Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Almost identical IP Address and Trusted Zone Computer IP, not written by me... Have I been Hacked?

Posted on 2005-03-22
3
Medium Priority
?
201 Views
Last Modified: 2013-11-16
I have been "fighting" a series of Adware and Trojan Programs for about a week.  I remove some (all) only to have more and new ones come on, that are installed without my action or consent when I go online.  I have been doing all the "right" things, clearing temp files, searching for and removing registry enty, etc, etc.  (And yes all the restore points are deleted).  THe strange thing is I get clear scans from my AntiVirus (with new definitions and the most recent iteration of the software), and multiple different and current Anti Spyware and Adware programs, then go online and then they reappear (or new ones appear).  Also I have had settings within My Internet Security Software (Program Access Rules) changed without any action or of course my permission.  I assumed this was by some malicious (and well written) Trojans, or coordinated threats to allow backdoors for these Trojans.

Now (and I genuinely am hoping that I am catastrophising and perhaps paranoid) I am afraid that my system may have been and is being Hacked, and this is why the Trojans and Adware keep reappearing.  I am the first to admit that I have a limited set of skills with respect to these topics, but I am learning Fast!

My suspecions are based around the following:  I used cmd > ipconfig to look at my ip address, I then looked at the only "Trusted Zone" IP address inside my Internet Security/Firewall/Anti-Virus Software.  They are almost identical, but not quite... just the final two digits transposed.  I do not recall entering any "Trusted Zone" IP address in configuration, perhaps these were auto configured by the installation wizards, etc, or could it have been done so by a Hacker?  I have also caught attempts to install Trojans on my own computer (via a port used by Torjans) from what appears to be my own computer's IP address, as well as the settings changes and Program Access Rule changes inside the Firewall software.

On the "Full Disclosure" Side:

I do War chalk and go up on unsecure WiFi networks from time to time, out of necessity and (yes as my neighbor's connection is faster than mine, so I guess impatience).  SO could this be a source of my problems?

Any advice on how I can determine if I have been or am currently being hacked?

If so how to end it?

And again if so how to track down the individuals address and "thank" him or her would be greatly appreciated?

Just kidding on the last one, but the first to in light of the info her would be great.

THis whole thing has been an education, and I have come to the conclusion that perhaps those of you here are more likely to help me than spending another 5 hours on hold to get "Technical Support" from the manufacturer of my Anti-Virus / Firewall.  Over the course of this week, I have learned enough that I usually have tried anything they think will work, and they are all asking what I do for a living, thinking that I am a skilled IT type... frustration may be the biggest motivator for education.  Thanks in advance for any and everyone's help, I just want to know what the  @#$%*& is going on and get this resolved.

Best, FG5
0
Comment
Question by:FlashGordon5
1 Comment
 
LVL 5

Accepted Solution

by:
tmehmet earned 2000 total points
ID: 13599339
>Internet Security Software (Program Access Rules) changed without any action or of course my permission.

If this is indeed true, you cannot trust your machine. A compromise of this level is pointless trying to fix it with spyware scanners and AV. Its almost certain you are beyond infection issues.

you could attempt sniffing the network to see what you machine is doing. eg where it is connecting and which protocls, also, you can see who is connecting to you and how..this should indicate if you are being hacked or remotely managed somehow.

would like to knw what services are running on your machine?

try this tool to interogate your machine;

http://winfingerprint.sourceforge.net/wininterrogate.php

0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question