Jump to content
Sign in to follow this  
seremina

Hacker Attack!

Recommended Posts

:pullhair: It started innocently enough and I didn't realise what was going on. When I realised what was happening, I took measures to stop him and today he's gone bananas on me. Over the course of 5 minutes, he's attempted 500 intrusions. That number is now...1,430 and ongoing as we speak. I can only use Opera as a browser; somehow the others get self-overwhelmed and they show up twice on the Task Manager before I shut them down.

 

I've been dealing with this for days and I can't take it anymore. Here's the steps I've taken and he's taken, in their order...

 

Him: Firewall unexplainedly crashes

Me: Spent days researching why it happened and why I can't get it to turn back on nor uninstall

Me: Days later looks over the firewall folder and realises files were switched around, unswitched them

Him: Number of intrusions slowly increased

Him: Occasionally tries to knock out firewall and other security software

Me: Keeps fixing things and putting them back up

Him: Made me have to reboot, so...

Me: I cut off my computer's connection to the internet overnight

Him: Went bananas today and has done up to [as of now] 1,820 intrusions

Me: Have set my firewall to handle DoS attacks, just in case

Me: Other than cutting him off--which would cut everybody on my network off--he's still trying.

 

My firewall keeps him at bay but I fear he may crash it again. What do I do? Of all the random attacks I've had over the years [which was thankfully few and far in between] I've never encountered one as vicious as this. I feel inadequate. Please help me take this hacker down! I'm going nuts since I have trouble with anything fun I want to do on the computer due to the resource-hoggyness the attack causes. :pullhair::cr@sh:

 

My Windows Updates are current

I have Comodo Pro Firewall, Comodo AntiVirus, Spyware Guard, Spyware Blaster, Tea Timer, DriveSentry, and I used to have Comodo AntiMalware but I uninstalled it due to my own uncertainty of how it works.

 

Computer is a desktop Pentium 4 with a GB of RAM, Windows XP Home, and running out of space with 7% left. Heh.

 

Thank you very much. [waits]

Share this post


Link to post
Share on other sites

I don't know a lot, but what if

 

Getting your IP address changed

 

Using a router http://www.mechbgon.com/build/router.html

 

Trying a different firewall

 

Run Shields Up when safe

 

Changing my IP address would help? Interesting idea, but I'm not using a router. I'm using a cable modem and a hub. So I'm not sure how to change the IP address.

 

Why would I try a different firewall when Comodo is the strongest I've had? Its the only free one that can handle DoS attacks. Without it, I wouldn't be able to be online right now. I'm fortunate I can use Opera just to browse the internet. I'm not sure why Opera is functioning when the others are locking up. Pretty cool.

 

What's "Shields Up"?

Share this post


Link to post
Share on other sites

First, Shields Up is a site that tests your computer firewall to see how well it is working. Have you tried running any scans by your AV or anti adware software in safe mode? Finally, run an online av/malware scan if you can do so using Opoera.

Share this post


Link to post
Share on other sites

Can your provider change your address? Doesn't a hacker need your address to get to you?

 

Maybe do a HJT log to see if there is malware.

 

Would he have to recrack a different firewall?

 

Shields Up tests your PC for vulnerablites.

Share this post


Link to post
Share on other sites

First, Shields Up is a site that tests your computer firewall to see how well it is working. Have you tried running any scans by your AV or anti adware software in safe mode? Finally, run an online av/malware scan if you can do so using Opoera.

 

Oh. Thank you for the kind response. I can't do firewall testing at this time. Not when I'm still suffering the constant intrusions. I don't want to mess up my firewall while its being a good soldier and blocking the baddie. The number has now climbed to...8870. Yikes. [sighs] I'd love for this to stop. If this is the hacker's idea of a Christmas present, I'd get a refund.

 

I'll try running some online scans. I hope they work with Opera. I'll report back if they don't. Spybot Search and Destroy got rid of a Windows Firewall Override thingie. The scans show up nothing else suspicious. But as you said, I should probably be trying all these scans in Safe Mode. Somehow, I think in Normal Mode I won't find anything. Which should I do first? Online scans, or Safe Moded software scans?

 

I really appreciate the help.

 

Law,

 

I don't know if Cogeco can change my address. I'll make the inquiry and hope they can do so. I don't know what the hacker needs. I just know he's got me and I want to get rid of him.

