Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VERY serious hack


  • Please log in to reply
15 replies to this topic

#1 faster

faster

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 21 September 2011 - 06:00 PM

First, I want to congratulate and thank bleepingcomputer for its openmindedness about those who still use W98. Other expert sites I've gone to with this extremely nasty problem only seem able to look down their noses at my OS. Probably they are veiling their cluelessness about the problem itself, but I don't appreciate being patronized as some kind of cyber-idiot. Not everyone can run out and buy a new OS. And there are still reasons to retain W98. My "most-needed" PC apps won't work with newer systems. Not to mention the old DOS-based games that the neighborhood kids love so much (not to mention yours truly). I wanted Ubuntu, since I can use both, but can't download it, thanks to the hacker.

I've had the same PC, same OS and same basic programs for YEARS, without these problems. My OS has nothing to do with the hack; they'd nail me no matter what OS I used. It doesn't surprise me that certain kinds of videos online require a newer OS - it's all part of the planned obsolescence thing. These problems transcend that kind of thing.

This is very much NOT a garden variety problem.

Here are some of the symptoms.

The motive here is not so much gain as hate. Their M.O. doesn't require them to be subtle about the harm they're causing; they revel in hurting me, and they want me to KNOW I'm being hit. Their hate is towering, and also relentless. Coupled with their high level of tech sophistication, I'm left helpless.

1. My internet connection is cut off at least once an hour, much more often at times, depending on where I'm browsing.

2. My DSL modem can't "find itself" roughly once every minute. The popup messages I get say it isn't synchronized, but I've done everything the experts say to do to get it to synchronize - in vain.

[The result of just these two problems is that pages don't load, servers can't be found and pages time out routinely. Downloads often fail, but when they don't, they come to me corrupted. Just browsing is a major battle.]

3. My POP mail downloads about 5 e-mails, and calls it done - right now there are over 200 on the server, because I haven't had access to it for months. I had to be called last month to be told my brother had just died. The e-mails didn't reach me.

4. Someone has put an image overlay on all comment text fields on sites that have comment boards managed by disqus - I can't put text into them, so I am effectively gagged. Silencing me is their prime concern; hurting me comes next. There are huge numbers of people who'd gladly help with hacking me, too. It is by no means just one person or a small group. Disqus is probably not culpable, but somebody there is surely involved in this. This is one problem that may have been put on my system or browser, but is more likely aimed at me from the external site.

5. Two months ago, I nearly lost everything on my PC - YEARS of work, scholarly effort, thought and time - poof. All my IRQs, IOs, DMAs and memory numbers were wiped out of my PC, and I had to get a pro to flash my motherboard. It could happen again tomorrow, too, because I have zero information about the things the hackers are doing to me.

6. Many of my settings and configs are arbitrarily changed. I can't deselect "Use NetBIOS over TCP/IP" - and I have never had a need or desire to use NetBIOS. This wasn't cured by a format of C. Something has messed with the "Network" app on my Control Panel, and nothing I've tried to do has stopped it, even extracting the .CPL from the OS installer.

7. Somebody tried to open a .doc file on my desktop containing e-mail addresses and passwords - but it failed, since I hadn't reinstalled Word since the last format from the last hacking. I knew of it when I got an apologetic popup from Windows about it. Their main aim is to cause me harm and to gag me, but I guess they're not above trying to rob me, too. But I keep no vital personal info, except on paper.

8. Both Firefox and IE are affected, but in different ways. I am blocked from updating Windows after a format, even though the updates are still available. I'm also blocked from upgrading virus definitions and other upgrades, such as those for S&D, which upgrades everything but the definitions. Those come back with "bad checksums".

There's a lot more, but these are the most gnawing of my problems.

News sites are particularly hard to access. My registry is glutted with stuff that I can sometimes find manually, but none of the malware apps ever do.

Formatting and reinstalling the OS doesn't rid me of everything, but it does help - very briefly. I need to find the malicious codes on my PC and get rid of them, but no scans I've ever tried have turned up anything but piddly stuff. I can't stay online long enough to do an online scan. They get right past ZA Pro and any other security programs I might have. When I format this time, it'll be back, because I haven't a clue how they got in, or what they infected me with, or where it is on my system. Without that, life will be a constant torment online, no matter what I do.

These people are intensely malevolent haters, maggots of the first order, but with a whole lot of expertise. About as safe as a chimpanzee with an Uzi. Not to mention that they MEAN BUSINESS about hurting me and gagging me online. My only hope is to learn how to thwart them and how to remove their garbage.

So what things could I check out? What are likely methods used by hackers to gain entrance without ever being detected, and how can they be thwarted? What can I do, for instance, to get my network adapter property sheets to give me access to the NetBIOS selection again? Formatting did no good there.

HOW was the hacking done? How can I undo it? How can I keep them from hacking again? THESE are my concerns.

I'm out of my league here, as are most sites which have "experts" to help the public with their PC woes. They aren't nearly expert enough for this. This is hacking, at its cutting-edge best.

Please help!

BC AdBot (Login to Remove)

 


#2 Eyesee

Eyesee

    Bleepin Teck Shop


  • BC Advisor
  • 3,541 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:In the middle of Kansas
  • Local time:05:43 PM

Posted 22 September 2011 - 12:15 PM

Hello and welcome to the forum!

I have read your entire post with interest.
My question becomes why would anyone want to hack into a Windows 98 system these days when there are so many other newer systems out there?

Unfortunately you do not have many options left in the way of Antivirus and malware software that still work with 98. To my knowledge, the only remaining programs are Clamwin Antivirus and SpyBot Search and Destroy. Are you running either of these?

What version of Zone Alarm are you running? According to OldApps the last version of Zone Alarm that worked with 98 is version 9.0.083 and is 2 years old.
My experience with software firewalls is that when presented with a popup dialog box most people dont now when to say yes and when to say no. They invariably say yes to everything which defeats the purpose of the software.

I think what I would do in your situation is this:
Fully backup all your personal information.
Use FDISK to delete and recreate the partition. Then reload the system clean. This ensures a pristine cop of Windows.
Avoid the Disqus software (if any) and website if that is where you suspect the problem is coming from.
Use a hardware firewall instead of software. Any router has a firewall built in that should (in theory) make you invisible on the net.

Just my 2 cents.
In the beginning there was the command line.

#3 faster

faster
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 22 September 2011 - 07:32 PM

If this comes thru twice (or more), my apologies; my browser timed out. It didn't seem my reply got sent. This is my fourth try. I have to pump the "refresh" button on my DSL modem's interface when it "gets lost," so I can keep a few bytes moving - it only works sometimes. It goes on and off like clockwork about once a minute. I've been trying to make this reply for the past two hours. I'll keep it up, though.

Maybe most hackers are enjoying the fun of tearing into new operating systems, but MY hackers don't care what I'm running. They hate ME because of the things I say online, and are in deadly earnest. I'm a scholar of the very subjects which are important to them to lie about. I have to be gagged. And, of course, hurt as badly as they can arrange.

When I started calling out their lies online, I already knew they'd attack me. The way I call them out is in a way that they can't argue with, because they themselves acknowledge the authorities from which it comes. So I have to be stopped.

I prepared as best I could for them. I keep no personal info on my PC. But if they can read what I write in .txt files, they'd only become more determined to stop me. We're talking "relentless" here.

I remember mentioning that these hackers are motivated by hate.

I did try to download Clamwin - it arrived. Corrupted.

I've had Spybot a long time, but after formating C, it won't download the upgrades for the definitions. It will upgrade the program itself and other piddly stuff, but not the "meat" that I need most of all. "Bad checksums," it says.

HijackThis doesn't come up with anything I can recognize as suspicious. I also use an old AdAware Pro.

ZoneAlarm Pro is version 4.5.538.000. Yes, I know it's old, but won't upgrade to 9.0 without money. Getting a newer one is just as cost-prohibitive as buying a new OS. I'm stuck with what I've got for a while.

I've tried NOT to say yes to everything, but it doesn't change the fact that those popups don't give enough info for me to know the maggots from the good guys. It usually automatically blocks about 30-50 access requests each session online, but when I'm at a place where THEIR subject is involved the number quickly exceeds 500 (the maximum S&D can block).

I can avoid the sites that are served by disqus, but it'd be difficult to change my homepage. I don't have any certainty at ALL that disqus is behind most of my hack problems; just that image overlay on comment text fields. Maybe somebody there IS responsible for it all, but somehow I don't think so. This is almost certainly a joint effort, with more than a handful of experts involved, in varying capacities.

