Have I been hacked?

Hi,
Hope someone can help me.

Yesterday I discovered a new internet dial-up which I had not put on to the computer. It was to another ISP, not my own. Had the user name of 'newdefaultuser' with a fifteen letter encrypted password. I dialled it, and got online. I phoned the ISP's helpline, but they couldn't help me. I have since deleted this, but haven't got a clue how it got on to my computer in the first place.

Also, I was filling out name and email details on a web site the other day - my computer normally remembers my details on most sites like this. This time it had my name stored, but also someone else's name. This person does not have access to my pc.


I run Win98 SE. Have Norton AV and use Black Ice firewall. I get all available updates of all three. I have been in several sites over the last few days to check my security and all sites came up with the same answer - that my computer is running in stealth mode.

These two things are worrying me. Have I been hacked? If so, how can I find out? Norton hasn't found anything. If a trojan has been left on my machine, how can I trace it and delete it? Or should I reformat?

Thank you for any help you can offer.
Liz

LizzzzzzAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gikamCommented:
u ran an application which installed the new dialup
0
NEOsporinCommented:
If you are positive that you did not add the account, and the name is not family or friend (you said "This person does not have access to my pc" not that you don't know them) then you may wnat to back-up what you can. In Norton and Mcafee, there are "Excluded" files and folders, and most anyone can add files and folders to that excluded list, so when you scan, they get skipped. I do not recommend BlickIce to anyone after I was hacked, stealth mode and all. ZoneAlarm is better. http://www.securityfocus.com/archive/1/275710 http://www.securityfocus.com/bid/4025/solution/ is probly what led to my exposure. Again that was some time ago. The thing that is great about 9x machines security wise, is that they don't have that much to let a person control the PC.
This is the logic I don't like about BID: This person does not have access to my pc.- you see it's and IDS 1st, can a firewall second. Zonealarm ehhh this isn't helping you.

What was the account to MSN? AOL? something else? Was the username someone you know? Disable File and Print sharing, can set permissions on your registry. Are you running any RemoteControl software like VNC? Do you use mIRC ver 5.91? Disable the Netbios service.
Instructions For Removal Of File/Print Sharing
To check to see if File/Print Sharing is active on your computer:
Right-click on the icon label Network Neighborhood.
Highlight Properties and left-click.
You should see a button labeled "File and Print Sharing". Left-click this
button.
A window will appear showing two check boxes
I want to be able to give others access to my files.
I want to be able to allow others to print to my printer(s).
If either of these boxes are checked, you computer is acting as a server

To keep up with trojan's norton and Mcafee usually do a good job, but if you want to be sure, use TDS3 ohh now 4.
http://www.diamondcs.com.au/?hop=tamesnet.diamondcs

Again the best thing to do, espically if your not sure about how this happened, is backup what you need, say to some cd-r's and then scan them too before you reformat and reinstall 98.
-NEO


0
mrorangeCommented:
two other utilities can also assist you with evaluating the security of your machine.  the first is superscan, this is a windows scanner which you can use to scan your own machine. it is available from

www.foundstone.com/knowledge/free_tools.html 

I would suggest using the 1.st port list scan form the options.  then do a local scan of your pc.  this will show all listening ports.

If there are ports you do not think should be in a listening state you can then use fport.exe, this is a command line utility that you run and it shows you all of the ports that are listeng and there associated program.

This should give you a good start.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

rttCommented:
Liz,

As gikam said, it seems that you ran a program that created that new dialup.  

I heard some stories like that, you go to a web site, the website shows you a message asking permission to run something, if you accept it does what it is supposed to do but also add the new dialup.  The next time you try to connect to the internet, it uses the new dial up.

what's the catch here? ISP and telephone fees.  Find out where is that isp, how much they charge, ask your phone company if they have had a problem like that before

I'm not trying to scare you , but this things can/have happened

RT
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
qazmoeCommented:
yea did you see what number it was dialing. i have seen people surf the web and a banner or something pops up and installs a new dial up thing which it is really a 900 number that you get charged like $1.50 per minute. so you might want to see if you can find out what number was dialed to see if you will get charged a bunch for it.
0
LizzzzzzAuthor Commented:
Thanks everyone for your help.

I've written down the phone number, so I'll check out what they charge. I hadn't heard of that happening before, but I'll be keeping a closer check on who I'm dialing from now on.

Thanks again,
Liz
0
gikamCommented:
you stole my points
:(
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.