Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Hijacked By Remote Access

  • Please log in to reply
No replies to this topic

#1 keepondraggin


  • Members
  • 1 posts
  • Local time:06:24 AM

Posted 02 July 2008 - 08:40 AM

Long story short.............

for 2 weeks Comodo was blocking operating system UDP DHCP. Comodo Firewall Forum told me not to panic that it always does but i need to turn off the log, the problem with that is I never changed my settings so I disected comodo and seen that comodo had been completely changed. All my security settings were changed to allow things and at the same time my wireless had been changed so I didnt even realize I was connected to the neighbors router for who knows how long.

I dug a little deeper and started looking at my programs and I cant remember what i looked at first or why (Ive been staring at code for days on end) but reguardless there was code inside my codes. ie. AutoCad, Chief Architect, Quickbooks etc all had code hidden inside of it and was resorting my programs and breaking them down.

Now that I was angry I ran netstat and Cain and found the unwanted bastard but he logged off before I could get more info on him. So off goes the internet and I began reading, and reading and reading. I cannot fort the life of me find his point of entrance. But I did find an employee manual for users. I am pretty sure the intention was to dump my software online as pirated or something. luckily the QB was a trial and the full version in on USB.

So I have closed all my ports and changed my policies, passwords, etc and I did find a rootkit I believe it was exit.exe but I have not found whatever was dropped in. and I have ran just about every scanner there is with no luck. I also found a user picture in picture accounts called owner.bmp that I can not open. I know its not a picture, if it is its the biggest picture file ever.

Any help would be great I really need to get online again. And if you know any other places that the terminal server info could be hiding - I really want to know who gave me a headache.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users