Get to know the Zune HD>>
Computer newbies: I KNOW I have a hacker...i need confirmation and insight
I KNOW I have a hacker...i need confirmation and insight
by prokofiev1 - 4/15/08 4:16 PMThe jist:
Im using Sygate personal firewall, AVG free addition, and an occasional crap cleaner.
Why do I think I have a hacker?
3 yahoo accounts have been taken over and passwords changed, I dont remember the info I put into the accounts to make them so yahoo is no help (believe me i tried)!
One of my yahoo email accounts that had been taken over was used to infiltrate my myspace account and make an ugly mess of it before i got myspace to delete it.
Port scan attacks got into my adobe reader so i deleted adobe and ran AVG. I had one virus which it called "dropper.small" which i figured out was a trojan. Worse than that AVG wouldnt let me delete it so i did some MORE research and i turned off my system restore and rebooted and deleted it finally. Now im getting "IP address conflicts" one after another after another and so on... I rebooted and am now continuously running AVG and not finding anything.
If this hacker IS who I THINK he is...its some big hotshot science guy who has this huge complex of computer screens in his living room and hes out to get me for reasons i cant explain.
-Please help!
P.S. I backtraced his IP address and its this: 192.168.1.1 which is bogus apparently.
Quick little Q.
by tylersmiller - 4/15/08 7:15 PM In reply to: I KNOW I have a hacker...i need confirmation and insight by prokofiev1Do you have unencrypted wifi? and if so, is that how your connecting your computer?
encrypted?
by prokofiev1 - 4/16/08 9:22 AM In reply to: Quick little Q. by tylersmillerAt one location im secured, at another im not...But im not sure what encrypted means.
Basically, Encrypted=Secured..
by Grif Thomas
- 4/16/08 10:06 AM
In reply to: encrypted? by prokofiev1
And as I mentioned below, unsecured networks are NOT a good thing.. Some types of unsecured networks are setup as "traps" by hackers to lure unsuspecting users.. When you log on, lots of information can be gained about you and your surfing habits.. Keylogging can take place to detect passwords, etc.
It's your choice, but it's best not to use them.
Hope this helps.
Grif
That IP Address Is Probably Your Router...
by Grif Thomas - 4/15/08 8:39 PM
In reply to: I KNOW I have a hacker...i need confirmation and insight by prokofiev1
...reporting back to you...assuming you're using a router.. (From a command promt, type "ipconfig /all) Does your "default gateway" show that IP address..
Unfortunately, you haven't old us much about your computer or your internet connection..
Desktop or laptop?
Which operating system are you using?
What type of connection? Do you always connect at the same location? If it's a wireless connection, do you have the router firewall enabled? Have WPA (NOT WEP) enabled? Any other security steps you've taken?
If you haven't already, please stop "sharing files with the rest of the world by following the steps in the link below:
How To Stop Sharing Files With The World
And a few other thoughts for a Newbie on the net:
BEFORE Internet: Windows 2000 & XP Need Protection
Why do you think that "Port scan attacks got into my adobe reader"? Port scans are done primarily to gain access to the Netbios systems in your computer.. What happened to make you think Adobe was an issue?
It sounds like you're using AVG Antivirus. (NOT AVG Antispyware?). Is that correct? If so, try scanning with a different tool such as either of the free tools below:
AVG Antispyware 7.5 Tool
SUPERAntispyware Removal Tool
As to the Yahoo accounts being changed and your MySpace being damaged, it's possible someone has been monitoring the account creations or maybe even "guessed" the correct address.. Lots of possiblities here, including someone who may have gain local access by physically installing spy software on your computer..
At this point, if you're using wireless, stop.. Go wired.. And scan the computer with the tools listed above.. You may even want to reformat and reinstall the computer but lets do this one step at a time.
Hope this helps and let us know how it goes.
Grif
A little more than before, a little less than you wanted
by prokofiev1 - 4/16/08 9:20 AM In reply to: That IP Address Is Probably Your Router... by Grif Thomas
At the risk of sounding helplessly ignorant... I dont know if Im using a router, i dont know what a router is. I have a VAIO laptop and use it primarily at two locations. One is a secured linksys wireless connection, the other is an unsecured (not mine) connection.
I did command prompt and the suspected hackers IP address came up (192.168.1.100) and I went to a website that finds your IP address for you and a different one came up.
I dont know what operating system im operating on... some form of windows but NOT the crazy new one.
The only firewall im aware of is sygate and the default windows one
Like i mentioned above im using a secure connection at one loc and an unsecure at another
I followed the link to stop sharing you gave me but didnt find the particular icon under control panel. How vulnerable am I?
I figured it was a port scan that got into my adobe because i had sygate tell me there was one and one of the ports that was attacked was adobe. Then i couldnt delete adobe because it said it was doing something, shortly after i had another pop up from sygate telling me i had an application hijacked.
Im using both AVG anti-virus AND anti-spyware
I have no other options but to use wireless presently.
Whats the score?
