dcsimg
Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 35

Thread: My aunt has been hacked and..

  1. #21
    Senior Member Raion's Avatar
    Join Date
    Dec 2003
    Location
    New York, New York
    Posts
    1,299
    Sorry for taking so long to reply, don't have a lot of time on my hands. Thanks to all who replied. A lot have mentioned to update her antivirus but the problem is she is on a dial-up connection and it restarts every 15 minutes and I doubt her antivirus would update that quickly on a dial-up. And I dont live in the US so that rules out contacting the FBI. And I do plan on formatting but my aunt wants to catch whoever this is so I have no other choice as me and my brother are the computer gurus in my family (all a bunch of computer illeterates as for i only know about computers but only know a few things about security.) and i doubt it's the MSBLASTER worm don't know exactly why but I just don't think it. It could possibly be a virus since it is true what nihil said, no hacker would put a virus on somebody's computer to shut it down every 15mins. But if it is a hacker in my opinion she has a virus since she has dial-up her IP changes and the hacker is getting her IP when she gets on. And my first thought was to download a firewall for her, which i am going to do and burn on cd but the problem with formating is that she doesn't have the WinXP installation CD and no formatting disketts since her HD caught some weird thing and she bought a new one and her Win95 computer was updated to WinXP but no installation CD was included in the upgrade. and info tech geek, i would explain it without the whole story but i decided the more detail the better :P and anjali, the account appears on the log-in prompt she told me the account name but i forgot it, started with a C. I will keep you posted as to what happens when I go over there (No exact date at the moment.)
    WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!

  2. #22
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    OK Raion let me get a few things clear in my mind............

    1. The machine restarts after 15 minutes, it does not just shut down? [shutdowns after a set period of time can be an overheating problem, but it would not immediately restart] To make sure that there is no confusion, go into BIOS and the display manager and disable all power saving and screensavers.

    2. Does the machine only restart if there is an internet connection, will it run normally if not connected to the internet? Get your aunt to switch it on (NOT connected to the internet) and leave it for an hour or two......if there is a logon screen then it has obviously rebooted, if not, then the problem is internet related. If it is a virus, it should shut down irrespective of the internet connection???

    3. When your aunt got the someone else using it message, had it been running for more than 15 minutes?

    SUGGESTED SCENARIO:

    > I write a trojan aimed at dial up connections
    > It "wakes" every 15 minutes and looks for an active internet connection
    > If there is no connection it "sleeps" for 15 minutes
    > If there is a connection, it "phones home"
    > If I am "at home" (online) I am in!!!
    > If I am not "at home" it sleeps for 15 minutes

    But I have screwed up my coding, and instead of sleeping, it re-boots

    I think we need a little more information on what happens when the PC is offline?

    Good Luck!

    EDIT: You might try booting into "safe mode with network support"...........this might let you onto the internet without activating malware. Also check the running processes and try to kill whatever it is before it re-boots you?

  3. #23
    Senior Member Raion's Avatar
    Join Date
    Dec 2003
    Location
    New York, New York
    Posts
    1,299
    Yea, I was also thinking about pressing ctrl+alt+del to remove any suspicious tasks although I forgot to mention it. And, according to my aunt, it works normally offline but when it connects, 15mins later it restarts. And how do I run safe mode in XP? (I'm running 2k, and never really needed to use safe mode so I don't really know.) And, when she got that message, she only got online to check her email (which I doubt takes 15mins) then she went to shut down since she had no new e-mail messages that message came up. And the problem isn't offline instead online. The only problem is that she has an extra account which will be the first thing I try to remove as soon as I get over there, but before going to check what's in his account by changing his password (if possible). And my aunt didn't specify if it shutdown immideatly or after a period of time I will have to check that out for myself.
    WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!

  4. #24
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    You're problem sounds more and more like " I have this problem, and the computer does weird things, help, and then there is some other ambiguous symptom coupled with an abstract condition and thanks for the advice but I won't try any of it because I know better"

    Ok, what exactly have you tried? For starters, I'm really confused. Is it your grandmother's computer, or your aunts? Does your aunt still live with your Grandmother? Why?

    I'll apologize now if I am reading too much into this. Info Tech Geek's advice ( and .:front2back:. ) is probably the best. Reformat, then set up everything. I really can't at all tell what the problem may be.

    If you have access to another computer, download a free antivirus (like AntiVir), it will be up to date. Download any other apps you feel you may need (adaware, spybot, firewall, whatever) they should be up to date.... burn them to a CD rom and take them with you.