I have notified disqus, and received a thoughtful and concerned reply, but they were loyal to their small group of employees, unable to believe any of them capable of such a thing. The loyalty is admirable, but not the denial. I asked them to look deeper into it. After that, though, one change DID occur. I could now put my cursor into the field. But couldn't type a darned thing. No real change.

These people have at their disposal an almost unlimited supply of "helpers." It's not a good spot for me to be in.

If I could read geeky-type stuff in logs, scripts, cache files and such, I might find the fly in my ointment, but I'm no geek. I wish someone had a translation program to translate into understandable English those geeky symbols that are used so much in software. It gives hackers and virus makers a place to hide stuff.

What I do is to clear all my caches after every session online.

Something regularly changes the time/date info on a bunch of java files, making my java inoperable. There's so much more, though.

I have looked at FDISK in the past, and it is totally intimidating. I wouldn't know WHAT to do with it. I just know it is powerful, and that failure to use it properly can ruin your PC. I have plenty of hard disk space for a partition, but even if I could MAKE one, I wouldn't know how to work and live with it. I'll talk to my local expert about it. He's good but no pro about hacking.

Besides, even with a pristine install of Windows, it'd probably be attacked the very moment I go online with it.

I've heard that a router could help, but come up against the cost - again. I think I will get one, as soon as I can swing it. I'm old, extremely disabled, and live exclusively on SS in Mexico - barely getting by. But I am also a scholar on several subjects, and I can't keep quiet on this one. To do so I'd need a heart made of stone.

You're sweet to try to help. Sweeter for not dissing me about W98. Your suggestions offer some genuine help, too. I fear that my only real hope, though, is to find their codes and remove them, then find a way to see them coming next time so they can be blocked.

Your suggestions are excellent, but defensive. I want to take the offensive stand of clobbering their codes, with knowledge of what they are, how they get in and how to thwart them. That way, they can keep throwing them at me and I can keep trashing them. Make sense?

I'm already backing up data I don't want to lose, mostly my documents and favorite software - I don't have personal stuff on the PC. Then I'll format C - again - but it's only a partial respite, and that, only briefly. They'll be right after me again, like a fox after a goose.

Thanks. You're a prince.

Your reward; today's giggle.

Sign in a posh Acapulco resort: "For the benefit of our guests, you should know that all water consumed on these premises has been personally passed by our administrator."

#4 Drovers Dog

Drovers Dog

  • Members
  • 1,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane, Australia
  • Local time:08:43 AM

Posted 22 September 2011 - 08:30 PM

Welcome to BC, Mate. Wonderful to see your sense of Humour.

This may help you in understanding Fdsk? It is very very detailed, and in simple language.

http://support.microsoft.com/kb/255867

We are always here to Help.

Ray.
What ever you give to others, you will get back doubled, Just make sure you only give Nice Things?......DD saying

There is a saying, "You just can't make a silk purse out of a sow's ear" it means "to be happy with what you have and not look for the impossible"......DD saying

The "Spirit" of the people who died, on that terrible day 9/11 will NEVER REST until such time as the "Imbeciles" that caused it, are eliminated through out the World.....DD saying

What is a Dog?

#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:43 PM

Posted 23 September 2011 - 01:43 PM

I do not think that you are hacked at all. The issues you are describing is very closely related to failing hardware, because you said you had to take your computer to a "PRO" to get it flashed to restore the "IRQ's, I/O, and DMA" settings. That was a BIOS Flash. Your other issues such as random dealings with corruption and the inability to perform certain tasks closely resemble memory going bad and hard drives going bad. You have very old hardware, because hardware made in the last 8 years will not run on anything but Windows 2000 and greater. Can you please tell us what kind of hard drives you have, and also perform the following:

How to Test your RAM



Guide Overview

The purpose of this guide is to teach you how to check whether your system's RAM (Ramdom Access Memory) is working properly. Bad RAM can lead to a whole host of problems, often which do not appear to have a single cause -- appearing as systemwide glitches, blue screens, and other system trouble. MemTest86+ provides a very good detection mechanism for failed RAM, and is about as good a test you get short of actually replacing the module itself.

Tools Needed
Please perform these steps from a separate, working, machine.Perform these steps on the problem machine.
  • Put your CD in the drive and configure your machine to boot to the CD. This is different on all machines, but it's usually by pressing F12 or F10 as your system boots, and selecting either "CDROM" or your cdrom drive. If you are unable to force a CDRom boot, reply with the make and model of your machine and I should be able to get you exact instructions.
  • If you've done it correctly, MemTest86+ will start to run automaticly, as shown below:
    Posted Image
  • If you want to be reasonably your RAM is OK, then allow MemTest to run until you see this message:
    Posted Image

    On the other hand, if you want to be completely sure your RAM is OK, allow MemTest to run overnight. Memtest will run forever until power is pulled on the machine.
  • Check the MemTest screen for any reported errors. Errors will appear as RED warnings at the bottom of the screen, similar to the following screenshot:
    Posted Image
  • Hard-Reset the machine, removing the MemTest disk in the process.
If you didn't get an error screen, Congratulations! :)

Compliments of Billy O'Neal.

This will tell us 2 things, the status of your memory and the brand of hard drive so you can run the hard drive diagnostics.

Also just to inform you many of the technologies out there that require newer OSes do so because of what they have to offer, and is in no way related to "FORCING" you to upgrade to a new operating system. I have Windows 7 and can play all my old DOS based games like Doom without any issues due to DOS Box. I am also forced to use new applications due to my educational and employment requirements.

It is my opinion that one should use what they are comfortable with, and if others try to force their opinion on you and are unable to help out another computer user they are truly selfish.

I would still be using Windows XP, but due to school being primarily on Windows 7, I am using Windows 7.

#6 scurvychef

scurvychef

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Western NY
  • Local time:05:43 PM

Posted 04 October 2011 - 09:44 PM

I have often pondered a virtual drive within an OS as being potentially more secure than one OS. Since you are already Ubuntu Savy, try to go to the Software center and download an iso mounter and create a virtual drive for Win 98 within Ubuntu. This would give your beloved 98 with all its goodies on a drive nestled safely within a Unix file system. I have not tested the firewall stability of this theory but I know it is possible to run a virtual drive with another OS install. I have no reason to do this myself because I am partial to Linux, but I would be curious to see if it worked for you.

Just curious: since the problems start from the modem and work their way in... are you using a static IP address.. It has been a long time since I have used Win 98 but I imagine there is a setting to change your IP settings.

#7 scurvychef

scurvychef

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Western NY
  • Local time:05:43 PM

Posted 30 October 2011 - 10:25 PM

Okay, so... stupid me: there is already an app in the Ubuntu software center for a virtual drive. It is called Virtual Box. you can run Win 98 inside of Linux with it. :wink:

#8 credd

credd

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:43 PM

Posted 02 November 2011 - 10:13 AM

I might be a little late on this post but did you try Malwarebytes? Running that might cleanup the crap in your comptuer. Also, did you check with your ISP if your internet connections is running correctly. Many years ago i thought my machine was infected so i formatted and re-installed everything. It lasted 1 week until i noticed my internet slow again. It ended up being my phone wiring in my house that was faulty and not sending the signal to my router.

#9 Eyesee

Eyesee

    Bleepin Teck Shop


  • BC Advisor
  • 3,541 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:In the middle of Kansas
  • Local time:05:43 PM

Posted 02 November 2011 - 01:33 PM

MalwareBytes is XP and greater only.

Only antivirus/malware pograms that I know of that still work with 98 are ClamWin, SpyBot and CWShredder.
In the beginning there was the command line.

#10 faster

faster
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 07 February 2012 - 08:45 AM

I am very pleased to be able to report that, while I am still being hacked, some of my problems were not from that source. Recently, my ISP sent a technician to all the homes using the internet in my area and replaced the old copper lines with fiber optic. Wow! What a difference! I'm supposed to pick up a new modem, but even the old one works, and I'm not disconnected several times a minute - it synchronizes beautifully now.

There are still some problems. My INETCPL.cpl file is tampered. But my main grief is still coming from the overlay that looks like a text field, but is merely an image of it, with the result that I can't comment. I have this on every site where comments are managed by disqus, and not on any other kind. They said nobody in their firm would consider doing it, but the one thread common to all sites with this problem is disqus. I'm starting a new thread, rather than continuing here.

I want to thank the responders. They helped me find Clamwin, among other things.

And again, THANK YOU, bleepingcomputer, for accommodating us W98SE users. It's because of their generosity of spirit that I trust this site very much.

Oh, and never forget what an old general once said: "Never pass up a chance to piss."

Y'all have a good one.

#11 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:43 PM

Posted 07 February 2012 - 11:27 AM

There are still some problems. My INETCPL.cpl file is tampered. But my main grief is still coming from the overlay that looks like a text field, but is merely an image of it, with the result that I can't comment. I have this on every site where comments are managed by disqus, and not on any other kind. They said nobody in their firm would consider doing it, but the one thread common to all sites with this problem is disqus. I'm starting a new thread, rather than continuing here.



can you provide a screenshot of such tampering? Disqus is a commenting software suite that is in use by various sites, and requires logging into to post information or comments to sites. I have been using Disqus at several sites, and it is perfectly safe. So please show some screenshots of your issue.

#12 faster

faster
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 08 February 2012 - 03:23 PM

I do know what disqus is, and what services they perform. They do have a good reputation on WOT, too. When I wrote to CNN about this, I got no reply. Disqus did reply, very courteously, but said it couldn't have been done by their people. Odd, though, because at that time I could not even put my cursor in the field. After getting her response, I could put the cursor there - and nothing more. Something changed, but not what I needed changed. I have nobody to blame yet, other than the fact that disqus is involved somehow, knowingly or otherwise.

Disqus is involved, though, since only disqus-managed text fields - all over the web - are like this. All others online work fine, so the connection is inescapable.

I can't show the tampering itself in a screen shot. It may be revealed in the files I've just made, though only you have the expertise to analyze them. It may not be there; it could be some kind of "bot" put on my PC. I am totally in the dark.

I do know that these text fields have always worked perfectly for me. Until they stopped doing so. It's been well over a year since that happened. Reinstalling Firefox didn't help, not even after formatting C.

I have saved what I can of any attributes pertaining to the text field I was referring to. As of right now, they still don't work.

The page source is the file "index.html".

I couldn't save the Page Info because it has a series of tabs. Under the "Security" tab, though, it says, "Web Site Identity Not Verified". Which strikes me as very strange. You'd think they'd know THAT much at least. The tabs are General, Forms, Links, Media and Security. I have no ability to copy or analyze this stuff. If you know of a way I can save this to disk, I'd be glad to send the whole thing. I see no way it can be done.

The page I was on when I made the copies is:
http://www.edition.cnn.com/2012/02/07/world/meast/syria-assad-power/index.html?is_LR=1

If you logged on and went to it, I'm sure the text fields would work fine. I feel sure it is tagged to me somehow. Through my IP address, perhaps? There are lots of other peoples' comments, so it isn't systematic for one and all.

You'd probably have to sit at MY computer and try to access the field. Then you would have the same problem I have.

Then I saved the frame itself to disk. It is a file, "reply.html, and a folder, "reply_files", which contains the java file "lib.js". I don't know why it is called "reply," because the field was not an attempt to reply to a commenter but to make an original comment - for what that might be worth to you. But whether an original comment or a reply to one, the problem is the same. I can put my cursor into it, but can't type or paste anything.

Will these be what you need? If I simply sent a screen shot of the page itself, it would look fine. It only reveals that it is an image rather than an active text field is when I try to type or paste text into it.

I have put them all into a folder called "Text Field."

How shall I send them to you? As that folder, or as a .zip? Would that be safe for you? I won't send anything without permission.

Thanks for helping.

#13 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:43 PM

Posted 08 February 2012 - 04:04 PM

It saves as reply due to the fact you are replying to the entire discussion.

Posted Image

Is the same page. This will sometimes occur on sites that use certificates without valid domain again its perfectly legit.,

The issue with Disqus is that is better to be used on modern browsers like IE7 and above or the equivalent

I would need a screenshot to show me what you are "explaining as a serious hack" other wise what you are describing is typical website and internet behavior. You are not being hacked or targeted by any such network. Your IP was probably changed via the new modem installation.

#14 faster

faster
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 08 February 2012 - 06:23 PM

My Page Info Security tab doesn't look remotely like that one. Probably because the highest Firefox version I can use with W98SE is ver. 2.0.0.20.

May I upload the files I mentioned? And if you can tell me how to make a screenshot, I'll include it. But even when I look at it, it looks fine, until I try to USE it.

I've never made a screenshot before.

Please let me know what you'd like me to do.

Thanks again.

#15 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:43 PM

Posted 08 February 2012 - 06:32 PM

alt+prnt scrn open up mspaint click edit then paste save file as jpg then upload to http://www.imageshack.us. You can upload the files to http://www.rapidshare.com.

It could also be the limitation of your Operating System.

Edited by cryptodan, 08 February 2012 - 06:33 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users