?
Solved

Have I been hacked?

Posted on 2003-02-19
7
Medium Priority
?
223 Views
Last Modified: 2013-12-04
Hi,
Hope someone can help me.

Yesterday I discovered a new internet dial-up which I had not put on to the computer. It was to another ISP, not my own. Had the user name of 'newdefaultuser' with a fifteen letter encrypted password. I dialled it, and got online. I phoned the ISP's helpline, but they couldn't help me. I have since deleted this, but haven't got a clue how it got on to my computer in the first place.

Also, I was filling out name and email details on a web site the other day - my computer normally remembers my details on most sites like this. This time it had my name stored, but also someone else's name. This person does not have access to my pc.


I run Win98 SE. Have Norton AV and use Black Ice firewall. I get all available updates of all three. I have been in several sites over the last few days to check my security and all sites came up with the same answer - that my computer is running in stealth mode.

These two things are worrying me. Have I been hacked? If so, how can I find out? Norton hasn't found anything. If a trojan has been left on my machine, how can I trace it and delete it? Or should I reformat?

Thank you for any help you can offer.
Liz

0
Comment
Question by:Lizzzzzz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 2

Expert Comment

by:gikam
ID: 7980596
u ran an application which installed the new dialup
0
 
LVL 2

Expert Comment

by:NEOsporin
ID: 7981252
If you are positive that you did not add the account, and the name is not family or friend (you said "This person does not have access to my pc" not that you don't know them) then you may wnat to back-up what you can. In Norton and Mcafee, there are "Excluded" files and folders, and most anyone can add files and folders to that excluded list, so when you scan, they get skipped. I do not recommend BlickIce to anyone after I was hacked, stealth mode and all. ZoneAlarm is better. http://www.securityfocus.com/archive/1/275710 http://www.securityfocus.com/bid/4025/solution/ is probly what led to my exposure. Again that was some time ago. The thing that is great about 9x machines security wise, is that they don't have that much to let a person control the PC.
This is the logic I don't like about BID: This person does not have access to my pc.- you see it's and IDS 1st, can a firewall second. Zonealarm ehhh this isn't helping you.

What was the account to MSN? AOL? something else? Was the username someone you know? Disable File and Print sharing, can set permissions on your registry. Are you running any RemoteControl software like VNC? Do you use mIRC ver 5.91? Disable the Netbios service.
Instructions For Removal Of File/Print Sharing
To check to see if File/Print Sharing is active on your computer:
Right-click on the icon label Network Neighborhood.
Highlight Properties and left-click.
You should see a button labeled "File and Print Sharing". Left-click this
button.
A window will appear showing two check boxes
I want to be able to give others access to my files.
I want to be able to allow others to print to my printer(s).
If either of these boxes are checked, you computer is acting as a server

To keep up with trojan's norton and Mcafee usually do a good job, but if you want to be sure, use TDS3 ohh now 4.
http://www.diamondcs.com.au/?hop=tamesnet.diamondcs

Again the best thing to do, espically if your not sure about how this happened, is backup what you need, say to some cd-r's and then scan them too before you reformat and reinstall 98.
-NEO


0
 
LVL 1

Expert Comment

by:mrorange
ID: 7986358
two other utilities can also assist you with evaluating the security of your machine.  the first is superscan, this is a windows scanner which you can use to scan your own machine. it is available from

www.foundstone.com/knowledge/free_tools.html 

I would suggest using the 1.st port list scan form the options.  then do a local scan of your pc.  this will show all listening ports.

If there are ports you do not think should be in a listening state you can then use fport.exe, this is a command line utility that you run and it shows you all of the ports that are listeng and there associated program.

This should give you a good start.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
LVL 1

Accepted Solution

by:
rtt earned 200 total points
ID: 7990302
Liz,

As gikam said, it seems that you ran a program that created that new dialup.  

I heard some stories like that, you go to a web site, the website shows you a message asking permission to run something, if you accept it does what it is supposed to do but also add the new dialup.  The next time you try to connect to the internet, it uses the new dial up.

what's the catch here? ISP and telephone fees.  Find out where is that isp, how much they charge, ask your phone company if they have had a problem like that before

I'm not trying to scare you , but this things can/have happened

RT
0
 
LVL 2

Expert Comment

by:qazmoe
ID: 7990380
yea did you see what number it was dialing. i have seen people surf the web and a banner or something pops up and installs a new dial up thing which it is really a 900 number that you get charged like $1.50 per minute. so you might want to see if you can find out what number was dialed to see if you will get charged a bunch for it.
0
 

Author Comment

by:Lizzzzzz
ID: 7998105
Thanks everyone for your help.

I've written down the phone number, so I'll check out what they charge. I hadn't heard of that happening before, but I'll be keeping a closer check on who I'm dialing from now on.

Thanks again,
Liz
0
 
LVL 2

Expert Comment

by:gikam
ID: 8007028
you stole my points
:(
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses
Course of the Month13 days, 22 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question