating that I should be wary of a virus called jdbgmgr.exe and that I should carry out a procedure to ensure I wasn't infected. An hour later I received another stating that I should ignore the first email (the irony of it), as it was a joke.

    The good news is that I have Norton Internet Security (I think) - the bad news is that it was not up-to-date (please don't shout at me), as I couldn't afford the subscription to download new virus thingies. Well, I've now found the money, but, it maybe too late. I've checked the Firewall log and noticed that it has blocked many communications coming into the unused port, inbound IP fragments, Backdoor/SubSeven Trojan, and other stuff - and that's just today. So, it is working - but there was a lapse of several months - at least for the viruses.

    Since that email I have been experiencing major problems with my PC. For example, I can't download Window Updates (it takes hours just to download stuff and then just hangs there), it won't let me restore my PC back to a previous time, my Disk Doctor won't work (it tells me there are problems but won't fix them), and it won't even let me run Virus Scan - it tells me that "…a required .DLL file S32STAT.DLL was not found". When I ran Scan Disk it kept telling me that another program was already running and causing a conflict. This was despite me shutting everything down - even my Norton Utilities. Everything is running much slower than it normally is (I have an Advent 3200 PC, Pentium 4, 1800, 256.OMB RAM, and I'm using Windows ME).

    Norton won't help (despite my subscription fee) because I have an out-of-date disk (Norton Internet Security Family Edition 2000). No wonder bloody Barclays were giving them away!

    So, why am I so paranoid? Well, this guy is a known troublemaker (which is an understatement). I know he has hacked into my university server and is able to get into everybody's mailboxes. He has many aliases and uses them to fool people into believing he is somebody else - sometimes female. I told him I was aware of what he was doing and I warned my friends not to post anything private via the university mailboxes. He found out - I wonder how???? I received a warning shot across my bows (via another of his alias). Thing is, he used to be a friend and he knows my emails addresses, my home address, my telephone number. How difficult would it be to hack into my PC? And if he is there, how do I get him out? Incidentally, he is studying for a degree in IT, so I suspect he is honing his skills. BTW, I ran the Shields-Up program and was told that I had stealth capabilities but I may have inadvertently let him in some other way.


    So, should I get rid of Norton and try, say, www.zonelabs.com instead? Or, will I have the same problem with that system - being told that there is a .dll file missing?

    Any help anybody can give me would be gratefully received. Erm, sorry for the length of this post.

  2. #2
    Forgotten Ghost RogueSpy's Avatar
    Join Date
    Aug 2001
    Location
    Cyberspace
    Posts
    783
    Can you publish his e-mail & IP?
    "Never give in-never, never, never, in nothing great or small, large or petty, never give in to convictions of honor and good sense. Never yield to force; never yield to the apparently overwhelming might of the enemy!" - Winston Churchill

  3. #3
    Member
    Join Date
    Dec 2002
    Posts
    63

    Lightbulb

    i believe that is a hoax and to follow its directions on deletion, would compromise your system. i will try to find some sites. you may need to back up what you can and format your hdd, then reinstall your OS. since you had a trojan on there there is no telling what is compromised. one thing is for sure, you need to change all your passwords!

    edit:
    here is a discription of the hoax from symantec (norton). http://www.symantec.com/avcenter/ven...file.hoax.html

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    believe that is a hoax and to follow its directions on deletion, would compromise your system. i will try to find some sites. you may need to back up what you can and format your hdd, then reinstall your OS. since you had a trojan on there there is no telling what is compromised. one thing is for sure, you need to change all your passwords!

    edit:
    here is a discription of the hoax from symantec (norton). http://www.symantec.com/avcenter/ve....file.hoax.html
    You wouldn't believe how many people have called me about that! I have a backup copy of the file for those who actually deleted it, but I haven't noticed a difference on the machines that have had that deleted. Thats why they make group policies.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Senior Member
    Join Date
    May 2002
    Posts
    450
    Check and make sure your not a victim of the Bugbear virus .... I know that it will shutdown firewalls and virus scanners, including Nortons (a non-computer savvy relative fell victim recently) and it opens a port and listens for commands from the hacker. ... Symantec has a good write up at: http://securityresponse.symantec.com...ugbear@mm.html

    Just a suggestion and something else to look for if your virus definitions have been out-of-date for some time.

