Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have I been hacked


  • Please log in to reply
15 replies to this topic

#1 illiadca

illiadca

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 14 March 2011 - 02:01 PM

Hi
Thanks in advance for any info you might have to share with me. My computer info is as follows :
Asus P5Q SE Plus motherBoard
Intel Pentium E6500
Kingston 2 X 2 GB PC2-5300
O/S Windows 7 Ultimate
Wireless network card Broadcom 802.11g
No other added pci cards
My issue started about 7 or 8 months ago my computer completely froze after some time and effort I restarted into safe mode and examined the usual suspects Spyware ,Viruses Chckdisk etc. after a restart into normal mode my computer was reacting very slowly to every click of the mouse. ( example It would take 3-5 minutes forfirefox to open but would close down immediately and open normally every time after that.) This seemed to be the case for about the first 6-8 programs I would open and then the computer would work well for a short time ( 20 minutes or so ) then freeze up solid again. This cycle happenned three times. In the end I decided it was bad blocks on my hard drive and replaced the drive, with a western digital WD2500-AAJS-00L7A0 and then reinstalled Windows everything worked great Then about two months later it started again this time, I noticed That my antivirus Avast had stopped running and my remote access had been enabled ( I keep this turned off ) So I reinstall an anti-virus program "Avira" turn off remote access, all in safe mode I should add it was the only way I could. Do all the normal scans Malware bytes, virus scans and it come up threat free. Once again my computer runs great for about another two months. Computer freezes again and one more time I find my remote access is enabled and antivirus is shut down. I do all the usual things and this time I am getting a little suspicious so I add a key encrypter to my machine. Everything is great until about two months later ( when I say two months I mean 6-9 weeks ) This time my avtivirus is shut down and my media sharing is enabled, I also keep this shut off. It seems each time I turn off these sharing sources I am able use my computer normally again for about two months. Does this sound familiar to anyone or maybe someone can share their thoughts.

I should also mention that I am not new at this we have 5 computers in the house I keep them all maintained and the one I am on is the computer that has been acting this way.

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,613 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:04 AM

Posted 14 March 2011 - 05:50 PM

What I find strange is that you get the freezes. I dont see any reason why this would happen and coincide with services being enabled.

Also how are they getting in should be the first question? Do you have a hardware router in place between your ISP modem and your network?

Do you have port forwarding enabled? If so, to what?

#3 illiadca

illiadca
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 14 March 2011 - 06:27 PM

I am on a wireless network. No I don't have port forwarding enabled and I can't imaging how anyone would get in. That's why I am here I am not even sure that it isn't coincidence but everytime the computer freezes solid like this I find some sharing service started and anti virus disabled( I can only do this is Safe Mode ) those are constants. Thank you for replying by the way I am very new at asking for help here.

#4 illiadca

illiadca
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 14 March 2011 - 06:29 PM

My network is wireless I just reread the question's you asked

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,613 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:04 AM

Posted 14 March 2011 - 07:02 PM

Do you have remote desktop running on any of these systems (would be xp pro, vista pro or better, or 7 pro or better)?

What kind of encryption are you using on your router?

Just trying to map your topology.

#6 illiadca

illiadca
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 14 March 2011 - 07:46 PM

No remote desktop is't running on any computers. I am using WPA-PSK encryption with a complicated password.

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,613 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:04 AM

Posted 14 March 2011 - 07:55 PM

Any unusual ports listening when checking with tcpview?

#8 illiadca

illiadca
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 14 March 2011 - 08:33 PM

I've been checking my wireless router and I am having a hard time finding this. The only ports I am finding open is utorrent ports What I did find is that my time and date was off by one day also I have set the router to only allow changes from this Mac address. I am really starting to venture into things I have no knowledge of.

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,613 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:04 AM

Posted 15 March 2011 - 09:12 AM

Your running tcpview on your computer? It can be downloaded from here:

http://technet.microsoft.com/en-us/sysinternals/bb897437

Also you mention that you have utorrent open on your router or your seeing the ports open on your computer? If router, you do have port forwarding enabled then.

#10 illiadca

illiadca
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 16 March 2011 - 09:26 AM

I have a lot of ports listening on my PC I'll have to take a minute but I am sure I won't know which ones should be there and which ones shouldn't

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,613 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:04 AM

Posted 18 March 2011 - 08:04 AM

Feel free to post your tcpview log. Info here on how to do that:

http://www.bleepingcomputer.com/forums/topic337801.html

#12 illiadca

illiadca
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 18 March 2011 - 08:46 AM

I've just refreshed the log. Here it is:Attached File  tcpview.txt   5.73KB   5 downloads

#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,613 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:04 AM

Posted 18 March 2011 - 05:46 PM

I dont see anything wrong here and wont be able to see anything without a more in-depth analysis of your computer, which can only be done in the virus removal forum. It is possible you have a virus that is disabling your antivirus program. I do find it weird why a virus would enable the media sharing. Then again I dont understand why a hacker would to. My guess is the media sharing is being enabled from a piece of softwar on your computer without your being aware of it and is probably not a concern.

After a freeze, have you checked your event viewer to see if there are any events listed?

#14 illiadca

illiadca
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 18 March 2011 - 07:13 PM

Yes I have checked the event viewer but it did me little good I'm thinking I should wait until it happens again ...If it does and maybe re open the subject then. Right now everything is working great you would never know there was ever a problem. If you have any preventative advice that would be good.

#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,613 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:04 AM

Posted 19 March 2011 - 09:02 AM

I wish I could you some advice, but still not sure whats going. When the problem happens look at the event viewer and let me know what it says.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users