    On the off chance that the box has been rooted (which I think possible) running netstat on that box isn't going to do you any good (reiterating tedob1) . It may have been altered. As far as that goes, cmd.exe might be corrupted too. I'm simplifying greatly, but hopefully you get the idea.

    With all due respect, reinstall the OS and start fresh. I don't think you are going to achieve the results you want. You may very well have a hardware issue. I had a box awhile back that would crash after about 10 minutes...turned out that was how long it took for the cable inside to warm up enough to seperate.

    You said another account had been created... does it show up on the login screen, or did you find the users icon in the control panel? XP by default has some extra accounts that are supposed to be there. Be careful.

    Now I'm going to do something to earn my paycheck, drink some kind of liquid, and probably scratch myself somewhere....

    Good luck.

    EDIT: In retrospect, I have nothing to add to this discussion at all.... I couldn't let a little detail like that deter me though.

  5. #25
    Banned
    Join Date
    Feb 2004
    Posts
    21
    Sounds like a hacking task scheduler to me!

  6. #26
    Senior Member Raion's Avatar
    Join Date
    Dec 2003
    Location
    New York, New York
    Posts
    1,299
    groovicious; No it's nothing like you think, the problem is that I'm gathering all of the information before I head over to her house since she lives about 3 hours away from me and she doesn't live in my grandmothers house, she was visiting and I went to pick up my little sister who was there. As soon as I get over there I'm planning on trying all of the advice you all have given me.
    WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!

  7. #27
    My Grandmother reckons she can crack both the Aunts lol

  8. #28
    Junior Member
    Join Date
    Feb 2004
    Posts
    17

    Check the obviouse

    Can i just add before doing anything and connecting to the net, look at the internet properties and see if it has a disconnect time activated, quite a few companys can set these themselves like bt.

    If this all seems fine maybe look in your system 32 and other common folders used by the sys that a back door could have been stored in (if it is infact a hacker), run anti virus software incase there using a known trojen. The probabilaty that there using an im alert (if infact it is a hacker) is quite high. the server file will probably be named somthing like server.backdoor.bat if it is a silly trojen, for all you know it could be some one using buffer overflows and the works in wich case formatt back to 0 and install every thing again.

    Or use somthing more stable like umm LINUX!
    (joke)
    Who am i to question your motive?

  9. #29
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi Raion,

    1. If you keep hitting f-8 whilst XP is booting it will give a menu from which you can select "safe mode" & "safe mode with network support"

    2. InfoTechGeek has suggested you set up a firewall. Try burning ZoneAlarm free edition to a CD. You download an installation executable and can load the whole application offline. A new version came out yesterday Set it to"high" security"...........when you go online it will pop up a prompt asking if the browser can connect..........give it an OK.....BUT NOT A PERMANENT ONE!!! You may also get various apps wanting to update themselves..........say "no"............you should also get the "bad guy" trying to connect.......make a note of the IP address and the program but don't answer the message. Just click and hold on the message box and move it out of your way. [GET A COPY OF THE PROGRAM!.......we may need it for analysis purposes].

    You should be able to use the internet, and the trojan proggy will NOT have had a "cannot connect message" ..............hopefully, it will just sit there doing nothing..............you should then be able to update, download and do all the things that have been suggested.

    3. I am suspecting that you have possibly got a virus and a trojan, so try to get rid of the virus first.

    4. Your aunt is using XP.................this has a remote access support facility.....so maybe you should look at this to save yourself a long drive in future? I use this box to support one in London, which is about 5 hours away......

    5. Change ALL passwords!!!!!!!!!

    6. Take a copy of HijackThis with you, and post the log when you are done.

    7. Get SpyBot Search & Destroy and AdAware and run them.................if she has viruses and trojans, God knows what else is there?

    IF YOU HAVE A LEGITIMATE COPY OF XP YOU WILL HAVE THE CD AND THE PRODUCT KEY LABEL.
    If your aunt does not have these then it is a pirate copy, and may well be the source of her problems? Have a "word" with the supplier?

    Good Luck

  10. #30
    Senior Member Raion's Avatar
    Join Date
    Dec 2003
    Location
    New York, New York
    Posts
    1,299
    Thanks, and she does had a legitimate copy of XP as far as I'm concerened, either way we are going to buy the XP installation CD to format the HD. Still no exact dates as to when i will be heading over there though. So keep on giving me as much advice possible. Thanks
    WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •