Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bored...yet Thinking Too Much


  • Please log in to reply
22 replies to this topic

#1 Gradtech2006

Gradtech2006

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 06 September 2006 - 03:00 PM

I am at work bored, trying to figure out how my home PC has been hacked. In other words, I have a hacker (actually I have 2 hackers) that have a CONSTANT connection to my PC from where ever they are. When I boot up my PC with my DSL connection, they can see everything that I do. Not that I have anything to hide or be worried about, because I dont -- it just freaks me out that I can't figure out how they found me and how they are able to do what they do.

About the only information I have been able to get from them is that they use a lot of linux scripts to run commands against me. I dont know linux so I dont know how to even begin to fight them or disable their connection.

So here I am at work, where they cant get to me and where I can Google information and try to figure out what to do.

BC AdBot (Login to Remove)

 


#2 fleamailman

fleamailman

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Location:geneva switzerland
  • Local time:04:20 PM

Posted 06 September 2006 - 03:05 PM

Someone here will probably give you better advice but have you changed the password on the router yet, that is if you have one? Have you reinstalled the the os?
everyday is a gift

#3 Mr Alpha

Mr Alpha

  • Members
  • 1,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:20 PM

Posted 06 September 2006 - 03:45 PM

If your machine has been compromised to that degree I would back up important data, wipe all hard-drives, and re-install everything from scratch. There is no telling what they've put on your machine.

Edited by Mr Alpha, 06 September 2006 - 03:46 PM.

"Anyone who cannot form a community with others, or who does not need to because he is self-sufficient [...] is either a beast or a god." Aristotle
Intel Core 2 Quad | XFX 780i SLI | 8GB Corsair | Gigabyte GeForce 8800GTX | Auzentech X-Fi Prelude| Logitech G15 | Logitech MX Revolution | LG Flatron L2000C | Logitech Z-5500 Digital

#4 Gradtech2006

Gradtech2006
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 07 September 2006 - 07:51 AM

yes i have reinstalled the OS. i backed everything up and wiped it and all -- evidently that didnt work as they are still around

i have a 4 port router but i am not sure how to change the password.

can you elaborate? im back at working searching for more information so i can take it home to try it out but i know as soon as i boot up my PC at home, they will be "watching" hmmm

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:20 AM

Posted 07 September 2006 - 08:59 AM

What firewall are you running
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Gradtech2006

Gradtech2006
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 07 September 2006 - 03:06 PM

i have mcaffee personal firewall assistant from staples -- i tried the windows firewall but when i realized even that didnt stop them, i went out and bought one

#7 Heretic Monkey

Heretic Monkey

  • Members
  • 1,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NCSU
  • Local time:10:20 AM

Posted 07 September 2006 - 05:12 PM

How do you know you're being hacked? What kind of signs are they giving off? Figuring out what they're actually doing to your computer is a major step in figuring out how to stop them.

#8 Mr Alpha

Mr Alpha

  • Members
  • 1,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:20 PM

Posted 08 September 2006 - 04:59 AM

Do you have several computers in a LAN?
"Anyone who cannot form a community with others, or who does not need to because he is self-sufficient [...] is either a beast or a god." Aristotle
Intel Core 2 Quad | XFX 780i SLI | 8GB Corsair | Gigabyte GeForce 8800GTX | Auzentech X-Fi Prelude| Logitech G15 | Logitech MX Revolution | LG Flatron L2000C | Logitech Z-5500 Digital

#9 Gradtech2006

Gradtech2006
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 08 September 2006 - 09:42 AM

How do I know they are hacking me? That's a loaded question. Seriously though -- they have quit hacking per se and have stopped changing the settings on my PC. Here lately, they just watch and send me emails reminding me that they are there and they are "watching" my screen.

Like I said before, they have some kind of connection to my PC (it's my only PC that is connected to the Internet via DSL). When I boot up, a connection opens between my PC and their PC. In essense, they can see me typing an email, or typing a webpage address or which song I click on and choose to listen to.

What I am searching for from work and seeking assistance from here is "how" do they get that connection? My ISP says my ip address is dynamic and changes constantly. The hackers can even here what I say when I am talking at my desk. I didn't believe them at first but when I was watching a DVD, they sent me an email and told me the DVD I was watching. THAT really freaks me out, for them to be able to hear me but if they can watch what I am doing, whats to stop them from listening to me.

I still try to search on Google but I guess part of my problem is I dont know what to search for to even begin to disable their connection..

Thanks for the reply though

#10 buddy215

buddy215

  • Moderator
  • 13,302 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:20 AM

Posted 08 September 2006 - 10:49 AM

Has anyone else observed this behavior? Have you saved the emails they sent? Do you live alone? Does anyone else have your permission to use your computer? Do you live in a singe family home or apartment House?
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 Gradtech2006

Gradtech2006
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 08 September 2006 - 12:25 PM

here are the answers to what you asked

Has anyone else observed this behavior? -- Yes, my room mate and I share a network and they have told me they can see him but he is very boring and they just ignore him.

Have you saved the emails they sent? Yes, I have -- they send me emails 2 ways. #1 -- they created fake accounts on yahoo and send from there OR #2 -- they log into my yahoo account under my name and send an email to me so it, in essence, comes from me.

Do you live alone? Answered above. But, No. I dont. I share a condo.

Does anyone else have your permission to use your computer? Again, No. no one else uses my PC

Do you live in a singe family home or apartment House. I live in a condo.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:20 AM

Posted 08 September 2006 - 12:44 PM

Perhaps your roomate isn't so boring?! After wiping your drive they again have access to your PC. hmmm.
They know what you watching,as in they can hear you.. Sounds like a mole and a mike. Somebody inside gets your info or installs apps on your PC and there's a listening device close by.

Take a read at this BC Tutorial and see what you find

Tracing a hacker
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Gradtech2006

Gradtech2006
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 08 September 2006 - 02:09 PM

oh no -- its not my room mate. he's not that smart. hes not the hacker.

i know where the hackers are located. i even learned their names recently. the thing i dont know is HOW they are doing it. HOW are they connected to my machine?

if i could figure out HOW they are doing it -- I could maybe figure out HOW to stop them. they said they do a lot in linux scripting but not knowing linux, i dont know where to even begin to undo anything

#14 buddy215

buddy215

  • Moderator
  • 13,302 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:20 AM

Posted 08 September 2006 - 02:45 PM

Here is a couple places you can check to see if you have remote access allowed:
(1)
1.Doubleclick on "My Computer."
2. Look for " view system information" and open up this option.
3. You will see a box called "system properties" pop up.
4. Find the "Remote" tab, and click on that.
Make sure "Allow Remote Assistance..." and "Allow users to connect...." boxes are both unchecked. Click on OK.

If possible, RESET your resident firewall so that it will ask permission for everything. Boot into Safe Mode and run your AV.
(2)
It is very common for certain types of remote control software to replace the default Windows GINA DLL (Msgina.dll). Therefore, a good first step is to examine the system to see if it has a third-party GINA DLL. To do this, locate the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value = GinaDLL REG_SZ

If the Gina DLL value is present and is anything other than Msgina.dll, this probably means that a third-party product has changed this value.
If this value is not present, the system uses Msgina.dll as the default GINA DLL.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 Gradtech2006

Gradtech2006
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 11 September 2006 - 01:03 PM

thanks so much for listing that -- i will certainly check it out tonight.

the more i have emailed them (i call the hackers them because it's 2 of them together) --- the less they have actually done any damage lately. the thing is, they are still around. i would like to be able to cut their connection to my PC completely

i was toying around saturday with some nestat commands and i got an email from one of the hackers who saw what i was doing and commented about it. again, they can see everything i do and record every keystroke. i dont know much about netstat so i started reading up on it and i got some explanations for the different commands but im not yet an expert. maybe this way i can find their connection? im not sure but hopefully i can find them this way




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users