|
-
February 19th, 2004, 02:00 AM
#21
Sorry for taking so long to reply, don't have a lot of time on my hands. Thanks to all who replied. A lot have mentioned to update her antivirus but the problem is she is on a dial-up connection and it restarts every 15 minutes and I doubt her antivirus would update that quickly on a dial-up. And I dont live in the US so that rules out contacting the FBI. And I do plan on formatting but my aunt wants to catch whoever this is so I have no other choice as me and my brother are the computer gurus in my family (all a bunch of computer illeterates as for i only know about computers but only know a few things about security.) and i doubt it's the MSBLASTER worm don't know exactly why but I just don't think it. It could possibly be a virus since it is true what nihil said, no hacker would put a virus on somebody's computer to shut it down every 15mins. But if it is a hacker in my opinion she has a virus since she has dial-up her IP changes and the hacker is getting her IP when she gets on. And my first thought was to download a firewall for her, which i am going to do and burn on cd but the problem with formating is that she doesn't have the WinXP installation CD and no formatting disketts since her HD caught some weird thing and she bought a new one and her Win95 computer was updated to WinXP but no installation CD was included in the upgrade. and info tech geek, i would explain it without the whole story but i decided the more detail the better :P and anjali, the account appears on the log-in prompt she told me the account name but i forgot it, started with a C. I will keep you posted as to what happens when I go over there (No exact date at the moment.)
WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!
-
February 19th, 2004, 12:58 PM
#22
OK Raion let me get a few things clear in my mind............
1. The machine restarts after 15 minutes, it does not just shut down? [shutdowns after a set period of time can be an overheating problem, but it would not immediately restart] To make sure that there is no confusion, go into BIOS and the display manager and disable all power saving and screensavers.
2. Does the machine only restart if there is an internet connection, will it run normally if not connected to the internet? Get your aunt to switch it on (NOT connected to the internet) and leave it for an hour or two......if there is a logon screen then it has obviously rebooted, if not, then the problem is internet related. If it is a virus, it should shut down irrespective of the internet connection???
3. When your aunt got the someone else using it message, had it been running for more than 15 minutes? 
SUGGESTED SCENARIO:
> I write a trojan aimed at dial up connections
> It "wakes" every 15 minutes and looks for an active internet connection
> If there is no connection it "sleeps" for 15 minutes
> If there is a connection, it "phones home"
> If I am "at home" (online) I am in!!!
> If I am not "at home" it sleeps for 15 minutes
But I have screwed up my coding, and instead of sleeping, it re-boots
I think we need a little more information on what happens when the PC is offline?
Good Luck!
EDIT: You might try booting into "safe mode with network support"...........this might let you onto the internet without activating malware. Also check the running processes and try to kill whatever it is before it re-boots you?
-
February 19th, 2004, 06:29 PM
#23
Yea, I was also thinking about pressing ctrl+alt+del to remove any suspicious tasks although I forgot to mention it. And, according to my aunt, it works normally offline but when it connects, 15mins later it restarts. And how do I run safe mode in XP? (I'm running 2k, and never really needed to use safe mode so I don't really know.) And, when she got that message, she only got online to check her email (which I doubt takes 15mins) then she went to shut down since she had no new e-mail messages that message came up. And the problem isn't offline instead online. The only problem is that she has an extra account which will be the first thing I try to remove as soon as I get over there, but before going to check what's in his account by changing his password (if possible). And my aunt didn't specify if it shutdown immideatly or after a period of time I will have to check that out for myself.
WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!
-
February 19th, 2004, 07:00 PM
#24
You're problem sounds more and more like " I have this problem, and the computer does weird things, help, and then there is some other ambiguous symptom coupled with an abstract condition and thanks for the advice but I won't try any of it because I know better"
Ok, what exactly have you tried? For starters, I'm really confused. Is it your grandmother's computer, or your aunts? Does your aunt still live with your Grandmother? Why? 
I'll apologize now if I am reading too much into this. Info Tech Geek's advice ( and .:front2back:. ) is probably the best. Reformat, then set up everything. I really can't at all tell what the problem may be.
If you have access to another computer, download a free antivirus (like AntiVir), it will be up to date. Download any other apps you feel you may need (adaware, spybot, firewall, whatever) they should be up to date.... burn them to a CD rom and take them with you.
On the off chance that the box has been rooted (which I think possible) running netstat on that box isn't going to do you any good (reiterating tedob1) . It may have been altered. As far as that goes, cmd.exe might be corrupted too. I'm simplifying greatly, but hopefully you get the idea.
With all due respect, reinstall the OS and start fresh. I don't think you are going to achieve the results you want. You may very well have a hardware issue. I had a box awhile back that would crash after about 10 minutes...turned out that was how long it took for the cable inside to warm up enough to seperate.
You said another account had been created... does it show up on the login screen, or did you find the users icon in the control panel? XP by default has some extra accounts that are supposed to be there. Be careful.
Now I'm going to do something to earn my paycheck, drink some kind of liquid, and probably scratch myself somewhere....
Good luck.
EDIT: In retrospect, I have nothing to add to this discussion at all.... I couldn't let a little detail like that deter me though.
-
February 19th, 2004, 07:11 PM
#25
Banned
Sounds like a hacking task scheduler to me!
-
February 20th, 2004, 12:51 AM
#26
groovicious; No it's nothing like you think, the problem is that I'm gathering all of the information before I head over to her house since she lives about 3 hours away from me and she doesn't live in my grandmothers house, she was visiting and I went to pick up my little sister who was there. As soon as I get over there I'm planning on trying all of the advice you all have given me.
WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!
-
February 20th, 2004, 01:10 AM
#27
My Grandmother reckons she can crack both the Aunts lol
-
February 20th, 2004, 02:27 AM
#28
Junior Member
Check the obviouse
Can i just add before doing anything and connecting to the net, look at the internet properties and see if it has a disconnect time activated, quite a few companys can set these themselves like bt.
If this all seems fine maybe look in your system 32 and other common folders used by the sys that a back door could have been stored in (if it is infact a hacker), run anti virus software incase there using a known trojen. The probabilaty that there using an im alert (if infact it is a hacker) is quite high. the server file will probably be named somthing like server.backdoor.bat if it is a silly trojen, for all you know it could be some one using buffer overflows and the works in wich case formatt back to 0 and install every thing again.
Or use somthing more stable like umm LINUX!
(joke)
Who am i to question your motive?
-
February 20th, 2004, 10:58 AM
#29
-
February 21st, 2004, 05:22 PM
#30
Thanks, and she does had a legitimate copy of XP as far as I'm concerened, either way we are going to buy the XP installation CD to format the HD. Still no exact dates as to when i will be heading over there though. So keep on giving me as much advice possible. Thanks
WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
Set it to"high" security"...........when you go online it will pop up a prompt asking if the browser can connect..........give it an OK.....BUT NOT A PERMANENT ONE!!! You may also get various apps wanting to update themselves..........say "no"............you should also get the "bad guy" trying to connect.......make a note of the IP address and the program but don't answer the message. Just click and hold on the message box and move it out of your way. [GET A COPY OF THE PROGRAM!.......we may need it for analysis purposes].