 

HJT logs are unreadable by me. I'll still do one, but none of it makes sense to me and I can't even post it in this thread. It would have to go to another sub-category and I'd have to wait for results for that. In any case, I might as well do that anyway. Maybe the resolution will come just a bit faster that way. The intrusion number is still freaking me out.

 

People have said you shouldn't run two firewalls at once. I'm technically already running two firewalls. Comodo, and the technical one is DriveSentry. He's tried to get through DriveSentry before, but I've got it back up. I guess he was taking a temporary break from Comodo at the time. Now he's just focused on Comodo. I don't think I want to know what happens if I put on a 3rd firewall. :cr@sh:

 

The only plus side I'm seieng is that I'm getting help here and the icons are trying to keep me happy. Oy.

Share this post


Link to post
Share on other sites

In Safe mode all your protection will be off. I think I have seen them say physically disconnect the cable then.

 

That sounds very bad...the fact the protection would be off if I tried doing the testing in Safe Mode. Physically disconnect what cable? Are you talking about my Cable Internet? If I do that, how will I get online to get this fixed?

 

I'm more confused than ever. :h3lp:

Share this post


Link to post
Share on other sites

It would be the internet cable if I did see that. After doing the Safe mode onboard tests, reconnect when going back to Normal mode

 

Oh. So that's what you meant. Interesting idea. I'll do that, then get back on with normal mode so I can do the online scans as well. Being this thorough is going to drive me nuts, but hey...all in the name of having a secure computer. I'll be back. [has my notebook handy to write down any finds]

Share this post


Link to post
Share on other sites

This is screwy-kablooey. I can't get into Safe Mode! I made contact with a tech friend so he can also help me out. He'll be back in a few hours. Meanwhile, I'm stuck with probably just doing the online scans. Should I proceed? :boxing:

Share this post


Link to post
Share on other sites

Might as well do what you can do.

 

Someones posted ideas

Well, you can run the msconfig, in BOOT.INI tab, turn on "/SAFEBOOT", then restart, after Windows will run into Safe Mode automatically, is it easy? Or after your press F8 and it appears the BOOT Menu, just press Esc, then F8 immediately, the Boot Option screen will appear.

 

My thought

BootSafe (if XP is running) http://www.majorgeeks.com/BootSafe_d4904.html

Share this post


Link to post
Share on other sites

Might as well do what you can do.

 

Someones posted ideas

Well, you can run the msconfig, in BOOT.INI tab, turn on "/SAFEBOOT", then restart, after Windows will run into Safe Mode automatically, is it easy? Or after your press F8 and it appears the BOOT Menu, just press Esc, then F8 immediately, the Boot Option screen will appear.

 

My thought

BootSafe (if XP is running) http://www.majorgeeks.com/BootSafe_d4904.html

 

I did the F8 thing and it was going to the Safe Mode but then it gave me a system error message, so it was unable to finish going to Safe Mode. So I had to reboot back into Normal Mode. So I don't see how doing it from the MSConfig or the F8 or the cool BootSafe utility would help get past the system error. I think the hacker messed up my Safe Mode. :pullhair:

 

But once everything's okay, I'll definitely install BootSafe. It looks cool and is easier.

Share this post


Link to post
Share on other sites

If F8 isn't working for you then try F5.

 

Get a router and be done with it.

 

You are very rude. I have stopped using a router because I kept getting pirated bandwidth. Its more insecure than my current setup! Even after encrypting the poo out of it, it was still insecure and pirated bandwidth resulted.

 

As for F5, that is the refresh function. F8 is the Safe Mode menu option. As I said, Windows REFUSES to go into Safe Mode.

 

I am starting to get angry but I will say nothing personally to you.

 

I tried this list of online scans, with their failures...

 

Bitdefender...requires IE. Cannot scan with it with Opera.

Panda...requires IE. Cannot scan with it with Opera.

Trendmicro HouseCall...requires IE. Cannot scan with it with Opera.

Symantec...requires IE. Cannot scan with it with Opera.

 

I have already mentioned that the only browser that does not crash at this time, is Opera.

 

IE/Avant crashes.

Firefox crashes.

Flock crashes.

Opera doesn't.

Share this post


Link to post
Share on other sites

WEll I would have to agree with Shogan, get a router and be done with it.

 

If you don't like wireless then disable it in the router, or buy one that doesn't do wireless.

 

In the mean time, obviously your current setup is not more secure and this whole thread is a testament to that fact.

