Printable View
i am having a serious problem with someone hacking into my computer and deleting files etc....i have tried many different firewalls including zone alarm and they still get through. whoever it is has even gone as far as to e-mail people using my name. please help i am new at all of this and am starting to get annoyed....... any information would be greatley appreciated.
Checked for trojans / virus' recently?
If so did you use it with an up to data virus definitions?
Are you allowing a connection with you firewall to something that looks suspicious?
Is the firewall/s allowing local access to internet and internet access to local (zones set to wrong adaptor)?
Running a server of some description?
Checked for updates on your os (and servers if running)?
Opened any suspicious attachements? (yes that includes pron)
Do you know the "someone"?
Are than any proceess / startup programs that shouldn't be?
if you have a antivirus up date it download spybot and update it to it newest available download and scan your system, it doesn't matter if you have a firewall if not configured well it's like if you didn't have one. Update Windows. etc.
Give more info what OS are u running and kind of connection
***maybe if you format and install everything all over again that would help alot
//me scartches head and think: maybe it's a l33t HotmailSub7DialUpHacker that has your computer
//me scared :(
LOL
i am currently running windows xp with bellsouth dsl internet......i do have the latest version of spybot and run it every other day if not daily.....for virus scan i am using the latest version of mccaffe online virus scan.....i scanned tuesday night and no viruses were found.
ah but does xp have any of the updates applied :)
the last time a ran a windows xp update was about two weeks ago....but this has been a continuous problem for the last three or four weeks.
Good start with the fire wall. Make sure you are also using a regularly updated virus scanner (if you want a cheap one, use AVG from http://www.grisoft.com/ . Also find a decent trojan remover by searching on google, and run that.
How is your internet set up? Do you use hotmail or an equivalent? If so, how do you access it? If it's through a mail client (like eudora or outlook) then this could just be due to your PC being compromised. If you connect using a Internet Explorer, then you could have a key logger, or a trojan like Sub7 (I think this has a keylogger in it).
Do you have shares enabled? And what OS are you using?
do you have your administratives Shares enable ? ?
Disable them becas if you don't have them password protected and even if you have people can peak at your shared files (also c:\)
TRY updating your system, well don't try it DO IT !!!!!!
What firewall are u running?
and what configuration does it has?
i do currently share files on imesh.....but the only files they can download from me are from the my downloads...that is how i set it up when i first started to avoid this problem.....all other files are password protected. i just started using the black ice personal protection firewall, it is set on max unless i am going in to download a file or music or whatnot....as soon as i am finished with the download it gets set back to max........
Make sure that you aren't sharing any folders. Check by command prompt>>net share
that should give you a list of shared folders.
Are you the only person that has physical access to the machine I think it might be someone playing a prank or has a grudge against you and they are doing it to see how long it takes before you get really Po'ed
Just a few little things to check.
1. Go to start then run enter CMD
2. At the CMD shell enter netstat -a let it run may take a moment then you will get a list of what services and ports are active and listening. Headings are Proto (Protocol) Local Address (then listings of default ports listening) Foreign Address see an IP listed then it may be the port your open on.
3. Firewalls are great but setting them up even simple ones one must pay attention as to what you allow to talk to the web. Go back to square one on the firewall block all apps wanting to connect do a net stat -a oh doing this will mean you will listen on ports 137, 138, 1185 and also have a nbsession, nbname, nbdatagram. If nothing else shows start with maybe two apps allowed to access like email and your browser do another netstat -a. Netstat -a tells you many things if at the CMD shell you want to know other toggles just enter netstat and you can voew what the options are. Guess the point is you have sonething going on that is not going to be cured by a point and click choice. Needless to say many more know more then you out here and all to often thanks to M$ they are sold on a safe happy computing cruse on the "information highway" (old M$ Billy saying never caught on) You plug in on the web and play now days you need not do a thing and you can become infected. Kinda complex huh yep play with the netstat thing learn it do a google search on it's function then look for ways to manually close ports and manually remove the trojan you have oh they like high port number goole search any open ports like say port 1123.
Peace
Yours OS must have some holes which you didnt find.
Please check it carefully.
May you fig out it.
the only file that they can share out of is the my downloads file....that is cleaned out at least twice a week if not more depending on how much downloading i am doing. i have attempted to download the windows upgrade and mccaffee upgrade and they said that there were none available at this time.
I was watching this documentry on hackers once.. It says if you are threatened by a hacker, the best thing to do is to disconnect your internet connection and secure your computer and connect it again.
Disconnect your internet line
Go get a friend to burn some security softwares on a cd
Install all the softwares
Reconnect your internet and update the software
And try getting a hardware firewall. Im sure theres a thread or two that discusesses about them.
Hope this helps.
personially i would scan pc for trogens,virul, spy wear, eg bonza buddy,gater,ect
(you will be amazed at what will be there we were when we did it to our machine!!!)
then i would instal 2/3 fire walls, change ALL currant passwords ever used on pc including this one and email. have your fire wall running on verry sensative.
(means higher protection)
also if your using a modem make shoure it is turned off when not in use. just to be shoure.
Keep a close eye on all ips shown on logs and record reacuring ip's (i keep a log of all IPS that show up in the firewall and intrusion sections. along with ther locations ect...)
finially if you know there IP report it to the authorityes for miss conduct / illegal usage.
Nightfalls_Girl
May not be relevant......but I just cleaned out a computer (running IMESH) and it had a key logger installed. (plus over 20 ad programs, etc)
about the person emailing others using your email address, dont you think they are just spoofing it? or sending email with the address showing as yours? just a thought.
Well, as my momma always says, if all else fails Reinstall, Reinstall, Reinstall. This means that if EVERYTHING HERE FAILS then you can always go to the final step. Format your HD, (I think its a low level format that gets rid of everything, but I could be wrong.) Then reinstall all your progs and your OS. It sounds like a lot of work, and it is a lot of work. Make sure you have at least a day free to do this. Oohh, and get a techie friend to help you out. Hope this helps!
Reformat your hard drive and re-install your operating system...............put a lock on your door.......you have no friends other than here.............do not let them use it!..............I get so pi$$ed off with this.............you have the nice "red car"..............do not lend it, or face the consequences?
Good luck
Why is it that when someone talks about getting hacked, everyone brings up spyware and says... download adaware. I will admit spyware is a pain in the ass, but it has NOTHING to do with this situation at all, so why does anyone even talk about it.
What was the content of the email and how do you know it was sent? was it in your outbox or did someone tell you? From the descriptions that you have told, it sounds more like a virus then anything else. The online virus scanners suck. They are great because they are always up to date, but because they are run remotely there are certain things they can't do. AVG is a good program (I have never had any problem with it) and its free, so download it and run it. With a DSL connection you can even have it set to update weekly and not have to worry about it. Get it at www.grisoft.com
Maybe you should tray with following procedure:
First install freeware "Ad-aware" antispy software from Lavasoft (Sweden) on: http://www.net-security.org/software.php?id=135;
after instaling run the program and try to discover findings (at the end of scan you have an option to identified origin of spy programs, filename then google searching). You must have at downloading and scanning your firewall active.
Best regards,
Primoz
whyme961,
I'm not that knowledgeable in computer security but I had arbitrary unwanted connections on a computer...took out iMesh and the unwanted traffic stopped.
i have to agree with jetherson your email is easy to spoof to someone whos ignorant of such things but rhe file deletion thing is something differant.
soulman. its about time someone said that. this adware bullshit makes it hard for a newbie to find usefull info when adware has nothing to do with the problem
the last time you patched was two weeks ago. this may have been just before ms included the rpc/dcom patch. if you were running a properly configured firewall at the time it shouldn't matter...were you?
once a good hacker gets into your system it gets kinda tough to detect. tool like netcat and radmin aren't detected as trojans or viruses because their not and the new root kits can be impossible to detect.
the wisest thing for you to do is re-format and re-install. (as has been stated already)Install the AV software, the firewall and all the patches before you do anything else. If your looking for a learning experiance instead and you have nothing on your machine that could hurt you like credit card or other sensitive data then we can start looking at some forensic tools...like the pstool kit and a bunch of others folks here can help you with. Decide what you want to do. Stop it or learn about it.
whyme,
these folks are right the way to get rid of your problem for sure is to re-baseline. Format and re-install everything. Not a lot of fun but usually educational. For a software firewall most folks agree that Zona Alarm:
http://www.zonelabs.com/store/conten...eeDownload.jsp
Is one of if not the best. For a a hardware firewall the easiest way is to get one of these "Routers" from Best Buy or CompUSA ETC.. D-link, Linksys, and netgear all make easy to use cheap 4 port home routers. They do NAT (Network Address Translation) on your IP address and offer a bit of protection from that. If Your 'friend' doesn't know how to get around it it will help, if you have trojan or something that is calling out it won't help.
Another option if you have an older computer lying around you can put 2 NICs in it and set up your own NAT box. Coyote Linux makes a firewall that boots up and runs from a floppy,and it can even be configured on a windows box if you also download the wizard. that means there could be no harddrive to monkey around with on that particular box, Just a floppy and some RAM!!!
http://www.coyotelinux.com/modules.p...download&cid=1
As already stated AVG is really good for a virus scanner and keeps up to date and best of all, free.
If you want to know what's going on try running TCPDump on you rsystem and watch the traffic that is going out and coming in.
http://winpcap.polito.it/install/default.htm#Developer
Also you can try Ethereal, i haven't used it yet but I have seen folks here and elsewhere rave about it.
http://www.ethereal.com/download.html
Hope this helps
Idon't know about you. But I think in multiple levels. First is the ISP and what protection does it provide, then in Microswift and it's redundant fixes to problems already exposed to the world and soon to be fixed.
Then I rely on a router with security, a firewall(Zone Alarm in this instance) and then dump MACA whatever and get Norton Antivirus and set it up to update at least once a week.
In the mean time spend a litle time reading up on what is currently working it's way through the internet. I subscribe to a number of enet sites just to keep up with who is doing what to whom. Gypsy
Its not that simple. If it is a customized trojan, you might not be able to detect it. Zone alarm doesn't find everything, its the same for antivirus. I suggest you search on mail you recently received and check any attachment you might have opened.
Of course customized trojan means that the attacker knows you and yr OS, antivirus, etc.
You should hv you computer checked by an expert.
No, it's not that simple. But itis the first steps everyone should take to insure that they have at least the minium security for their pc. I try to keep as up to date of anti virus and worm protection as the next guy. but even with everything set to the max there are no gaurantees. That is why I am here. To know more about the loops things can slip through and how to prevent/attack them. Gypsy
Hi,
Just had a further thought. You say you connect via "DSL"?..............I would suggest that you cut your connection for a while then re-connect...............this will force a new internet address (well it does with my ISP anyways) so if the attack is remote, you "just moved house" :)
I must confess that the reason for my previous "rant" is that I think your attacker is closer than you think :(
It has happened to me, and I am sure to other AO members..............kinda leaves a nasty taste when you trust someone, let them use something of yours and they screw you?
Do a Google search for CompuSec v4.15. It is free, and runs on 2K/XP. It puts a new password between the boot and OS load. If you do have an internal security problem, that will sort it.
I am afraid that I have to stick with my original suggestion that if you have a major trojan problem you have to go back to square one and reinstall everything...you just do not know what might be there and these generic tools cannot be relied on 100%
You might also like to look for a product called "HijackThis"......it will show you what is running on your machine.............please be VERY CAREFUL...it shows everything, not bad guys only. I suggest this, because I do not think that the author of a custom trojan will have heard of it, so cannot have stealthed his software against it.
Good Luck
Good Luck
Hi All,
A friend of mine just let me know of a program calld SNORT. This guy seems to be an internet snifer that breaks down packets as they come in and let you know who the sniffer is. If this is the case It may be worth a one time fee to install it on your pc. He swears by it. and I'll tellyou I'm thinking about getting it. BUT as with everything else 'Be wary of greeks bearing gifts' meaning if it sounds to good to be true really check it out before downloading...Gypsy.
