|
|
|
|
|
Posted by =?Utf-8?B?RGFu?= on July 22, 2008, 11:31 am
If you were Registered and logged in, you could reply and use other advanced thread options
<snip>
Annie, please take a break. I must take a break as well and start the day
so please don't expect to hear back from me until this evening at the
earliest and it might not even be until Wednesday or later.
It is fine if you do indeed bring your computer in to be repaired but I ask
as a favor to me that you if you are willing to share with us any
unrecognized programs in add/remove programs of the Windows XP Home Control
Panel.
This would make a great test case and it would be invaluable in helping me
and others in diagnosing Internet Attacks. You of course can choose to do
what you would like to do. If you would rather have a friend or techie you
know do this and post here to us then it would be invaluable to me, Microsoft
and actually the whole world. In addition, please contact the Federal
Government about your identity theft. Here is a website to get the process
started.
http://www.justice.gov/criminal/cybercrime/reporting.htm
The reason I had wanted you to run Windows Live One Care was to see how good
a program it is and this would benefit all of us and let us all see how
Microsoft Technology holds up to competitors like AVG 7.5 anti virus program.
You also can run Spybot Search and Destroy to help eliminate baddies and
SpywareBlaster will help inoculate your machine in the future. Please get
these from reliable sources such as majorgeeks.com and you could just Google
Spybot Search and Destroy from majorgeeks to get it. Please click on any of
the downloads available there but watch out for the ads. Anyway, I download
and jump around with my downloading location and everything else to help keep
any potential follower from trying to fix a pattern to my behavior and that
is also where my learning disability helps greatly in not following the
standard operating procedure.
|
|
Posted by PA Bear [MS MVP] on July 22, 2008, 8:01 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Link to your thread: http://aumha.net/viewtopic.php?f=30&t=34821
Annie wrote:
> Dan and PABear,
>
> I ran HJ and posted my logs here...http://aumha.net/viewforum.php?f=30
> The subject is 'Several Programs Opened at Once'.
>
> So far, everything seems to be running OK until I connect to the internet.
> I then get several (!) alerts from ZA saying there are incoming packets.
> The Source DNS and Destination DNS look similar to mine only with 4 added
> numbers. I'm wondering if there's a conflict between ZA and one of my
> programs or if this is part of the original problem. In an earlier post I
> noted there was a suspicious entry...way out of sorts from all the rest.
> This is when all the trouble started. Hopefully someone can figure it out
> from my HJ logs.
<snip>
|
|
Posted by =?Utf-8?B?RGFu?= on July 22, 2008, 9:38 pm
If you were Registered and logged in, you could reply and use other advanced thread options
bottom>
Sorry but I cannot answer these particular questions due to time constraints
on my end. Remember, I am a volunteer like Robear, MVP and Chris Quirke, MVP
but I do not have MVP status because I have not earned it. I just want to
help people.
I must now remain focused in fixing your compromised computer if we can and
I will try but remember this advice is given with a warning that now that
your computer is broken and our final step will be to do a clean install and
so I must ask you "Do you have a retail copy of Windows XP Home?"
We will indeed have to do a complete clean install in the end for the proper
safety and security protocol of a clean install and if you did not have
backups before then Windows Live One Care is a great place to get backups in
the future and you can put them on a few cds or dvds depending on how much
data you have to back up.
Microsoft even will give you a 90 day free trial which you can get after
your computer is working and I actually am currently using Windows Live One
Care on the XP Professional side of my computer and am coming around to the
conclusion that it is great.
I know there are people thinking that I am just pro-Microsoft but if you see
the Biometrics debate in this newsgroup you will see that Steve Riley, MSFT
and myself and Chris Quirke, MVP have radically different ideas as to the
future of computing and software in general and whether or not Microsoft will
take up this great and challenging role and be the light it once was back in
1998 and show us the pathway towards the future because I think they are the
only ones who can do it but I must convince them to change their ways. My
advice for what it is worth:
1. Remove Zone Alarm (compromised and software messed up)
2. Remove Avast (gives too many false positives -- I still do not like it)
What error messages are you getting and are you able to completely remove
this software. BTW, security and safety is now a non-issue since you are not
connected to the 'Net as long as you don't put any more compromised data onto
your pc via a flash drive, floppy disk, cd, etc.