 

My best advice to someone who thinks their computer is compromised, is to immediately disconnect it from the internet, pull the ethernet plug.

 

By compromised I mean not infected with the latest little viri or spyware running in the wild, but by compromised I mean someone having direct access to your computer.

 

If that is indeed the case, then you have already lost the battle, and will not win the war until you disconnect completely until you can discover how they have gained access.

 

In fact if someone has compromised the machine, there is a chance that you will never know how, and a chance that you will never get them out.

 

A router is the absolute best first line of defense.

 

However if someone has actually gained access to your system, then my best and serious advice would be to disconnect from the internet, back up your important data, reformat the hard drive, reinstall the operating system. Use a Live CD to scan all your data for nasties before restoring it to the fresh install. This advice is of course only based on the assumption that you know your machine has been compromised.

Share this post


Link to post
Share on other sites

WEll I would have to agree with Shogan, get a router and be done with it.

 

If you don't like wireless then disable it in the router, or buy one that doesn't do wireless.

 

In the mean time, obviously your current setup is not more secure and this whole thread is a testament to that fact.

 

My best advice to someone who thinks their computer is compromised, is to immediately disconnect it from the internet, pull the ethernet plug.

 

By compromised I mean not infected with the latest little viri or spyware running in the wild, but by compromised I mean someone having direct access to your computer.

 

If that is indeed the case, then you have already lost the battle, and will not win the war until you disconnect completely until you can discover how they have gained access.

 

In fact if someone has compromised the machine, there is a chance that you will never know how, and a chance that you will never get them out.

 

A router is the absolute best first line of defense.

 

However if someone has actually gained access to your system, then my best and serious advice would be to disconnect from the internet, back up your important data, reformat the hard drive, reinstall the operating system. Use a Live CD to scan all your data for nasties before restoring it to the fresh install. This advice is of course only based on the assumption that you know your machine has been compromised.

 

You are also rude. I don't think you understand my full situation here. Compromised or not, you are assuming I have the money and resources to do what you are suggesting--no, demanding--I do.

 

I already TRIED the router route for YEARS and I'm fed up with it. Its NOT more secure. I've have less problems withOUT it than WITH it. I don't see how anybody can tell me its more secure. Furthermore, its impossible to disable the wireless off it. A router is ONLY for wireless connectivity! I shouldn't have to mention how DIFFIFULT it is to work with a router. It has no GUI. Its all coded nonsense that I have to rely on others to do for me.

 

I cannot disconnect without losing my internet altogether. I need the internet to keep my scanners updated and to allow me access to any forums that can help me out. Furthermore, I have other tenants on my network. I cannot disconnect them. Its unfair to them. I don't know how to figure out fully how they got in. My only conjecture is that they used the Windows Firewall to override Comodo. It took a while, but I got Comodo back up and running and got rid of the Windows Firewall Override thingie they had installed. Comodo is blocking the idiots out, yet they keep trying like drunks banging into a wall.

 

I have no space for backing anything up. I do not have the money to purchase a Windows XP Home disc nor a Windows XP Recovery disc. None were supplied when the computer was supplied. Just a Reinstallation Partition was supplied and I don't even know how to use it. I'm a believer that reformats are LAST RESORT. Also, just in case, I do have an Ubuntu Linux LiveCD. That's for in case Windows XP ever explodes on me and I can't get it back.

 

Quite frankly, I'm surprised how much the kindness and help has gone downhill since PCPitstop revamped. If I can't get any kind and understanding help, I'll try elsewhere. Nobody with trouble should be treated like this, nor foisted on with "Buy this! Buy this!". It shows the site is OWNED by the advertisements/business side rather than by the compassion that used to fuel it.

Share this post


Link to post
Share on other sites

Sorry you are so easily offended.

 

I was not being rude, but gave the best advice I could. In fact it is exactly what I would do if I thought one of my machines was compromised.

 

Now that you have said you allow others to use your connection, it is my personal opinon and a 90% likelihood that the problem lies within your LAN.

 

So in light that I may offend you again, I will be on my merry way now.

Share this post


Link to post
Share on other sites

Sorry you are so easily offended.

 

I was not being rude, but gave the best advice I could. In fact it is exactly what I would do if I thought one of my machines was compromised.

 

Now that you have said you allow others to use your connection, it is my personal opinon and a 90% likelihood that the problem lies within your LAN.

 

So in light that I may offend you again, I will be on my merry way now.

