Lizzzzzz
asked on
Have I been hacked?
Hi,
Hope someone can help me.
Yesterday I discovered a new internet dial-up which I had not put on to the computer. It was to another ISP, not my own. Had the user name of 'newdefaultuser' with a fifteen letter encrypted password. I dialled it, and got online. I phoned the ISP's helpline, but they couldn't help me. I have since deleted this, but haven't got a clue how it got on to my computer in the first place.
Also, I was filling out name and email details on a web site the other day - my computer normally remembers my details on most sites like this. This time it had my name stored, but also someone else's name. This person does not have access to my pc.
I run Win98 SE. Have Norton AV and use Black Ice firewall. I get all available updates of all three. I have been in several sites over the last few days to check my security and all sites came up with the same answer - that my computer is running in stealth mode.
These two things are worrying me. Have I been hacked? If so, how can I find out? Norton hasn't found anything. If a trojan has been left on my machine, how can I trace it and delete it? Or should I reformat?
Thank you for any help you can offer.
Liz
Hope someone can help me.
Yesterday I discovered a new internet dial-up which I had not put on to the computer. It was to another ISP, not my own. Had the user name of 'newdefaultuser' with a fifteen letter encrypted password. I dialled it, and got online. I phoned the ISP's helpline, but they couldn't help me. I have since deleted this, but haven't got a clue how it got on to my computer in the first place.
Also, I was filling out name and email details on a web site the other day - my computer normally remembers my details on most sites like this. This time it had my name stored, but also someone else's name. This person does not have access to my pc.
I run Win98 SE. Have Norton AV and use Black Ice firewall. I get all available updates of all three. I have been in several sites over the last few days to check my security and all sites came up with the same answer - that my computer is running in stealth mode.
These two things are worrying me. Have I been hacked? If so, how can I find out? Norton hasn't found anything. If a trojan has been left on my machine, how can I trace it and delete it? Or should I reformat?
Thank you for any help you can offer.
Liz
u ran an application which installed the new dialup
If you are positive that you did not add the account, and the name is not family or friend (you said "This person does not have access to my pc" not that you don't know them) then you may wnat to back-up what you can. In Norton and Mcafee, there are "Excluded" files and folders, and most anyone can add files and folders to that excluded list, so when you scan, they get skipped. I do not recommend BlickIce to anyone after I was hacked, stealth mode and all. ZoneAlarm is better. http://www.securityfocus.com/archive/1/275710 http://www.securityfocus.com/bid/4025/solution/ is probly what led to my exposure. Again that was some time ago. The thing that is great about 9x machines security wise, is that they don't have that much to let a person control the PC.
This is the logic I don't like about BID: This person does not have access to my pc.- you see it's and IDS 1st, can a firewall second. Zonealarm ehhh this isn't helping you.
What was the account to MSN? AOL? something else? Was the username someone you know? Disable File and Print sharing, can set permissions on your registry. Are you running any RemoteControl software like VNC? Do you use mIRC ver 5.91? Disable the Netbios service.
Instructions For Removal Of File/Print Sharing
To check to see if File/Print Sharing is active on your computer:
Right-click on the icon label Network Neighborhood.
Highlight Properties and left-click.
You should see a button labeled "File and Print Sharing". Left-click this
button.
A window will appear showing two check boxes
I want to be able to give others access to my files.
I want to be able to allow others to print to my printer(s).
If either of these boxes are checked, you computer is acting as a server
To keep up with trojan's norton and Mcafee usually do a good job, but if you want to be sure, use TDS3 ohh now 4.
http://www.diamondcs.com.au/?hop=tamesnet.diamondcs
Again the best thing to do, espically if your not sure about how this happened, is backup what you need, say to some cd-r's and then scan them too before you reformat and reinstall 98.
-NEO
This is the logic I don't like about BID: This person does not have access to my pc.- you see it's and IDS 1st, can a firewall second. Zonealarm ehhh this isn't helping you.
What was the account to MSN? AOL? something else? Was the username someone you know? Disable File and Print sharing, can set permissions on your registry. Are you running any RemoteControl software like VNC? Do you use mIRC ver 5.91? Disable the Netbios service.
Instructions For Removal Of File/Print Sharing
To check to see if File/Print Sharing is active on your computer:
Right-click on the icon label Network Neighborhood.
Highlight Properties and left-click.
You should see a button labeled "File and Print Sharing". Left-click this
button.
A window will appear showing two check boxes
I want to be able to give others access to my files.
I want to be able to allow others to print to my printer(s).
If either of these boxes are checked, you computer is acting as a server
To keep up with trojan's norton and Mcafee usually do a good job, but if you want to be sure, use TDS3 ohh now 4.
http://www.diamondcs.com.au/?hop=tamesnet.diamondcs
Again the best thing to do, espically if your not sure about how this happened, is backup what you need, say to some cd-r's and then scan them too before you reformat and reinstall 98.
-NEO
two other utilities can also assist you with evaluating the security of your machine. the first is superscan, this is a windows scanner which you can use to scan your own machine. it is available from
www.foundstone.com/knowledge/free_tools.html
I would suggest using the 1.st port list scan form the options. then do a local scan of your pc. this will show all listening ports.
If there are ports you do not think should be in a listening state you can then use fport.exe, this is a command line utility that you run and it shows you all of the ports that are listeng and there associated program.
This should give you a good start.
www.foundstone.com/knowledge/free_tools.html
I would suggest using the 1.st port list scan form the options. then do a local scan of your pc. this will show all listening ports.
If there are ports you do not think should be in a listening state you can then use fport.exe, this is a command line utility that you run and it shows you all of the ports that are listeng and there associated program.
This should give you a good start.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
yea did you see what number it was dialing. i have seen people surf the web and a banner or something pops up and installs a new dial up thing which it is really a 900 number that you get charged like $1.50 per minute. so you might want to see if you can find out what number was dialed to see if you will get charged a bunch for it.
ASKER
Thanks everyone for your help.
I've written down the phone number, so I'll check out what they charge. I hadn't heard of that happening before, but I'll be keeping a closer check on who I'm dialing from now on.
Thanks again,
Liz
I've written down the phone number, so I'll check out what they charge. I hadn't heard of that happening before, but I'll be keeping a closer check on who I'm dialing from now on.
Thanks again,
Liz
you stole my points
:(
:(