Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: have I been hacked?

  1. #1
    Junior Member
    Join Date
    Apr 2003
    Posts
    6

    have I been hacked?

    I think something is badly wrong with my computer's state of affairs... I found a .log file on my desktop with a Java stream that goes like this:

    An unexpected exception has been detected in native code outside the VM.
    Unexpected Signal : EXCEPTION_ACCESS_VIOLATION occurred at PC=0x6d3c7975
    Function name=ZIP_Open
    Library=C:\PROGRA~1\JavaSoft\JRE\133DB1~1.1_0\bin\zip.dll

    Current Java thread:
    at java.util.zip.ZipFile.getEntry(Native Method)
    at java.util.zip.ZipFile.getEntry(Unknown Source)
    at java.util.jar.JarFile.getEntry(Unknown Source)
    at sun.net.www.protocol.jar.URLJarFile.getEntry(Unknown Source)
    at java.util.jar.JarFile.getJarEntry(Unknown Source)
    at sun.misc.URLClassPath$JarLoader.getResource(Unknown Source)
    at sun.misc.URLClassPath.getResource(Unknown Source)
    at java.net.URLClassLoader$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(Unknown Source)
    at sun.applet.AppletClassLoader.findClass(Unknown Source)
    at sun.plugin.security.PluginClassLoader.findClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.applet.AppletClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClassInternal(Unknown Source)
    at java.lang.Class.newInstance0(Native Method)
    at java.lang.Class.newInstance(Unknown Source)
    at sun.applet.AppletPanel.createApplet(Unknown Source)
    at sun.plugin.AppletViewer.createApplet(Unknown Source)
    at sun.applet.AppletPanel.runLoader(Unknown Source)
    at sun.applet.AppletPanel.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

    Does any1 speak Java? I dont like this Unknown source business, and that last command looks alot like a data dump(from webcrawler searches of the command)... BTW I just filed taxes yesterday and my hrblock password is changed, and the filing status was changed three times (notified via e-mail). Any help would be really appreciated, even an unsure explanation would be nice. I'm really freaked out by this.

    I looked in event viewer, and the system time was being changed alot, followed several times with failed policy changes and startups of IPSec. Any significance on either count? Misinterpreted?

    Also, I ran ad-aware and it showed that Alexa and Cydoor were on my system(whatever those are) and that a mmc.exe and a few other proggies I think are host/client software for winXP had been accessed tomorrow(the 10th) at 1-2AM.

    (running winXP, no anti-virus software)

    Help meeee, help meeee.....

  2. #2
    I doubt you have been hacked.

    Unexpected Signal : EXCEPTION_ACCESS_VIOLATION occurred at PC=0x6d3c7975
    looks like it's a program bug. Also, get AV. It might do you good.

    heh

  3. #3
    Are you running any type of java? I agree with the previous post, you probably have not been hacked. Most likely what happened is you executed some java that went wonky and for some reason or another it just dumped to the desktop.

  4. #4
    Junior Member
    Join Date
    Apr 2003
    Posts
    6
    well, that's cool, but I still have a few worries. (remember this is for winXP)
    1-Are anonymous logons in event viewer anything to be concerned about?
    2-What does it mean when there is a failed policy change( or a lot of them) where IPSec cant detect all active network interfaces? The description window mentions a security hazard.

  5. #5
    Banned
    Join Date
    Jul 2002
    Posts
    877
    You seemed a bit confused as to knowing what Alexa and Cydoor was... Well atleast your anti-adware isn't just siting around doing nothing. Though Cydoor sounds like a trojan it is actually one of the millions of ways companies try to learn how non-rich peaple think while at the same time try and warp their minds with popups.

    Cydoor's Adware/spyware™ embeds advertising in host software, converting it to "free & usefull adware" LMAO. User tracking is tied to the GUID (Global Unique Identifier) and upon installation of a software application integrated with their advertising technology, Cydoor Technologies sets a numerical identifier on your computer.

    Alexa is also adware.
    Does that program of yours only scan for ad/spyware? If you have all that adware on your sys. then it seems to me that you do alot of downloading so I wouldn't be surprised if there are more dangerous stuff on your PC that hasn't been found yet such as trojans and worms.

    P.S. I know you probably want help and you want it fast but multi-threading the same stuff usually isn't something that's accepted by many of the members here.

  6. #6
    Junior Member
    Join Date
    Feb 2003
    Posts
    21
    I posted this in the other thread that you started but I will post it here also just in case:

    First off, the log file you have isn't anything to be worried about. It was produced by a java applet that was using ZipFile methods in a multithreaded program. ZipFile methods are not threadsafe since they are asynchronous and may not be excecuted at the appropriate time. It won't always happen, but the fact that ZipFile methods arent threadsafe CAN produce some unusual excepetion including the ACCESS_VIOLATION you have here. When encountering unhandled exceptions that causes the process to be terminated a stack trace is either printed to the command line or dumped into a log file under certain circumstances. The applet was probably imbedded in a website you visited. It would be a nice thing to do to find which site it was and send the admin an email. Whoever programmed the applet should me made aware. They may not bother ot fix it, but they should at least know that there is a problem. Don't bother reporting it to Sun they already know that this occurs, its in their bug archive although officially this isn't a bug.

  7. #7
    Senior Member
    Join Date
    Jul 2002
    Posts
    339
    Does any1 speak Java?
    I speak Javanese. I even live in Java island. I also speak google. And google told me to check this out.
    http://www.javalobby.com/thread.jsp?...61&thread=2636

    In short, it's JDK's bug. What's your JDK's version? Looks like JDK 1.3.1_03 introduced a new bug in the ZipFile class which happens randomly when loading from jar files.

    Peace always,
    <jdenny>
    Always listen to experts. They\'ll tell you what can\'t be done and why. Then go and do it. -- Robert Heinlein
    I\'m basically a very lazy person who likes to get credit for things other people actually do. -- Linus Torvalds


  8. #8
    Junior Member
    Join Date
    Apr 2003
    Posts
    3
    No you have not been hacked,
    That is merely a bug in a program, I would recommend getting an AntiVirus (even though you have to be pretty dumb to get a virus) but you never know. I would also invest in a good firewall (preferably Hardware NOT Software) if you are getting a software firewall the I would recommend McAfee 2003 that comes with a firewall and AntiVirus.

  9. #9
    Junior Member
    Join Date
    Apr 2003
    Posts
    1
    I agree with most of the above it's a bug. You really should get some anti-virus software ASAP , try AVG antivirus , it can be downloaded gratis at thier website www.grisoft.com

    Cheers

  10. #10
    Senior Member
    Join Date
    Mar 2002
    Posts
    137
    Them are harsh words Resident_H, however I personally like OutPost fire wall

    http://www.agnitum.com/products/outpost/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •