hacker with new program got me

he got a friends account and he got me through her. He told her were he lived. she was being stupid and chating with peopel. yes he tried to send me somthing but he was posing as her and i was expecting a script so i accepted it. he knew form her account i was expecting the script so he hid the trojens in the file. i got rid if both trojens but he could still get me so it was somthing eles. my friend told me he had informed her it was a program he had created that he was using to hack her account.

ok first you say You did an AV scan and found no trojans, then after i tell you to scan in safe mode, you found one and removed it, and now you "KNEW" he sent you a trojan and that he hid it inside the file, how come you didnt find anything the first av scan, and the second time you found another trojan and now you knew there was a second one but didnt mention it beforehand/

This is smelling fishy to me too. Call the FBI and see what they say, tell them that he cracked many accounts, that he threatened you, harrased you sexually etc. And if you guys know where he lives, it might be helpfull to tell the fbi the address too. Or you could find his name on google via the address (if its listed).

Quote:

---

he got a friends account and he got me through her. He told her were he lived. she was being stupid and chating with peopel. yes he tried to send me somthing but he was posing as her and i was expecting a script so i accepted it. he knew form her account i was expecting the script so he hid the trojens in the file. i got rid if both trojens but he could still get me so it was somthing eles. my friend told me he had informed her it was a program he had created that he was using to hack her account.

---

Do you know where, if you did, save that file to? And if you did, did you get rid of it?

Quote:

---

Do you know where, if you did, save that file to? And if you did, did you get rid of it?

---

]

If he (the hacker) is half smart as he sounds, he would program it to copy and hide itself in multiple locations, i dont think getting rid of just the it was hidden in would do the trick. But definitly get rid of the file if you havne't.

yes i got rid of the file. and no if you read my previos coment their is no trojen casue i got rid of it. yes their was one but no their isnt one.

webweaverslair, is this the same guy from your previous incident?

http://www.bongoland.net/viewtopic.p...dfa1dd5a5#2543

Reason I ask is that depending upon how long this has been going on, it could classify it as stalking and raise the bar of seriousness quite a bit.

i memorised the file name and got rid of all things with that nameby running a search on my comp. its name was invalidfilename

I'm seeing some conflicting advice here... Probably too late, but for future reference

You can take 2 routes here, I suggest #1

1. Turn off your computer, don't touch it. Call the cops, report a stalker, say nothing of hacking at first, just get an investigator's attention. An investigator will talk to you, tell them the stalker is operating over the internet. The investigator will have a contact somewhere that would be able to handle it if they are worth anything.

If you want to prosecute or get good results from the cops, don't do virus scans or try to handle things yourself. You'll screw up any evidence you have and alert the attacker. If you've already tried to handle things yourself you've probably corrupted any evidence you may of had.

2. Format (at a repair shop, or yourself), and learn better home computing habits. This includes:
-Visiting windowsupdate.microsoft.com regularly or automatically (Get all patches, restart, get all patches, restart until no more patches are available
- Get a software firewall or enable one on your network
- Get Antivirus
- Switch browsers (mozilla.org is nice) and view your emails in text only regardless of the client.
- Keep up to date on the software you use on the internet. There is a high chance you had an outdated client, and there is a very low chance of being exploited when you're updated.

Alert your ISP and have them change your IP, and log the incident
Cut off all communication with the attacker, don't brag that you have them beat, and move on with your life.

Hopefully you should be set from there. Good luck! :D

yes htis is all the same incodent he hasnt stoped he jsut went to work today wich gave me time to work on this.

Quote:

---

yes i got rid of the file. and no if you read my previos coment their is no trojen casue i got rid of it. yes their was one but no their isnt one.

---

I did read your previous post, if you would check your typing and type more clearly, I wouldn't have to ask you

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey, careful there. The parent poster has already informed us that she has a case of dyslexia. Please be patient about it outer.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32) - WinPT 0.9.90-rc1

iD8DBQFCHsiJyTlseSg5nqsRApk3AJsFNkWiqxyqGrdMSPlktw+rcnTYuwCgo354
4BnEWwbc4aqwtSr8mgEx3Ak=
=nj3D
-----END PGP SIGNATURE-----

sorry i am trying to type clearly and i wasnt yelling at you i was yelling at the person who was missquoting me

Yes, I know, I read that. But I wasn't trying to sound like I was attacking her for that. I only asked her that because I wanted to clarify whether there was or was not a trojan, and she seemed to come back at me sarcastily, so that is why I said what I did. That is how it sounded to me anyway. And if she wasn't, then I apologize

i realy wasnt trying to be sarcastic i was trying to explain to the pirate guy that it wasnt what he was asuming that he had read me wrong.

and yes i know that is easy to do lol

Quote:

---

i realy wasnt trying to be sarcastic i was trying to explain to the pirate guy that it wasnt what he was asuming that he had read me wrong.

---

You have my sincere apologies. I just took it the wrong way then. Forgive me

Oh yeah, I almost forgot. The reason I was asking that was because if you did have that file still you could post it here so that someone could disect it and try and figure out what it was.

yeah i thought of that but in my never ending stupididty i wnt with my gut reaction i deleted that file and all remanints of it then i ran a scan deleted all trojens and any other spyware then i changed my password so it was alpha numeric in case he was using a pasword sniffer. then i rebooted. and no i dont have restor. then i ran a check again and i was still clean. i check my comp for files that wernt their befor and their wernt any that i didnt remeber exept CWShreder. then i cleand out my account in case he could still take it then i went back on, at that point he toock my account casue i refused to do ass he asked. till then i had been acting like i might in order to buy time so save my files and things befor i lost the account and in order to try to save the account. the last thing he aid was i am takign your account and i will take every other account you choose to make.

somone sugested that i go to a site and run hyjaker it asked what program to open it with and i didnt know what do i use?

When you create accounts, do you use your actual name/false name that you always use when creating an account? Whichever, do you always use the same name?

somone asked what the error message was for spy subtract. this is it.
Microsoft Data Access Components (MDAC) doesn't appear to be installed. Please download and install MDAC from Microsoft.
[SSENGINE] Unable to use 'Recordset'. Error#: 0x80040435

no i dont always use the same name i have multiple names it is too easy to track somone by a name.

I thought I told you to go back and either delete or copy & paste a few of your posts together but apparently your not going to do that. Yeah, screw ya then...

look in the phone book for FBI and ask to speak with there internet crime unit. Make sure you dont loose this guy play along with him. that way the FBI can track his IP. My other thought is you have a virus. I dont think hes getting you just by your IP, there has to be more into this. Have you thought of getting a newer system (98 is kinda old). But anyways Firewall would help you alot. he cant see your prosesses if you have a firewall running.

Quote:

---

Originally posted here by Tiger Shark
When you are presented with a problem do _not_ take the "knee jerk" reaction as to it's solution... Sit back, think of the possibilities.... Use your knowledge and experience to determine the "probable", remember the "possible" and file the "unlikely" or "impossible" for future use.

---

NFG :D

Quote:

---

Originally posted here by The Duck
Sorry but... IMHO something tells this is a joke

---

Inclined to agree :rolleyes:

Quote:

---

Originally posted here by TheSpecialist
screw ya then...

---

Quote of the thread :D

how do you know this guy's schedule enough to know when he's at work or not?


what's really going on here?

and why do you refuse to callt he FBI? don't they have a cybercrimes division these days?

Duck:-

You said:-

Quote:

---

Tiger shark, with all due respect, I mostly agree with you, but copywrite didn't come to the conclusion until after he knew that she was on dialup, which means her IP changes everytime she connects to the internet. I don't know about anyone else here, but once I read that, keylogger popped in my mind, but obviously CW beat me to the post, by a long shot lol...

---

To save you going all the way back the the start the original post was:-

Quote:

---

Their is a hacker in delaware that is finding young women in yahoo messanger and asking them to do things. If they refuse he takes their accounts. This happend to me. He wrote a program that works as a back door on all yahoo accounts so no matter how many new ones you make he will use your ip numer to hey his program alterting him that an new account was used on that computer He continues to take your acconts aver and over till you give in to his demands. How do i stop him? I have fire walls runing and have run a spy ware and virus scan. But it sais the computer is clean and all he can do is take my accounts he has no control over anything but yahoo.

---

Now, if we look at the first highlighted statement we can say the following things:-

1. If his program works on all _Yahoo_ accounts then the implication is that he hacked Yahoo. Do I need to point out that he didn't - false assumption on the part of the OP... No problem.

2. He will use your IP number to have his program alert him. Firstly, the IP address is irrelevant per se. Since there is technically a firewall up and configured for inbound denial it is reasonable to assume that the OP is confused. However, the OP also states there that his program alerts him.... How would it do that? Does he have a fancy proggie that watches out for her creating yahoo accounts? Noooo, of course not... It just sends him everything she does and he looks for the new account information.... We call those keyloggers.... There is a remote possibility that he has subverted the Yahoo Messenger but even so that subversion would have to send him the login and password info... Thus it is logging her keystrokes... So it's still a keylogger whichever way you cut it - it's only the metod that changes.

Now looking at the second highlighted statement:-

He has no control over anything but Yahoo.... Again pointing back to Yahoo being hacked..... Don't think so... OP is confused.... No problem. But since it's only yahoo affected there is another possibility.... The slimeball is a lying POS!!!! Now who would think that? :rolleyes: See, if you have a keylogger on a box of someone you are harassing you would want to know what that person is doing... Is she creating another account on a different ISP and talking to the LEO's on that. If the slimeball tells her he knows what she is doing on that other account then he will drive her away from using the computer as a means of communication and he will no longer know what she is doing and how the LEO's might be reacting... Thus, for his own safety he makes out that he can _only_ play with Yahoo..... Remember, she says he's doing this to multiple women thus the risk is geometrically increased that one or more will contact the LEO's.

The answer was all in the first post the OP put up.

As to the thread as a whole..... It's got way too silly now..... It should probably be closed..... :rolleyes:

Excellent analysis, Tiger Shark. But the time and effrort that went into this analysis makes me worry about your health (mental and otherwise ;) ). Yes, ths thread has gotten too silly.


Quack

Quote:

---

19. Yahoo! Messenger Download Dialogue Box File Name Spoofing Vu... BugTraq ID: 12587
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12587
Summary:
A remote download dialogue box spoofing vulnerability affects Yahoo! Messenger. This issue is due to a design error that facilitates the spoofing of file names.

An attacker may leverage this issue to spoof downloaded file names to unsuspecting users. This issue may lead to a compromise of the target computer as well as other consequences.

It should be noted that although only Yahoo! Messenger version 6.0.0.1750 is reportedly affected; earlier versions may be affected as well.

---

I just read this in the Security Focus Newsletter..... I wonder..... :eek:

Download hijack this from http://computercops.biz/zx/Merijn/hijackthis.zip

Then save the log and attach it so we can see some details about your startup config.

If its a trojan or keylogger, you will find suspicious programs starting. Unless they hid it in an ADS...

Either way... that would be a good place to start. Since everything else is just speculation on very little information.

Tiger I know you have your reasons for why you think it is this or that...

I've seen too many users tell me one thing which makes me think up the problem/solution... only to get my hands on a machine to find out hey had no idea what they are talking about and it was something completely different. Ya know?

Phish:-

Quote:

---

Download hijack this from http://computercops.biz/zx/Merijn/hijackthis.zip

Then save the log and attach it so we can see some details about your startup config.

If its a trojan or keylogger, you will find suspicious programs starting. Unless they hid it in an ADS...

---

ROFLMAO.... That's what I said in my very first post - that seems like months ago in this thread - but nothing has been done.....

Also, I really would like to know how "our friend" knows that her "harasser" went to work..... :confused:

THIS THREAD IS RETARDED!!!!!!!!!!

I think we all know that by now, let's just drop it, we told him/her what he/she can do (and i believe she/he hasn't done any of the **** we said.

do I hear someone laughing somewhere?

Quote:

---

Originally posted here by XTC46
THIS THREAD IS RETARDED!!!!!!!!!!

---

Call the cops!