Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Im Hacked?


  • Please log in to reply
9 replies to this topic

#1 annabackwards

annabackwards

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:12:13 PM

Posted 31 August 2007 - 05:32 AM

Please help!!!!

I'm getting someone trying to access my browser (either Firefox or Internet explorer, which ever i'm using) remotely

The IP address was at first 203.2.75.132, which happens to correspond to BC's old domain

Now its 216.213.19.27, which seems to be my provider, but its trying to use explorer.exe to connect to the net.

I've just reformatted my computer and reinstalled XP.:thumbsup:

Is it a hacker? Coz i scanned with avira, spybot and SUPERAntispyware and it came up blank.

My HJT log also seems perfectly normal, hasn't changed since it was last pronounced clean (a few days ago)

Please help!!!
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

BC AdBot (Login to Remove)

 


#2 jwinathome

jwinathome

  • Members
  • 1,360 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, Georgia
  • Local time:09:13 PM

Posted 31 August 2007 - 07:06 AM

216.213.19.27 is Bleeping Computer.

Question...do you have any streaming anything installed on your computer? Webcam, music service, etc etc?


Also, check to make sure explorer.exe is in the C:\Windows location. If elsewhere, then start to worry. :thumbsup:

#3 annabackwards

annabackwards
  • Topic Starter

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:12:13 PM

Posted 31 August 2007 - 07:16 AM

Ok update:

msnmsgr.exe just tried to access the net using firefox , IP: 127.0.0.1, POrt: 227 -TCp

No i dont have any streaming software, no webcam, nada

The only music service i have is the default media player, and the Nero suite.

Looking at Comodo, svchost seems to be taking up 72/73% of my internet traffic

Now

C:\WINDOWS\explorer.exe has modified the User interface of iexplore.exe by sending special Window messages. Any program trying to modify another program using this method may be a sign of trojan activity.

Says Comodo. IP:203.2.75.132 Port : dns(53)-UDP

So yh, explorer.exe is in the right place.

Thanks for helping...Any ideas?
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#4 annabackwards

annabackwards
  • Topic Starter

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:12:13 PM

Posted 31 August 2007 - 07:20 AM

Ok now, C:\WINDOWS\explorer.exe has tried to use wmplayer.exe 203.2.75.132 port: dns(53)-UDP to try and access the net

I just clicked Deny (with remember my decision)

Please help....it seems like either someone is determined to try and hack my comp, or a very smart malware program
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 AM

Posted 31 August 2007 - 07:35 AM

I don't think you are being hacked. I think the problem is that you have not set the Comodo rules correctly in the Application Monitor or Network monitor, which is why you are getting these alerts.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 jwinathome

jwinathome

  • Members
  • 1,360 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, Georgia
  • Local time:09:13 PM

Posted 31 August 2007 - 08:50 AM

I think this is fairly common for wmplayer to be accessing the internet.

I wouldn't worry about it. Just figure out how to configure the firewall.

#7 annabackwards

annabackwards
  • Topic Starter

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:12:13 PM

Posted 31 August 2007 - 07:20 PM

I kinda figured.....

If i disable Comodo, everything seems fine. If i don't, i can't really access the net.

It says i have 'limited' connectivity.

Thanks for the replies. I'll just allow all Comodo thingies and hoped i really am not
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#8 buddy215

buddy215

  • Moderator
  • 13,254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:13 PM

Posted 31 August 2007 - 08:11 PM

You have a few options in WMP to control it from looking for updates. Open WMP and click on tools. Choose the player tab and select once a month for updates. Choose privacy tab and uncheck "update music files from internet", uncheck "send unique Player ID to content providers", uncheck "I want to send player usage data".
Click apply/OK
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 annabackwards

annabackwards
  • Topic Starter

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:12:13 PM

Posted 31 August 2007 - 08:19 PM

Thanks for the tips, buddy215 :thumbsup:

Everything seems ok now
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#10 annabackwards

annabackwards
  • Topic Starter

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:12:13 PM

Posted 01 September 2007 - 11:28 PM

This may be another false alarm on my part....but firefox.exe just tried to connect to the net using wWindord.exe(microsoft word)

It used port DNS(53) and was rated highly suspicious by Comodo.

I allowed it anyway........is this a bad omen?
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users