Almost identical IP Address and Trusted Zone Computer IP, not written by me... Have I been Hacked?
Posted on 2005-03-22
I have been "fighting" a series of Adware and Trojan Programs for about a week. I remove some (all) only to have more and new ones come on, that are installed without my action or consent when I go online. I have been doing all the "right" things, clearing temp files, searching for and removing registry enty, etc, etc. (And yes all the restore points are deleted). THe strange thing is I get clear scans from my AntiVirus (with new definitions and the most recent iteration of the software), and multiple different and current Anti Spyware and Adware programs, then go online and then they reappear (or new ones appear). Also I have had settings within My Internet Security Software (Program Access Rules) changed without any action or of course my permission. I assumed this was by some malicious (and well written) Trojans, or coordinated threats to allow backdoors for these Trojans.
Now (and I genuinely am hoping that I am catastrophising and perhaps paranoid) I am afraid that my system may have been and is being Hacked, and this is why the Trojans and Adware keep reappearing. I am the first to admit that I have a limited set of skills with respect to these topics, but I am learning Fast!
My suspecions are based around the following: I used cmd > ipconfig to look at my ip address, I then looked at the only "Trusted Zone" IP address inside my Internet Security/Firewall/Anti-Virus Software. They are almost identical, but not quite... just the final two digits transposed. I do not recall entering any "Trusted Zone" IP address in configuration, perhaps these were auto configured by the installation wizards, etc, or could it have been done so by a Hacker? I have also caught attempts to install Trojans on my own computer (via a port used by Torjans) from what appears to be my own computer's IP address, as well as the settings changes and Program Access Rule changes inside the Firewall software.
On the "Full Disclosure" Side:
I do War chalk and go up on unsecure WiFi networks from time to time, out of necessity and (yes as my neighbor's connection is faster than mine, so I guess impatience). SO could this be a source of my problems?
Any advice on how I can determine if I have been or am currently being hacked?
If so how to end it?
And again if so how to track down the individuals address and "thank" him or her would be greatly appreciated?
Just kidding on the last one, but the first to in light of the info her would be great.
THis whole thing has been an education, and I have come to the conclusion that perhaps those of you here are more likely to help me than spending another 5 hours on hold to get "Technical Support" from the manufacturer of my Anti-Virus / Firewall. Over the course of this week, I have learned enough that I usually have tried anything they think will work, and they are all asking what I do for a living, thinking that I am a skilled IT type... frustration may be the biggest motivator for education. Thanks in advance for any and everyone's help, I just want to know what the @#$%*& is going on and get this resolved.