Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hacked previously,Am I still Hacked or what


  • Please log in to reply
2 replies to this topic

#1 naubahi

naubahi

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 14 November 2015 - 06:30 AM

I was hacked on previous laptop on windows xp. Now I changed my intenet provider and also have resinstalled windows 8 on another 2nd laptop for windows 8. But I believe I am still being hacked. In previous experience, with windows XP, I had traced an internal IP(Say in shared rental situation) and caught incoming connection on zonealarm. But the person reversed the zonealarm attacks saying going from me to other computers(WIn xp). And also, I had put a text file on windows XP of the internal IP Address putting title unauthorized access,and when I opened it few days later, it rather had my internal IP Address(192.168.XX .XXX.).. while going to one of the foreign address, it opened up the pic of shared rent person. But on another time, I found a virtual switch on laptop of another shared rent person in other room. Now I have windows 8. I am not broadcasting my SSID but still have problems of strange things happening.
Here is the netstat command. I am not that computer savy at present and please need help as I believe I am still being hacked and my identity and financial accounts may be in danger. Please help guide. I do have the norton internet security installed and live in ca.

Proto  Local Address          Foreign Address        State
TCP    192.168.1.101:50487    r3:https               ESTABLISHED
TCP    192.168.1.101:50491    pr:https               ESTABLISHED
TCP    192.168.1.101:50493    ne1onepush:https       ESTABLISHED
TCP    192.168.1.101:50860    pr:https               TIME_WAIT
TCP    192.168.1.101:50861    ne1onepush:https       TIME_WAIT
TCP    192.168.1.101:50864    l1:https               ESTABLISHED
TCP    192.168.1.101:50865    r2:https               ESTABLISHED
TCP    192.168.1.101:50868    a23-211-9-60:https     ESTABLISHED
TCP    192.168.1.101:50870    a23-59-197-231:http    TIME_WAIT
TCP    192.168.1.101:50875    rtr2:https             ESTABLISHED
TCP    192.168.1.101:50876    nuq04s30-in-f46:https  ESTABLISHED
TCP    192.168.1.101:50877    nuq04s30-in-f45:https  ESTABLISHED
TCP    192.168.1.101:50878    beap1:https            TIME_WAIT
TCP    192.168.1.101:50880    nuq04s19-in-f25:https  ESTABLISHED
TCP    192.168.1.101:50896    sa:https               TIME_WAIT
TCP    192.168.1.101:50897    sa:https               TIME_WAIT
TCP    192.168.1.101:50898    sa:https               TIME_WAIT
TCP    192.168.1.101:50899    ec2-50-19-233-239:https  TIME_WAIT
TCP    192.168.1.101:50900    ec2-54-187-111-93:https  TIME_WAIT
TCP    192.168.1.101:50901    sa:https               TIME_WAIT
TCP    192.168.1.101:50907    nuq04s18-in-f26:https  ESTABLISHED
TCP    192.168.1.101:50910    nuq04s18-in-f27:https  ESTABLISHED
TCP    192.168.1.101:50911    csc-beap:https         TIME_WAIT
TCP    192.168.1.101:50912    a104-68-109-48:https   ESTABLISHED
TCP    192.168.1.101:50913    a104-68-109-48:https   ESTABLISHED
TCP    192.168.1.101:50914    csc-beap:https         TIME_WAIT
TCP    192.168.1.101:50915    csc-beap:https         TIME_WAIT
TCP    192.168.1.101:50916    csc-beap:https         TIME_WAIT
TCP    192.168.1.101:50923    ne1onepush:https       ESTABLISHED
TCP    192.168.1.101:50924    pr:https               ESTABLISHED
TCP    192.168.1.101:50926    pr:https               ESTABLISHED
TCP    192.168.1.101:50927    ne1onepush:https       ESTABLISHED
TCP    192.168.1.101:50928    ec2-54-187-111-93:https  CLOSE_WAIT
TCP    192.168.1.101:50929    r1:https               ESTABLISHED
TCP    192.168.1.101:50930    ir1:https              ESTABLISHED
TCP    192.168.1.101:50931    a184-25-56-52:http     TIME_WAIT
TCP    192.168.1.101:50935    pr:https               TIME_WAIT
TCP    192.168.1.101:50936    sa:https               TIME_WAIT