-helpless
You Don't Know Which Windows? Please Give Us More..
by Grif Thomas - 4/16/08 10:01 AM
In reply to: A little more than before, a little less than you wanted by prokofiev1
To determine your operating system, RIGHT click on "My Computer", choose "Properties". The General tab screen will show you which operating system you've got running.
"I did command prompt and the suspected hackers IP address came up" What command did you use at the command prompt? As I mentioned earlier, the IP address you have listed is the default gateway of most routers. That's probably what you have detected, not a hacker.
Next, stop using an unsecured wireless connection.. There are a number of ways that unscrupulous folks can monitor computers on such a network.
Your Control Panel settings are probably not set to Classic View. Please open the Control Panel, then click on the "Classic View" link in the upper left corner.. You should now see lots more icons, including the "Network Connections" icon to allow you to turn off "file and printer sharing".
Despite using both AVG antivirus and antispyware, you haven't old us what a full scan with the antispyware found.. And did you install the SuperAntispyware program I suggested and run it? Let us know what it finds.
Unfortunately, Sygate's "Hijacked" messages are NOT always reliable.. It frequently will throw such alerts when a program is accessing the internet.. Adobe will do that when you open a pdf file while on the internet and because of Adobe's Browser Helper Object, Sygate may be incorrectly calling it a Hijack Attempt.. We've seen similar warnings when things like Media Player would load on the internet. I would ignore this particular message.
And to reinstall Adobe Reader, uninstall the old one, then install the new version from the link below. (Uncheck the "Adobe Media Player" if you don't want it.). The udpated version patches some of the previous "holes" that were in the program..
http://www.adobe.com/products/acrobat/readstep2.html
Hope this helps and let us know more.
Grif
Your help is appreciated...
by prokofiev1 - 4/16/08 2:16 PM In reply to: You Don't Know Which Windows? Please Give Us More.. by Grif Thomas
Windows XP Media Center Edition 2002 service pack 2
Good to hear about the IP misunderstanding
What more specifically can these unscrupulous folks monitor???
I have downloaded and used superantispyware and only found cookies... Some other more interesting things I have found are ADS's and MRU's and some other ominous finds I cant recall.
So now im equipped with the following: AVG anti-spyware, AVG anti-virus (free addition), Ad-aware, sygate firewall, MRU blaster, crap cleaner, Rogueremover, and cw shredder... However im on an unsecured connection. I also blocked file and printer settings from my connection as recommended.
How am I doing? Any other suggestions? Im still convinced my firewall detected malicious actions despite your reassurance of them being somewhat commonplace.
Whats the score?
As Long As The Scanning Tools Found Nothing But...
by Grif Thomas - 4/16/08 3:34 PM
In reply to: Your help is appreciated... by prokofiev1
...cookies, then it doesn't appear like anyone has truly hacked the machine.. The ADS (alternate data streams) and MRU's (most recently used) items are items that can be scanned for using the tools you have but generally, it's not an issue.. Instead, since you originally told us about your Yahoo accounts being sabotaged, it appears like someone may be monitoring your unsecured wireless access. No guarantees, but it's possible. As to EXACTLY what they can monitor.. Basically, everything you type into the computer and all sites you vist.. So...follow the advise previously given which is to stop using an unsecured wireless access. Best, secure the unsecure setup. Although not all unsecured networks are like the one in the link below, it happens..(Especially with the "big hotshot science guy who has this huge complex of computer screens in his living room"):
'Evil twin' Wi-Fi access points proliferate
In addition, if you create any new email accounts, be sure to use a completely different username, preferably something complex with a combination of letters and numbers and 8 or more characters.. And use a password of similar complexity.. Create something that can't be "guessed" or cracked easily.
In addition, if you haven't already, make sure you visit the Windows Udpate site and install all the "High Priority/Critical" updates. There are quite a few security fixes in those updates.
Hope this helps.
Grif
The plot thickens
by prokofiev1 - 4/17/08 10:07 AM In reply to: As Long As The Scanning Tools Found Nothing But... by Grif Thomas
Last night i got another port scan and application hijack from my firewall. Not long before that I had walked to the store and when I came back I had 30 some outgoing and incoming's on my firewall log. I went to my add/remove and did a frequently used and found some odd yahoo program with even more odd markings on it like some foreign language. Needless to say I deleted it. I ran virus and anti-spyware and found cookies but nothing to critical.
Im slightly annoyed
That's Normal For A Firewall Log..
by Grif Thomas - 4/17/08 4:18 PM
In reply to: The plot thickens by prokofiev1
Since you're using an unsecured wireless accessed router, your firewall log will record every incoming and outgoing attempt at the internet. As I stated earlier, port scans happen frequently. If I turn off the firewall on my router, I get the same thing on the PC's software firewall. It blocks those attempts so your safe but it still logs them.. It shouldn't be a problem.
As I've already stated , stop using the unsecured wireless network.
You don't mention the EXACT name of the old Yahoo program but I doubt that's an issue.. Still, it's good that you uninstalled it. If it's not being used, then there's no reason for it to be on the computer.
Hope this helps.
