Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Hacked?

Posted on 2006-05-19
8
Medium Priority
?
385 Views
Last Modified: 2010-04-11
Greetings,
   I have a small home network.  Four PC's all running WinXP which access the internet through a Netgear router (all PC's are wired to the router, no wireless) and then a cable modem (static IP address).  About two weeks ago one of the machines began to turn on by itself, occasionally, no more than once per day.  At the same time the boot went from; going straight to the desktop, to, having the welcome screen pop up with only the single icon for the user(no password).  
   Last night one of the other machines on this network was manually turned on and went to the Welcome screen with the single user icon rather than straight to the desktop.  

    I have run Adaware, Spybot, and have the current McAfee antivirus running on all machines, all scans find zero problems.  In additon the WinXP firewalls are all enabled.

    I am feeling a bit paranoid.  Is there something else I should be looking for?  Have I been hacked and how do I find out?

Thank you for taking time to read through this.
0
Comment
Question by:FernCrest
8 Comments
 
LVL 11

Accepted Solution

by:
prueconsulting earned 1600 total points
ID: 16718780
The going to welcome screen is simply a fact of autologin having been disabled which can happen in a number of ways such as registry corruption , user "mis-clicking". What intrigues me is machines turning themselves on ?  The only thing i know of that would do this is a Wake on LAN signal but then the machine isnt actualy physically powered off but rather sitting in a hibernated style state.
 Or was that a mistype and you meant turn'd off by itself ..
0
 
LVL 32

Assisted Solution

by:r-k
r-k earned 400 total points
ID: 16718893
Yes, it does sound like as prueconsulting said above. You could leave the network cable unplugged and see if the pc still turns on by itself, or disable "Wake on LAN" in the bios.

To be sure you don't have some malware, do the following:

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page if you find anything unusual.

0
 

Author Comment

by:FernCrest
ID: 16718915
Hi,
  Thanks for the response.  Nope not a typo.  The computer will occasionally self start.  This "appears" to be from full off.
  Registry corruption might be a possibility.  Is there a way to check for it?
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 11

Expert Comment

by:prueconsulting
ID: 16718949
For some ideas on registry corruption troubleshooting see this article.

http://www.windowsitlibrary.com/Content/313/3.html

or there are also a bunch of applications which provide this type of functionality out there as well .
0
 
LVL 3

Expert Comment

by:cyan990
ID: 16719358
Hi,

Have you had any power bumps recently?

Cyan990
0
 
LVL 24

Expert Comment

by:SunBow
ID: 16720266
You can also try a check of your NICs, their settings, including in BIOS. Some come with a white wire that should be disconnected. BIOS can enable boot from LAN, or WakeUp on LAN. Those you should be able to disable in CMOS, or maybe they were, and the battery is getting old. How good are they at keeping time? There've been problems reported before in the hardware TA, and it being a form of hardware issue. Other than reconfigure, you may need a bios upgrade.

Possibly some recent upgrades were made, or copies of files were moved from one machine to another.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 16720269
done
0
 
LVL 24

Expert Comment

by:SunBow
ID: 16720274
PDQ
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware, the malware that locks down its victim’s files until they pay up, has always been a frustrating issue to deal with. However, a recent mobile ransomware will make the issue a little more personal… by sharing the victim’s mobile browsing h…
Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question