<side note: All Caps is considered shouting and hard on the eyes at least my
eyes --- smile>
|
|
Posted by Root Kit on July 23, 2008, 6:14 am
If you were Registered and logged in, you could reply and use other advanced thread options
>Annie, it is very difficult to discover who hacked you.
Indeed.
>This would include tracing logs and other stuff that Steve Riley, MSFT
>has mentioned in the Biometrics post.
If possible at all.
>For example, a few years back I had Zone Alarm Professional
>and hooked it up to see where port scans were coming from with Windows 98
>Second Edition and did not use a hardware firewall purposely so I could allow
>ZA to track and figure out where hack attempts were coming from and the
>majority appeared to be from China but remember this is back in about 2003 or
>so and so the data is not as relevant today and China was followed by the
>U.S.A. and then followed by Russia.
>
>How does it make you feel that the hacking may have even come from within
>the States?
How does it make you feel that most bad web sites originate from the
States?
|
|
Posted by Root Kit on July 23, 2008, 5:18 am
If you were Registered and logged in, you could reply and use other advanced thread options
>Three days ago, I had RoadRunner (cable internet connection) hooked up. The
>tech turned off both my firewalls and DIDN'T tell me! (Shame on me for not
>checking) Just a few minutes ago, while I was surfing, all my programs
>opened up, one by one.
There could be more reasons for such behavior.
>Was my computer hacked and did someone get all my personal information?!
Impossible to tell from a distance.
>I'm running my virus program right now. What else should I do? Please help.
> I'm a nervous wreck right now!
Okay, let's sum up....
After reading through the entire thread I find no hard evidence that
you have been hacked, but it's impossible to tell from a distance. The
results from Spybot indicate that there are areas in which your
security could improve, though.
If you still feel uncomfortable, I suggest 2 options:
1) Take your computer to someone trustworthy who knows what he's doing
- and I'm not talking about the "tech guy" next door.
2) Revert your machine to a known clean state. This ultimately means
reinstalling from a restore media or eventually flatten and rebuild.
Unless you can get in contact with a very skilled person who is able
to declare your machine "clean", this unfortunately is the only way to
make sure you got rid of the nasty if your machine was in fact
compromised. All this "try this" and "try that" is senseless and may
only remove the symptom.
In either case first make sure to have backups of your important data
and have notes of your usernames and passwords for mails etc. in a
safe place. Also make sure to have all your license codes etc. ready
in case you need to re-install something.
Also, if you do suspect your router may have been hacked, hard reset
it and do the basic router securing (maybe get someone to help you do
it):
* change the default admin password
* make sure any administration access from the WAN side is turned off
* make sure UPnP is turned off
* encrypt your wireless connection with at least WPA and a long random
pass phrase
Then for the future you also need to educate yourself about safe hex.
The most important security measures being:
* Keep your system patched (this is true for both the OS as well as
applications you've installed).
* Use a restricted user account for daily use and use only the admin
account for what it was intended (software installation, configuration
changes and the like)
* Don't run or install software unless you fully trust it. Do not
install software from dubious sources.
* Use robust software and stay away from IE and OE unless you're
running Vista and can run IE in protected mode.
* Don't blindly open / run e-mail attachments.
* Don't click links in e-mails without thoroughly checking them.
* Turn the windows firewall on and stay away from 3rd party firewall
illusionware.
* Configure your router as described already
* Be skeptical and implement common sense.
Such precautions will keep you safe from the vast majority of
problems. There is no such thing as 100% security. You can add a good
anti-malware product as an extra level of protection, but anti-malware
is not something you should ever rely on. No anti-malware can protect
you from yourself.
|
| Similar Threads | Posted | | Attempted Hack? | January 17, 2007, 11:43 am |
| I need a system the U.S. government cannot 'hack' | November 19, 2005, 12:27 pm |
| Event ID 529 Hack Attempts | September 26, 2006, 12:37 pm |
| I'm being threatned by someone who is threatning to hack my accoun | April 9, 2006, 3:40 pm |
| Windows Security Center Hack | April 29, 2006, 1:55 pm |
| RE: Windows Security Center Hack | April 29, 2006, 8:28 pm |
| If you hack a server joined to domain, how much info can you get ? | August 16, 2005, 11:41 am |
| Registry hack to disable password change | December 28, 2007, 11:44 am |
|
|
|
XML site map