HELP please – I think my computer’s been sabotaged!

[websitedeveloper]

Start -> Programs -> Accessories -> DOS

(I'm using a non English XP and the above words maybe a bit different to yours as I translated them, but that's the shortcut to the DOS prompt)

 

[Beachie]

Start -> Run

Type "cmd" and click the OK button

 

[DomainQuay]

Thanks guys!

Geez, it was right in front of me - :emba:
Shows how non-functional I am at 1 in the morning!

Ok, Beachie - I pinged Symantec and got 69.44.114.47
So it's not NetSky?

Joni

 

[Bizarre]

Thanks guys!

Geez, it was right in front of me - :emba:
Shows how non-functional I am at 1 in the morning!

Ok, Beachie - I pinged Symantec and got 69.44.114.47
So it's not NetSky?

Joni

That Symantec IP is weird. Check it out: http://69.44.114.47/.

As has been said above, backup your data and format. In the long run it'll be better (less hassle, etc.).

 

[DomainQuay]

Hi Bizarre,

You're right! That Symantec IP is weird!!

And I think you (and everyone else who suggested it) are right about reformatting the drive too! I've been resisting doing it, but at this point, it does seem to be the only way to really be rid of whatever is causing these problems.

I'd like to express my gratitude to everyone who tried to help me:

Clicknow.to
Freestyler
RMF
MediaHound
Beachie
Bizarre

I really appreciate your taking the time to make suggestions, and your patience in dealing with my ignorance!

I'm signing off now to go reformat my hard drive!
If all goes well, I'll be back later today...

Thanks again to everyone!

Joni

 

[DomainQuay]

Well, this is taking much longer than I expected!!!

RMF, MediaHound, and Beachie -
You all were right about the hard drive - I did end up replacing it. (But of course, not until I had tried to format it about a dozen different times unsuccessfully!)

But it turns out that in addition to having my computer hacked into, AND having a failing hard drive, I ALSO had a bad operating system disk from Dell!

So, right now we are waiting for Dell to send us a replacement...

And I'm at my best friend's house, on her computer, trying to catch up with 2 weeks worth of forum news!

I miss you guys!

Joni

 

[MediaHound]

We miss you too.
Good luck with the hardware. We'll be here in cyberspace when you return.

 

[DomainQuay]

Hi everyone,

My computer is FINALLY back up and running again!!!

This whole thing turned out to be a much bigger ordeal than I ever would have expected! But at last, everything seems to once again be working properly! (I've never been so glad to see events show up in my firewall's log!!)

Thanks so very much to all who shared suggestions and support!

It's SO good to be back!!!!!!! arty:

Joni

 

[garyo]

Hi DomainQuay

Nobody asked but what operating system & firewall are you using??

 

[DomainQuay]

Hi Garyo,

Welcome to dnForum!

To answer your question, my operating system is Windows XP and my firewall is McAfee's Personal Firewall Plus, with the security level set to "Tight".

Update:
I've been checking the event log very frequently now that things are working again, and am shocked to see that my computer is receiving an average of 5-6 hits a minute - not counting pings!! And I'm on dial-up, too!!!

Also:
Don't know if this info might help someone else down the line...
Before I deleted the partition on my hard drive in preparation for reformatting it, I checked to see which ports were active, and found three listed that weren't shown before, nor are they shown now:
3001, 3002, 3003

I don't know if this will mean anything to someone who knows computers more than I do (not hard to do!) but maybe it will help someone else at some point!

Joni

 

[garyo]

Hi There

Ok Microsoft XP what service pack are you using if it is service pack 2 it will switch itself on so you have two firewalls running which does cause a problem. I have also found with service pack2 that it will sometimes need a default reset on the firewall to be able to connect to an isp. I believe this also happened on service pack1 but it was not so helpful on what you could do. I presume inherant problems do continue to a certain degree between service packs.

Typical trojans that can attack your three ports stated are below:-

Port 3000: HBCI - HBCI, RAT: Remote Shut, Theef, Xuegi, Izram
Port 3001: REDWOOD-BROKER - Redwood Broker
Port 3002: EXLM-AGENT - EXLM Agent

obviously by you reformating & reinstalling you have set default setup make sure you do not have two firewalls running. If you startup several programs when you first log on try a startup delayer to stop conflicts which can happen.

If your worried about trojans or worms checkout:

http://tds.diamondcs.com.au/

They have some good reasonable priced products (I am not an affiliate) that actually work.

Gary

 

[DomainQuay]

Hi Gary,

The Dell operating system disk I used says it includes "Service Pack 1". But I do allow the Microsoft updates to be installed. Would that cause the conflicts you mentioned?

How can I tell if anything has invaded my computer - Spyware, Trojans, whatever?

And by the way - Happy Birthday!!!

Joni

 

[DomainQuay]

Hi again Gary,

I just checked and I do have Microsoft's "Internet Connection Firewall" turned on for my dial-up connection.
Maybe that's what you meant, and I should turn it off?

Thanks for your help!

Joni

 

[garyo]

Hi again Gary,

I just checked and I do have Microsoft's "Internet Connection Firewall" turned on for my dial-up connection.
Maybe that's what you meant, and I should turn it off?

Thanks for your help!

Joni

Hi

Thanks for the birthday message... arty:

Yes two firewalls would cause a problem.

Check system properties to find out what service pack your running but if its service pack 2 you would see a couple of firewall options in your control panel.

Spyware - Adaware by lavasoft is a good program they do a free version.

As I said try TD3 for trojan checking & protection.

Anyway your now sorted which is the main thing.

Gary

 

[DomainQuay]

Hi Gary,

Hope you had a great B-day!

Thank you for all the info you've been providing! Between this thread and a few others, I've been learning quite a lot!!

I can see that I need to supplement my firewall by adding spyware and trojan protection, at least!

I also just got the book "Hacking Exposed: Network Security Secrets & Solutions, Fourth Edition" by McClure, Scambray, and Kurtz. Although I don't have a network, I'm hoping to at least learn more about hacking in general, and maybe turn up additional ways I can protect my computer!

Thanks again for all your help!

Joni