Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

compromised connections


  • Please log in to reply
5 replies to this topic

#1 bluebird100

bluebird100

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 09 April 2012 - 08:01 AM

Hi ,
after a few weeks of scrabbling around sorting out a few perceived sceurity issues with email etc - yesterday I belive I uncovered a big problem and need help please.
Hopefully I'm writing this from a clean machine as I beleive both desktops at home are compromised.
Main PC runs XP and has connectivity via ethernet cable via A bt Home Hub2. Other PC's run through wireless connections off this.
Yetsrday whilst looking at my network connections I noticed something called "Internet GATEWAY" above my LAN icon.
It showed that I had been connected for over 2 days(just over 2 hours for LAN) even when PC turned off and was sending /receiving lots of packets and seemed much faster than my LAN. problem: I click on this & it wont let me disconnect or look at properties / settings - I get a warning to say "connection is currently busy"..............I'm really concerned that this is someone else on my PC - can this be right? how do I resolve it? and is this a matter for the Police?. Surely if its my connection I should be able to view details & edit? I really am concerned.Other symptoms I have noticed - my windows log on "sound" has dissapraed & in event manager - there are no security logs - only one since 2006. PC very slow. Have run SuperAntispyware - no issues having removed a disable security centre option a few days ago. Also malwarbytes found no issues. But I remain convinced something is not right. Really gratfeul for help guys. Am at my wits end. Very garteful for anyones help. I'm assuming my PC and internet connection has been hijacked/compromised. Somebody mentioned that this could be simple as my router + something to do with UnPp settings?. Thanks. Septarelt on other desktop -I keep getting Adobe flasplayer installer pop up - cant detect virus but it keeps cominge every few minutes . Thanks for help.

Edited by hamluis, 09 April 2012 - 04:59 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,541 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:02 AM

Posted 09 April 2012 - 08:49 AM

FWIW: My Internet Gateway is my router.

Sometimes it's reflected on a system...sometimes not...if I had to guess, I'd say that it depends on how the connection wss established or on the motherboard. I have 2 systems...one reflects it, one doesn't. Should be viewed under Control Panel/Network Connections.

Louis

#3 bluebird100

bluebird100
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 09 April 2012 - 01:01 PM

Thanks For response. Something else to ponder regarding this......Today I noticed something I have never seen before a "remote desktop connection" icon in my documents - time created - at about 8pm - yesterday 08/04 when I wasn't on the machine and certainly cant remember updating anything.
I went into control panel/ system /remote and unchecked boxes relating to remote assistance etc. Is there anyway anyone can remotely access my machine? or how would I know if they have?. The sudden appearance of this icon and timingof it has caused me some alarm.

I've deleted it(not removed it) + at present it sits in the recycle bin. I did this as it gives an error when I try to save any settings changes i.e. dont allow access.

Could anyone give me some advice please on what this could be and how I can ensure no one is remotely accessing my pc. (Windows XP / wired ethernet connection via Bt hOme Hub). Ive also set up passowrds on the user accounts on windows now. Thanks.

#4 James Litten

James Litten

    Ԁǝǝ˥q


  • BC Advisor
  • 1,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:12:02 AM

Posted 09 April 2012 - 01:58 PM

Hi

This is a very distressing subject that I have been called for often over the years.

First, I want to help give you some perspective. This is almost always (I mean really close to always) not what you think it is. The problem is that you see these little clues and they add up and in order to try to make sense of them you perceive it incorrectly. Like the other night when I was sure that there was a critter in my garage behind some boxes. I could see its eyes glinting and could make out the shape of its furry body in the shadows. I went and put on jeans, gloves, a heavy coat grabbed a broom and a flashlight and went out to do battle. As a shined the light back into the boxes the critter magically transformed into my 5 year old son's coat and two marbles that he had dropped while climbing the boxes the other day.

Don't panic :)

Some of what you describe is indicative of some common malware infections. I would recommend that you go through the process of getting it checked and cleaned if necessary by going through the process that starts by posting in the Am I Infected subforum here...
http://www.bleepingcomputer.com/forums/forum103.html
Following these guidelines...
http://www.bleepingcomputer.com/forums/topic41987.html

If after you go through the process and are confident that you have a clean computer but still think there is something suspect going on then post here again and we will move on to the next step.

Hope this helps
James

#5 bluebird100

bluebird100
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 09 April 2012 - 04:51 PM

Thank for response. I will take advice...in the meantime...
..one more for you & anyone else: Following on from previous - ', & suspicions about someone remotely accessing my pc I went snooping around my system & went into event viewer etc & then into Local security settings. Never been there before!. Understand a fair bit of it but in User Rights assignments " Access this computer from network " & "impersonate a client after authentication" & several other headings the following appears alongside the usual "users" "adminstrators" etc - what is it:?

* S-1-5-21-3497319662-3801654286-1697624827-1003
Other headings it appears under " Deny Log in Locally" "Deny log in through terminal servers" "log on as a batch job" " log on as service".

I also noticed that in my device driver settings (network adaptor) was set to "wake" against various actions. I was unaware of this. Did this mean that somone could turn my PC on remotely ? or access it if left on overnight?
Can someone give me some clues as to what any of this means ? particularly the long number string above. Thanks
.

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,541 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:02 AM

Posted 09 April 2012 - 04:59 PM

Moved to Am I Infected.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users