    Something else that might be of interest to you is here:

    http://www.symantec.com/avcenter/ven...file.hoax.html

    "This is a hoax that, like the SULFNBK.EXE Warning hoax, tries to persuade you to delete a legitimate Windows file from your computer. The file that the hoax refers to, Jdbgmgr.exe, is the Microsoft Debugger Registrar for Java. It may be installed when you install Windows.

    NOTE: Recent version of this hoax take advantage of the recent outbreak of the W32.bugbear@mm worm, and the fact that the Jdbgmgr.exe file that is mentioned in the hoax has a bear icon. The actual W32.bugbear@mm worm file is an .exe file and does not have a bear icon."



  6. #6
    Junior Member
    Join Date
    Jan 2003
    Posts
    6

    Smile Have I Been Hacked (2)



    QUOTE: Can you publish his e-mail & IP?

    LOL - I doubt it would do me any good, RogueSpy. He would probably sue me! He has covered his tracks so well at my university that despite many people knowing it is him, they can't do anything about it.


    QUOTE: i believe that is a hoax and to follow its directions on deletion, would compromise your system.

    Sorry, I should have been more specific. I didn't actually follow the instructions in the email, as I sensed it was a hoax - especially coming from this person. However, I've had loads of email from this person in one form or another (graphics even). I was wondering if he might have put something in one of them that would attach itself into my PC as soon as I opened it?

    QUOTE: i will try to find some sites. you may need to back up what you can and format your hdd, then reinstall your OS. since you had a trojan on there there is no telling what is compromised. one thing is for sure, you need to change all your passwords!

    Thanks pak. Unfortunately, I can't format my hdd - it won't let me. Windows ME came with the PC and the recovery CD's no longer work - keeps telling me I need to load them from DOS - but then nothing happens. I will take your point about changing my passwords. Only thing is, I tried to change my password on Netscape but it keeps telling me that my poscode (zipcode) is not recognised. Keep going round in circles. This is driving me insane.

    QUOTE: Check and make sure your not a victim of the Bugbear virus .... I know that it will shutdown firewalls and virus scanners, including Nortons (a non-computer savvy relative fell victim recently) and it opens a port and listens for commands from the hacker. ... Symantec has a good write up at: http://securityresponse.symantec.co...bugbear@mm.html [/B]

    OMG, that sounds about right! Whatever it is, it seems to have shutdown everything I could use to get my system back up. Thanks, Phat_Penguin. Now, if only I could get my Norton virus scan to work!

    Incidentally, I've noticed that my modem keeps starting up on it's own. I'm not on broadband. Would a hacker need my PC to be online to access it?

    I did read the FAQ's before posting but nothing really could answer any of my questions. I've found lots of places to go for firewalls and the like - is it OK to have more than one firewall on your PC, will they confilct with Norton's (the one I already have), for example?

    In the meantime, I'm going to have a look at the following and see if there is anything useful there (found on AntiOnline).

    http://www.geektools.com/cgi-bin/proxy.cgi
    www.neoworx.com.
    www.cracks.am
    http://www.moosoft.com/
    http://www.lavasoftusa.com/
    abuse@service-provider.tld
    www.agnitum.com
    www.zonelabs.comCan you publish his e-mail & IP?