 

Well, how would I be able to check for that? I haven't seen a tool that tells me a tenant's room number so I'd know if they're causing it or who else it might be. I just know that back when I had the router running, the person that was pirating the most is living further down the street. I don't know how he got access and he's not even part of my LAN.

 

It seems no matter what I learn, I'll always be a novice. I don't like it... but that seems to be the way it goes. There's no Simple English book out there for me to use. I'm entirely disadvantaged because I seem to be the little lady that can't understand complicated English and can't talk to people unless I'm typing or signing. I never imagined a computer would cause me this kind of pain. It seems fairly equal in pros and cons than it used to be. I fear we're running towards an age when the average person can't get online because they'll never be secure enough.

Share this post


Link to post
Share on other sites

seremina,

I think your flustration is getting to you. You were so nice in replying to my possibly dumb thoughts. The pros here are usually great help & never rude.

I use Firefox & thought it was as secure as Opera. I also forgot about online scans need IE & yours crashed. There are a lot of free scanners & some free Antivirus trials.

I think many sites recommend routers as the best firewall, then a software secondary.

I hope your HJT is not over looked, they often look for 0 replies to start helping.

Share this post


Link to post
Share on other sites

seremina,

I think your flustration is getting to you. You were so nice in replying to my possibly dumb thoughts. The pros here are usually great help & never rude.

I use Firefox & thought it was as secure as Opera. I also forgot about online scans need IE & yours crashed. There are a lot of free scanners & some free Antivirus trials.

I think many sites recommend routers as the best firewall, then a software secondary.

I hope your HJT is not over looked, they often look for 0 replies to start helping.

 

[nod] Yes...my frustration is getting to me. I'm usually always nice. I just don't like rudeness. Your thoughts are not dumb. You were trying to toss me some suggestions and I'm sorry they're not working well.

 

I use Firefox more often than any other browser, with Opera being 2nd place. I don't understand why my other browsers are crashing and why Opera seems immune. Someone said Opera is more secure than the others and that's why. So maybe that's it. My Firefox is 1.5; I can't bring myself to update it. I don't like browsers that operate on the basis of block everything and force you to fill in a whitelist. I prefer browsers that allow almost everything, are secure, and offer a blacklist. I don't know if Firefox 3 has fixed that or not.

 

I worry about free scanners...they usually want money for the fix. I'm hoping my HJT, at

 

http://forums.pcpitstop.com/index.php?show...p;#entry1452755

 

won't be overlooked. There's something I wrote in my notebook and its strange...

 

Its on the Start Menu in two places...

 

320% Welcome Bonus!

 

I checked Properties: EuroGrand Casino.html

 

What is this for? I didn't install anything Casino-related. :huh:

Share this post


Link to post
Share on other sites

I use these, all are free. & remove what they find

a-squared (scanner)

Spyware Guard (blocker)

SpywareBlaster (spyware blocker)

Spybot: Search & Destroy (spyware blocker and scanner)

Ad-Aware SE (spyware scanner)

SuperAntiSpyware (spyware scanner)

Windows Defender (spyware blocker and scanner)

AVG AntiSpyware (spyware scanner)

IE Spyad (spyware blocker)

A modified HOSTS file (spyware blocker)

Firefox with addons

Share this post


Link to post
Share on other sites

I use these, all are free. & remove what they find

a-squared (scanner)

Spyware Guard (blocker)

SpywareBlaster (spyware blocker)

Spybot: Search & Destroy (spyware blocker and scanner)

Ad-Aware SE (spyware scanner)

SuperAntiSpyware (spyware scanner)

Windows Defender (spyware blocker and scanner)

AVG AntiSpyware (spyware scanner)

IE Spyad (spyware blocker)

A modified HOSTS file (spyware blocker)

Firefox with addons

 

Wow. That's quite the list of usable free scanners that do fixes! Do you have links for these, for me... or can these be safely Googled?

Share this post


Link to post
Share on other sites

safe to download from download.com or majorgeeks.com

If not found there, I will find it for you.

I have never seen anyone return their HJT replies back to zero

 

remember to update before scan

Edited by law9933

Share this post


Link to post
Share on other sites

seremina, while I think your Comodo fire wall and Xdrive Desktop are keeping this person at bay....are you able to see the IP# that is attacking you?

If you can (even if you can't), you need to report this attack to your ISP as soon as possible! They can monitor the attacks and help to get the person's computer off line.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...