?
Solved

Almost identical IP Address and Trusted Zone Computer IP, not written by me... Have I been Hacked?

Posted on 2005-03-22
3
Medium Priority
?
197 Views
Last Modified: 2013-11-16
I have been "fighting" a series of Adware and Trojan Programs for about a week.  I remove some (all) only to have more and new ones come on, that are installed without my action or consent when I go online.  I have been doing all the "right" things, clearing temp files, searching for and removing registry enty, etc, etc.  (And yes all the restore points are deleted).  THe strange thing is I get clear scans from my AntiVirus (with new definitions and the most recent iteration of the software), and multiple different and current Anti Spyware and Adware programs, then go online and then they reappear (or new ones appear).  Also I have had settings within My Internet Security Software (Program Access Rules) changed without any action or of course my permission.  I assumed this was by some malicious (and well written) Trojans, or coordinated threats to allow backdoors for these Trojans.

Now (and I genuinely am hoping that I am catastrophising and perhaps paranoid) I am afraid that my system may have been and is being Hacked, and this is why the Trojans and Adware keep reappearing.  I am the first to admit that I have a limited set of skills with respect to these topics, but I am learning Fast!

My suspecions are based around the following:  I used cmd > ipconfig to look at my ip address, I then looked at the only "Trusted Zone" IP address inside my Internet Security/Firewall/Anti-Virus Software.  They are almost identical, but not quite... just the final two digits transposed.  I do not recall entering any "Trusted Zone" IP address in configuration, perhaps these were auto configured by the installation wizards, etc, or could it have been done so by a Hacker?  I have also caught attempts to install Trojans on my own computer (via a port used by Torjans) from what appears to be my own computer's IP address, as well as the settings changes and Program Access Rule changes inside the Firewall software.

On the "Full Disclosure" Side:

I do War chalk and go up on unsecure WiFi networks from time to time, out of necessity and (yes as my neighbor's connection is faster than mine, so I guess impatience).  SO could this be a source of my problems?

Any advice on how I can determine if I have been or am currently being hacked?

If so how to end it?

And again if so how to track down the individuals address and "thank" him or her would be greatly appreciated?

Just kidding on the last one, but the first to in light of the info her would be great.

THis whole thing has been an education, and I have come to the conclusion that perhaps those of you here are more likely to help me than spending another 5 hours on hold to get "Technical Support" from the manufacturer of my Anti-Virus / Firewall.  Over the course of this week, I have learned enough that I usually have tried anything they think will work, and they are all asking what I do for a living, thinking that I am a skilled IT type... frustration may be the biggest motivator for education.  Thanks in advance for any and everyone's help, I just want to know what the  @#$%*& is going on and get this resolved.

Best, FG5
0
Comment
Question by:FlashGordon5
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 5

Accepted Solution

by:
tmehmet earned 2000 total points
ID: 13599339
>Internet Security Software (Program Access Rules) changed without any action or of course my permission.

If this is indeed true, you cannot trust your machine. A compromise of this level is pointless trying to fix it with spyware scanners and AV. Its almost certain you are beyond infection issues.

you could attempt sniffing the network to see what you machine is doing. eg where it is connecting and which protocls, also, you can see who is connecting to you and how..this should indicate if you are being hacked or remotely managed somehow.

would like to knw what services are running on your machine?

try this tool to interogate your machine;

http://winfingerprint.sourceforge.net/wininterrogate.php

0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses
Course of the Month10 days, 23 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question