Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Someone/something Hijacking My Connection


  • Please log in to reply
4 replies to this topic

#1 keith7878

keith7878

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 14 August 2008 - 12:32 PM

Whenever windows starts up, there is activity on my internet connection (internet icon in bottom right hand corner is lit up)when I've not even done anything or started any application

So I downloaded TCPview and opened the program as soon as windows started

Have a look on my screenshot

http://i237.photobucket.com/albums/ff132/k...connections.jpg

There's a lot of connections being established and being sent from my PC which I suspect is somebody hacking/spying into my connection and sending my data (stealing private information) to all of these remote addresses

Each time this occurs I disable my internet connection to prevent my data sent or intenet connection being hacked further

So Am I Infected? Most probably yes

What do I do? Please help

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:04 PM

Posted 14 August 2008 - 01:54 PM

Your screenshot is blurry and I can't read it.

Are you finding any suspicious processes in Task Manager? When you experience or encounter strange behavior, always check for new, unknown or suspicious processes that may be running on your system.

Anytime you come across a suspicious file or one that you do not recognize, search the name using Google or the following links:
BC's File Database
BC's Startup Programs Database
File Research Center
ProcessLibrary.com
ThreatExpert Malware Search

Most of the processes in Task Manager will be legitimate as shown in these links.
List of common system processes found in XP's Task Manager
Common Processes found in XP's Task Manager
How To Determine what Services are running in Windows XP

Svchost.exe is a generic host process name for a group of services that are run from dynamic-link libraries (DLLs). It is not unusual for multiple instances of Svchost.exe running at the same time. The process ID's (PID's) must be checked in real time to determine what services each instance of svchost.exe is controlling at that particular time. To investigate these processes, see "How to determine what services are running under a Svchost.exe process".

Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. A file's properties may give a clue to identifying it. Right-click on the file, Properties and examine the General and Version tabs.

You can download and use Process Explorer, AnVir TaskManager Free or System Explorer to investigate all running processes and gather additional information to identify and resolve problems. These tools will show the process CPU usage, a description and its path location. If you right-click on the file in question and select properties, you will see more details about the file.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 keith7878

keith7878
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 14 August 2008 - 05:43 PM

When you open my screenshot link the browser automatically minimizes the image to fit the page.
If you hover over the image it lets you magnify it to make the screenshot clearer.

I've right clicked on a couple of these addresses in TCPView and they are located in China, USA and all over the world

I couldn't find anything suspicious in Task Manager

If you look at my screenshot there are a lot of instances of the process 'services.exe:708' which try to receive and send something from my PC.

Its not always services.exe:708, the last time it was services.exe:724

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:04 PM

Posted 14 August 2008 - 06:51 PM

services.exe - Process information

You can investigate IP addresses and gather additional information at:
SamSpade.org Whois
DNS Stuff WHOIS
All Net Tools SmartWhois
Domain Tools
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:04 PM

Posted 14 August 2008 - 06:53 PM

Please download MsnCleaner.zip and save to you Desktop. (in addition to removing infected files, it will remove certain restrictions on your system often disabled by malware.)
  • Extract (unzip) the file to your desktop. (click here if you're not sure how to do this) but DO NOT use it yet.
  • Reboot your computer in "Safe Mode" using the F8. To do this restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A boot menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
  • Double-click MsnCleaner.exe to run the tool.
  • Click the "Analyze" button.
  • A report will be created after the scan and will be saved to C:\MsnCleaner.txt.
  • If it finds an infection, click the "Deleted" button.
  • Reboot normally and post the contents of MsnCleaner.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users