Grif
Im unsettled
by prokofiev1 - 4/17/08 6:03 PM In reply to: That's Normal For A Firewall Log.. by Grif Thomas
When i said 30 incoming and out going i forgot to mention it was just for that single minute...i had 30 in and outs for the previous minutes and following. This happened last night never before, and not since. So for a short time last night, i had incoming and outgoing data around 30 times every minute.
The router reassurance you gave me is dissolved. A friend of mine who is tied into my hacker problem has been port scanned and app hijacked as well by the same IP. Also, my friend had the same incoming and outgoing problem last night by the same IP address.
Im SURE im being hacked.
Other than the unsecured signal...what can i do? if anything
You Need To Research More
by Grif Thomas - 4/18/08 11:48 AM
In reply to: Im unsettled by prokofiev1
It's your choice to believe me or not..
Unfortunately, you still haven't given us specifics on any of your findings.. Where is this unsecured network? EXACTLY what commands did you use at a command prompt to find the perceived IP address?
Apparently, you don't understand much about routers and IP addresses.. Almost EVERY router has that same IP address as it's default gateway and set by default. (192.168.1.1) That's why it's saying the same on your friend's router. (The router admin would need to manually change it for it to be something different..) MY router has the same default gateway. So does my neighbor.. So please get off the router thing..
As to the firewall attempt, there are ALWAYS THOUSANDS of incoming port scans and outgoing attempts. That's part of being on the internet. It's not unusual and generally, as long as your firewall is recording them, it's blocking them. I turn OFF all those nag warnings on my firewalls. They become annoying and serve little purpose.
And if your friend has the same Sygate firewall, it will be recording those same app hijack attempts and maybe more.. Once again, not a problem. The firewall is acting as designed because the verbose notification is enabled.
"Other than the unsecured signal...what can i do?"
I've already suggested what you should do about the "unsecured wireless". Don't use it. I won't change that advice.
In addition, I've already suggested other things about your Yahoo accounts. You're already doing everything else correctly.. As you've already found during the various scans you've performed, NOTHING is infecting your computer.. You're simply overly concerned with the firewall warnings.
Hope this helps.
Grif
Honest help --
by blakogre - 4/18/08 7:06 PM In reply to: Im unsettled by prokofiev1I've read this thread, and I'm going to be perfectly honest with you -- you don't know what you're doing. You know enough to be dangerous, but your guesses as to what's going on, are truly pseudo-educated, and you're not providing enough meat for anyone to help you -- just a lot of semi/pseudo educated guesses as to what you think's happening, and what you believe the cause is.
And then you throw a lot of answers at the issue, hoping your shotgun approach will "fix" things.
My background: I've got 15 years of IT experience, and have worked the last several years in security, pen testing, vulnerability scanning, and securing networks that are quite larger than yours, so I'm going to take that experience and give you some sound advice.
1) First: Secure your internet connection at home. Here's how: based on what you've said, it's almost certain you have a high speed connection, and you have a "router" -- this is a device by a company like DLink, Linksys, Netgear, Belkin, and others. Find it. Get the model number. Download the manual. Do the following:
Reset it to factory defaults -- usually there's a small paper-clip sized hole with a button to press in it -- do that. (Get the manual first!)
Turn off your wireless on the router, if it's a wireless router.
Change the admin password
2) Backup important files on your PC. Then, format and reinstall windows. Do not "UPGRADE". Format! and reinstall.
3) Log back into your router. Change the admin password again, because it might've been logged/emailed to a badguy when you changed it earlier.
4) Do a complete windows update/microsoft update, and fully patch everything. Make sure your firewall is on, and set automatic updates to update frequently, and automitically
5) Install antivirus software. Update it. Scan your backed up files. Fix any issues.
At this point, you have a clean system that should stay clean. Next steps.
6) Log into the router again -- enable wireless, and read the manual -- set up the encryption on it (WPA2 only Not WPA or WEP -- if it doesn't support it, go buy a new one that does if you need wireless)
Now -- any security person worth their salt will tell you if a system has been compromised, the *only* way to ensure it's safe/clean is to wipe it and reinstall. No one can guarantee they've truly found all pieces of the infection. So -- that's what you should do. That's what I would do. That's what I advise my clients to do. If you're not sure how to do any step, download and read the fabulous manual, as it will help you out, or google for more info on a step, but after reading your thread, this is my best advice. Don't try to interpret your firewall logs as they're just confusing you. Follow the above, and you'll be in good shape. Though it may be wise to give this to someone who works on PCs alot, and ask for their help.
No offense/insult meant, just shooting straight from the hip, to hopefully help you out.
Mike
Get the hacker
by Ed Cifelli - 4/19/08 12:26 AM In reply to: Honest help -- by blakogreEveryone is telling prokofiev1 what to do about stopping the hacker. But he/she is being very vague about answering some of our questions.
alternative solution. Somewhere in the back of my mind I recall several anti hacker programs that you could install on the computer and let you know if you were actually being hacked as opposed to probed. Trouble is, I haven't even thought about them for a couple of years and don't remember the names of them. Possibly some of our more knowledgeable members might remember them and prokofiev1 could install one on his/her machine to actually see if he/she is being hacked rather than just probed. This might make it a little easier for everyone. So, anyone got a good memory??
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