well i appreciate all of the help.....new develpment.......the "hacker" had installed a user file in my hardrive....all files contained were dat files. they had also turned on my guest account password free......i know this was no one close to me cause no one......and i mean no one has touched my pc all weekend besides myself........i am now usiong both zone alarm and black ice as my firewalls, and i have spybot and super pest patrol (all updated versions) and did find one trojan. i must say all of this is extremely fascinating and i am enjoying the experience(in a way). as for turning off my dsl.....according to the carrier it is supposed to have a dynamic ip and according to them is supposed to continuosly change.....will it keep repeating the same ip addresses though? so far (well since sat. night) someone....or someones....have been blocked from entering into my pc 138 times.....and yes they keep trying.....hopefully my dual firewalls are what are keeping them out. i again checked with both windows and mcaffee for updates, neither had any for me.....mcaffee updates weekly anyway. hopefully have this prob taken care of........if not, i guess i will need to learn more.
whyme961,
First do a trojan/worm scan with the updated virus list. In XP most instances occurs while svchost.exe is running many instances in the PROCESS. It mostly implies presence of W32@ worms. Check it out. Try STRINGER from VIL. It does a clean sweep for the same. Maybe if you are in LAN, viruses/worms/trojans might have been infected via the ports mainly 135/139. ZA has a tendency to be killed easily if the system is trojan infected ( its my personal experience ).ANd also as suggested above by fellow members, disable SHARINGS. If all the above fails, it might be someone known to you who has access (physical ) to your computer deleting the files.....lol...
HTH!!!!
!!(( Protocols )) !!
I found a white paper somewhere that suggested anyone with a firewall block UDP Port 8998 for the sobig etc. worms and I run everything from spybot s&d, adaware, norton system works and zone alarm to my D-linksys router and it's capabilities to try and keep my pc's clean. I have found running multiple types of security software that claim to do the same thing I.E. Norton and MaCafee or Zonealram and Black ice sometimes create more problems than they cure when trying to do day to day operations.
The best advise I'd give you is try something out and pick up a key stroke logger for your pc to see if it is someone you know, but not so well or if it is cooming from out side set all your security software to the max with notify and see what it tels you. I just thought of something that a buddy of mine suggested the othe day. There is a product called SNORT I believe it is that was a Unix and Apple based program that has just become available for windows users. This is NOT an endorsement I don't have it but it may be germaine and help in this instance.
regards, Gypsy.
Regarding your DSL, yes they are "dynamic" but they will normally only change if you log off the connection, and then back on again. They will keep the same address for any period of continuous connection.
This is normally a potential problem with cable, as you tend to get a permanent address from them.
Cheers
Hello,
Our recommendation, though quite a bit of work would be as follows:
1. Backup all critical files
2. Clean install of OS
3. Update OS with latest patches and SP's
4. Purchase the SOHO3 SonicWall Internet app (Zone alarm and software based firewalls are not robust enough). Even a Netgear firewall with Stateful Packet Inspection (SPI) would be better than the "free" solutions. Free is not always good as these solutions are easy to disable.
5. Install the latest version of your favorite anti-virus program (like NAV, Trend Micro, Sophos). Configure the software to updated virus definitions for daily updates and scan the entire system daily. Complete a complete scan after initial install.
6. Careful about your surfing habits. Turn off cookies and Active X
7. Don't open ANY email attachments from your friends...(.pdf is ok). :)
Good luck!
DarkCarniv0l
Hello,
Dark has the ideal solution. But is it practicle? Or affordable? I'm not saying not to go with it, but I've ben around the biziness long enough to know that the most expensive solution is not the only solution. I don't know much about most of what Dark has reccommended but is it that much better than the approach I recommended. Dark I would like to hear your rebutal. because if I'm in the wrong I have to change tihe way I look at these things. regards, Gypsy
Hi Techno
As you well know.....There are many ways to carve a pumpkin. You have some great ideas too and I agree with you, the most expensive solution is not always the best. The solutions I recommend, Sonic Wall and Netgear are typically affordable by most end-users. The Check Point Firewall technology (sofa@ware) & (safe@office) are a bit more pricy and offer a robust VPN function. We support the SMB market and had very impressive results from our customer base with no "known" intrusions and numerous "known" intrusions.
I hope this helped.
Top of the evening to you all!
DarkCarniv0l