TCP    192.168.1.101:50937    sa:https               TIME_WAIT
TCP    192.168.1.101:50938    sa:https               TIME_WAIT
TCP    192.168.1.101:50943    csc-beap:https         TIME_WAIT
TCP    192.168.1.101:50944    nuq04s19-in-f27:https  ESTABLISHED
TCP    192.168.1.101:50946    storage6-l3:https      ESTABLISHED
TCP    192.168.1.101:50951    storage1-l3:https      ESTABLISHED
TCP    192.168.1.101:50955    yts2:https             ESTABLISHED
TCP    192.168.1.101:50956    a104-68-109-74:https   ESTABLISHED
TCP    192.168.1.101:50958    lax02s21-in-f4:https   ESTABLISHED
TCP    192.168.1.101:50959    gd:https               ESTABLISHED
TCP    192.168.1.101:50961    a96-6-122-169:http     TIME_WAIT
TCP    192.168.1.101:50962    a96-6-122-169:http     ESTABLISHED
TCP    192.168.1.101:50963    beacon:https           ESTABLISHED
TCP    192.168.1.101:50964    a23-212-52-136:http    ESTABLISHED
TCP    192.168.1.101:50965    a23-212-52-136:http    ESTABLISHED
TCP    192.168.1.101:50966    a23-212-52-136:http    ESTABLISHED
TCP    192.168.1.101:50967    host-119-252-148-17:http  CLOSE_WAIT
TCP    192.168.1.101:50968    host-119-252-148-17:http  CLOSE_WAIT
TCP    192.168.1.101:50969    a184-25-56-84:http     ESTABLISHED
TCP    192.168.1.101:50970    a184-25-56-84:http     ESTABLISHED
TCP    192.168.1.101:50971    host-202-137-238-20:http  ESTABLISHED
TCP    192.168.1.101:50972    host-202-137-238-20:http  ESTABLISHED
TCP    192.168.1.101:50974    host-202-137-238-20:http  ESTABLISHED
TCP    192.168.1.101:50975    host-202-137-237-29:http  ESTABLISHED
TCP    192.168.1.101:50976    host-119-252-148-17:http  CLOSE_WAIT
TCP    192.168.1.101:50977    host-119-252-148-17:http  CLOSE_WAIT
TCP    192.168.1.101:50978    host-119-252-148-17:http  CLOSE_WAIT
TCP    192.168.1.101:50979    host-119-252-148-17:http  CLOSE_WAIT
TCP    192.168.1.101:50980    a104-68-96-138:http    ESTABLISHED
TCP    192.168.1.101:50981    a104-68-96-138:http    ESTABLISHED
TCP    192.168.1.101:50982    host-119-252-148-40:http  CLOSE_WAIT
TCP    192.168.1.101:50983    host-119-252-148-40:http  CLOSE_WAIT
TCP    192.168.1.101:50985    a104-68-96-138:http    ESTABLISHED
TCP    192.168.1.101:50986    host-119-252-148-40:http  CLOSE_WAIT
TCP    192.168.1.101:50987    host-202-137-237-29:http  ESTABLISHED
TCP    192.168.1.101:50988    host-119-252-148-17:http  CLOSE_WAIT
TCP    192.168.1.101:50989    host-119-252-148-17:http  CLOSE_WAIT
TCP    192.168.1.101:50990    host-119-252-148-17:http  CLOSE_WAIT
TCP    192.168.1.101:50991    a23-212-52-136:http    ESTABLISHED
TCP    192.168.1.101:50992    a23-212-52-136:http    ESTABLISHED
TCP    192.168.1.101:50993    host-119-252-154-22:http  CLOSE_WAIT
TCP    192.168.1.101:50994    host-119-252-148-17:http  ESTABLISHED
TCP    192.168.1.101:50995    host-119-252-154-22:http  ESTABLISHED







 


Edited by naubahi, 14 November 2015 - 06:44 AM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:49 AM

Posted 17 November 2015 - 05:56 PM

Hi,

 

Thats not real useful, need alittle more info.  Need to post a FRST log as a starting point. You can start at step 6 in this link below. Download, install FRST and post its log in your reply and we will go from there: Usually only online once or twice per day so you may not get a reply back from me until the following day.

 

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/


How Can I Reduce My Risk to Malware?


#3 naubahi

naubahi
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 18 November 2015 - 03:36 AM

Sorry, I faced lots of problems in posting. It could be denial of service. I am not sure how text files says guest account is enabled. I am suspicious of a person. This is my new topic started to be able to attach the log files. I faced problems including a message that said that website bleepingcomputer is down

 

http://www.bleepingcomputer.com/forums/t/596716/hacked-previouslyam-i-still-hacked-or-whatcontd-to-post-logs/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users