  7. #7
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    hi sputnik.. welcome to AO..

    first off, I should mention that going to cracks.am isn't going to help you.
    I dont know if someone suggested that site to you or what.. but it's a site
    that provides illegal cracks to software.. and at AO we kinda frown upon warez
    and other illegal activities.. I don't feel you deserve negative AP's for this..
    you probably got misled in thinking that this place would be helpful..
    in fact, sites like those are ones you should avoid.. especially if you haven't
    applied security patches to your browser. (like active scripting)

    to answer your question tho.. no.. you don't run two firewalls concurrently.
    a better protection is to use a software AND a hardware firewall (like a hub/router)

    but your problem at this point really is.. getting an antivirus program to work to get
    rid of what viri you have on there now.. and it might require you to have to reinstall
    your AV software.. or if things are real bad.. reinstall your whole OS.

    you might try a dos based AV program (norton does this) f-prot has a free dos version (search google for it)
    that's fairly small .. you can download it.. with the latest ref files and uncompress and
    put it on 2 diskettes and copy to your HDD.. ( booted up into dos mode) and run and
    scan from there.

  8. #8
    Senior Member
    Join Date
    May 2002
    Posts
    450

    Re: Have I Been Hacked (2)

    Incidentally, I've noticed that my modem keeps starting up on it's own. I'm not on broadband. Would a hacker need my PC to be online to access it?
    I guess not if a program/script has been uploaded to your machine automate the process. My linux machine dials back in on a disconnect automatically (as per my settings) - I have never had the need to explore this option under a Windows OS, I would imagine there would be something out there to do the same.

    Symantec's site gives a detailed description on how to discover if you are infected and a solution.

    Good luck and I hope you sort your problem soon,

    PP

    PS - have a look at AVG Virus scanner at www.grisoft.com ... its free and the current definitions will get Bugbear and others .... you can always delete it and restore Nortons once you have cleaned your machine.

  9. #9
    Junior Member
    Join Date
    Jan 2003
    Posts
    1

    Smile

    start up your computer in adminstor run norton that should work i'm a computer tech and i have to fix virus problems alot. if that does not work format if you have to make sure you scan
    any save files you back up. when you have a computer that won't let you format try useing a bootdisk. hope this helps you

  10. #10
    Junior Member
    Join Date
    Jan 2003
    Posts
    6

    Unhappy

    Originally posted here by sumdumguy
    hi sputnik.. welcome to AO..
    Thanks, sumdumguy.

    first off, I should mention that going to cracks.am isn't going to help you. I dont know if someone suggested that site to you or what.. but it's a site that provides illegal cracks to software.. and at AO we kinda frown upon warez and other illegal activities.. I don't feel you deserve negative AP's for this..
    you probably got misled in thinking that this place would be helpful.. in fact, sites like those are ones you should avoid.. especially if you haven't
    applied security patches to your browser. (like active scripting)

    Ah! right, I didn't know that. Somebody suggested it as a place to crack the code on a program they thought might help. I shan't go there then. As you can guess, I'm no expert and only just getting used to some of the jargon.

    to answer your question tho.. no.. you don't run two firewalls concurrently. a better protection is to use a software AND a hardware firewall (like a hub/router)
    Sorry about this but, how do I get a hardware firewall? Or rather, can you suggest a good one? I take it that Norton's is a software firewall.

    but your problem at this point really is.. getting an antivirus program to work to get rid of what viri you have on there now.. and it might require you to have to reinstall your AV software.. or if things are real bad.. reinstall your whole OS.
    Yep. Unfortunately, that is not an option. I've tried System Restore but my PC won't let me do that. I've tried reinstalling Windows ME, but it won't let me do that either. Whatever is in my PC is good - it's like check-mate!

    you might try a dos based AV program (norton does this) f-prot has a free dos version (search google for it) that's fairly small .. you can download it.. with the latest ref files and uncompress and put it on 2 diskettes and copy to your HDD.. ( booted up into dos mode) and run and scan from there.

    Thanks - I'll give that a go. As I've said, I'm new to all this. Once I've been shown how to do something I'm OK, but I do need some hand-holding when it comes to this type of thing <slightly embarrassed>. Thanks for all your help.




Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •