Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Who or what is hacking me? TCPview, u Torent, Trojan back door


  • Please log in to reply
1 reply to this topic

#1 powleena

powleena

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 04 September 2012 - 07:11 AM

Not sure if you can help me but any advice would be greatly appreciated. My computer knowledge is rather poor and I am sorry if my questions/info are irrelevant or stupid. I suspect my computer has been hacked. The question is by who. My ex who is a program developer and obsessively jealous psycho has had access to my laptop. I was alarmed by his recent bizarre behaviour and it raised my suspicions that he might have access to my email so I started digging. And here we go;

I have found a back door Trojan and Trojan.Spyeye. I am completely aware that these Trojans could be used by an innocent hacker not by my evil ex. Although, a strange thing happened when I tried to download TCPviewer and Process Explorer to investigate further. My laptop went mental and also I could not use the mouse. The cursor was going all over the place the same way when someone from IT connects to my machine at work and trying to take over the control. I opened a notebook and wrote ‘stop it, I know it’s you and I am going to find it all and remove it’, all went kind of quiet, then sort of frozen and then Google Chrome opened itself on a YouTube website with a song ready to play that me and my ex used to like a lot. I use only Explorer, I never use Chrome, I have never played that song on my laptop and it’s an old SKA song. If it had been one of trendy current hits I would think it was an advert. Could it be just a strange Trojan activity? A coincident?

As for Trojans I tried to remove them using Malwarebytes, but still I can see I have some strange looking folders, named with only numbers and subfolders that I cannot open as I don’t have permission.

I tried TCPview and under my local address I have; Localhost 127.0.0.1, private IP address but no sign of my IP address. Also u Torrent seems to be very active, even when closed, after the laptop start up quite a few entries appearing assigned to different remote addresses and at the state ‘SYN SENT’. Later on it sends now and then a packet or two. If I open Microsoft Works an application entries appearing too. Not sure, maybe that’s normal.

I tried to sniff the network with Wireshark but it may be as well in Chinese as I cannot understand any of it.

Any thoughts as to what is going on? Is there any way to find out who and when?

Thank you very much in advance!

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:15 AM

Posted 04 September 2012 - 09:02 AM

Tracing a hacker

If you think your computer has been hacked, investigate for unusual user account names that have suddenly appeared and for open TCP/UDP Ports. There are several standard (common) user account names and ports that are supposed to be there and if you see these accounts or ports, they are typically not a cause for concern as they are most likely legitimate:


Windows Forensics: Have I been Hacked?


Important Note: Using any torrent, peer-to-peer (P2P) file sharing program (i.e. Limewire, eMule, Kontiki, BitTorrent, BitComet, uTorrent, BitLord, BearShare, Azureus/Vuze) or visiting such sites is a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, and exposure of personal information. File sharing networks are thoroughly infected and infested with malware according to Senior Virus Analyst, Norman ASA. As such, it is not uncommon for some anti-virus/anti-malware disinfection tools to detect torrent related files and programs as a threat and attempt to remove them.

The reason for this is that file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. This practice can make you vulnerable to data and identity theft, system infection and remote access exploit by attackers who can take control of your computer without your knowledge. Even if you change the risky default settings to a safer configuration, downloading files from an anonymous source increases your exposure to infection because the files you are downloading may actually contain a disguised threat. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities. In some instances the infection may cause so much damage to your system that recovery is not possible and a Repair Install will NOT help!. In those cases, the only option is to wipe your drive, reformat and reinstall the OS.

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The best way to eliminate these risks is to avoid using P2P applications and torrent web sites.
Using such programs or browsing torrent sites is almost a guaranteed way to get yourself infected!!
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users