Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Being In The Hands Of A Hacker


  • Please log in to reply
7 replies to this topic

#1 Gradtech2006

Gradtech2006

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 31 August 2006 - 10:27 AM

Hello everyone --

I am new to this site and hope somebody or somebodies can help out. Forgive me if this is the wrong area to post this (I'm still learning). The short version of my situation is that I have a hacker, actually I have 2 hackers (they are dating each other and both work together sometimes).

This hacker has a constant connection to my computer and can tell when I am online and has the ability to "watch" what I am doing as I am doing it. This hacker has told me that he can manipulate my computer, turn on my sound recorder to hear what I am saying and evidently can see my screen on his computer as though he were sitting right next to me.

I have XP on my computer plus McAffee Personal Firewall but I dont guess it is working. I have talked to this hacker and still email them back and forth. I know who the hackers are, I just dont know how to "find" them. They have told me that they have some kind of password script that can detect changes in my passwords so it's pointless for me to change passwords, especially if they can see it on my screen when I do it. I dont know anything about the script or how it works.

I am guessing they are able to access certain ports on my computer or have installed a Trojan of some kind. I hope I am right in assuming that they are able to come in on my ports but I dont know which ports. Even if I saw a listing of ports, I wouldnt know what to look for. The problem is I dont know how to fight back. I dont know enough commands or have enough knowledge about ports to know where to look.

I could really use any help on "how" to get started. What commands do I type in? What software can I buy? If someone can holler back and me and give me directions like "Start, Programs, click on this, click on that" or something along those lines, I will certainly try it.

I hope this is enough information, if not I can post more. I have read up a little on ip addresses in emails so I do have an IP address from the header records in the emails that they have sent me. (I saved the emails) but again, I dont know what to do with it.

Thank you in advance!

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:07:49 PM

Posted 31 August 2006 - 02:32 PM

First step:

1.Doubleclick on "My Computer."
2. Look for " view system information" and open up this option.
3. You will see a box called "system properties" pop up.
4. Find the "Remote" tab, and click on that.
Make sure "Allow Remote Assistance..." and "Allow users to connect...." boxes are both unchecked. Click on OK.

If possible, RESET your resident firewall so that it will ask permission for everything. Boot into Safe Mode and run your AV.
Let us know what you found, and we will proceed from there.
Cheers,
John
Whereof one cannot speak, thereof one should be silent.

#3 Gradtech2006

Gradtech2006
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 31 August 2006 - 02:44 PM

thank you john for those instructions. i will work on that tonight.

i am not sure i follow you on the safe mode part, can you give me some more information on what i'm supposed to do?

thanks,
gradtech

#4 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:07:49 PM

Posted 31 August 2006 - 03:45 PM

When you boot up your computer, repeatedly tap the f8 key. You will see a new, funny screen, which will give you some options. Choose the one that says something like "Open Windows in Safe Mode."
What this does is to force Windows to use only the very minimum of programmes absolutely essential to operate; since many kinds of malware will hide themselves in files that Windows normally uses (and thus protects), running your AV in safe mode leaves fewer places for malware to hide (and incidentally speeds up the AV's scanning).
Regards,
John

Edited by jgweed, 01 September 2006 - 10:30 AM.

Whereof one cannot speak, thereof one should be silent.

#5 Gradtech2006

Gradtech2006
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 01 September 2006 - 07:35 AM

Thanks for the information. I will certainly follow those steps.

My question is now -- with Windows in safe mode, what is my next step? What am I to do while in Safe Mode?

From what I know of this hacker -- they have the ability to see everything I am doing online from the comfort of their home (or where ever they are). I have a DSL connection and when I boot up my PC -- it gives them a window so whatever is on my screen, is also on their screen. To me, it sounds like they have found my IP address or they found the right port number or something. They even have the ability to "hear" what I am talking about through my PC (that is really freaky). Is this enough information? Do you have a clue how this is setup?

I even went so far as to wipe my hard drive and reinstall everything a while back but evidently that didn't work as they are still around.

I just dont know how to "find" how they are doing it on my PC or how they do it. Any login I use, they know what the login is and the password for those logins. It is frustrating because they know how I log in to websites and they have the ability to log in as me and change information or passwords.

Thanks again for your help!

- gradtech

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,046 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:49 PM

Posted 02 September 2006 - 10:50 PM

Do you have a third party firewall installed? If not, I strongly suggest getting one. There are some good free ones. The reason for this is that the Windows firewall only blocks incoming stuff, it won't block outgoing stuff. A third party firewall will, and then you will be able to identify which program is sending out your private information.

Read this tutorial for more information about firewalls and sources for both free and commercial firewalls.

It also sounds as though they have installed a keylogger or something. What kind of security programs do you have installed?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#7 Gradtech2006

Gradtech2006
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 05 September 2006 - 07:05 AM

I have McAffee Personal Firewall as a 3rd party that I installed but over this past weekend, I learned that they are using some Linux scripts to do what they do. This just blows me away that they can do something like this.

#8 Gradtech2006

Gradtech2006
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 05 September 2006 - 02:14 PM

Here is the script that the hackers sent me -- I dont know if it is real or not and even if it is real, I wouldnt know how to use it. Does anyone know if this is legit or not? Thanks for your help! I didn't believe they were smart enough to know what they are doing but this looks to be real, I just hope someone can confirm that it is or discard it as garbage??

- gradtech


SELECT: {user password}
VIEW: {current page}
ALTER: [current page; user password]
OPEN: [current page] WITH {user password}
LIST: [available options]
<the list would look like this: change password, view page, close page, save page, screenshot>
SELECT: {change password}
ALTER: [user password] "s/(current password you use)./l/(new password we make for you)."
LIST: [available options]
SELECT: {close page}
___________________________

there, make you happy? that's what we do to change a password. or we can just open the page and see what you're seeing from this point: LIST:

________________________
SELECT: {view page}
LIST: [current settings]
SELECT: {log keystrokes} WITH LIST: [available programs] SELECT: {Microsoft Word}
SAVE: {logged keystrokes} IN {Microsoft Word}
OPEN: {Microsoft Word}




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users