Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 270
  • Last Modified:

Is my Network Hacked

When in My Computer / My Network Places, there are two sections.  Local and Internet.

IN the INternet section there has always been an MSN entry.  All of a sudden a new one appeared.  It is

tmp on Davide Ramo (10.0.1.158)

I have no idea what it is or how it got there, but if I left or right click on it, explorer hangs
0
Alexjc01
Asked:
Alexjc01
  • 7
  • 4
  • 2
  • +2
2 Solutions
 
ridCommented:
What kind of network is this? Is there a firewall somewhere? Is 10.0.x.x a valid address on your LAN?
/RID
0
 
Alexjc01Author Commented:
It's a simple home network with a main pc and 2 laptops sharing files and a printer.  Internet connection comes into a router which has a wired connection to the main PC and a wireless to the laptops.

The strange entry is visable from one of the laptops.  It is a main folder

I have no such valid address
0
 
ridCommented:
Well, I guess it's time for a thorough virus and malware scan. Download something you trust and/or believe can scan the computer(s) and then disconnect the suspect from the network and scan it. Are you running a server of any kind, visible to the internet? If so, close the connection (port forwarding) in the router for the time being.
/RID
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

 
Alexjc01Author Commented:
No server...wouldn't know how
0
 
ridCommented:
OK :) then it's time for virus scan.... Can't help you with specifics, unfortunately, but you may have comments from experts with more knowledge or you can search the site for "virus scan" or something similar; "free virus scanner" might be a search string that could be useful.
/RID
0
 
Alexjc01Author Commented:
I'm scanning with AVG in a second.  IT's a work laptop and only has XP Firewall and Symantic Anti-Virus.  I can't see how to scan the specific file with this tool so will use AVG
0
 
Alexjc01Author Commented:
If it's fine though, how do I get rid of this file?  I can neither left or right click on it nor find reference to it in the registry
0
 
ridCommented:
Try it in safe mode...

Also, of course, check any autostarting processes/programs (msconfig or check the registry or the services applet in control panel>??? ; I don't have an english windows here to check the proper applet, sorry).
/RID
0
 
expexchuserCommented:
Do you know anyone named Davide Ramo?  There are several of them
http://www.zabasearch.com/query1_zaba.php?sname=David%20Ramo&state=ALL&ref=%24ref&se=%24se&doby=&city=&name_style=1

Can you ping 10.0.1.158?

Without looking in detail, I would guess someone joined a rouge laptop to your network.  Can you log into and look at your wireless router to see logs etc?  I usually lock down wireless routers by MAC address, so only authorized NICs can use the connection.
0
 
Alexjc01Author Commented:
How can somebody do that.  I have the SSID hidden and the higher security level on my network?

Where can I check on my BT Voyager to find a log.

Do you think they were just stealing bandwidth?
0
 
Alexjc01Author Commented:
And no..I don't know anyone calld that for sure.
0
 
apostle12Commented:
What you can do is do a lookup on the ip address/service provider and then do a people search on his name in that city until you think you have pretty much narrowed it down and then go knock on his door and ask him what the hell he wants.
0
 
Alexjc01Author Commented:
Well whilst not connected to the net, I was able to right click and delete the file.  Don;t know is that achieves anything but it's gone.  Seems there was nothing really suggested that did much good though I'm still interested if I can see what happened if expexchuser can continue that thread
0
 
expexchuserCommented:
apostle, the IP is most likely a nat ip address and even if it were real, at best you would probably only get the contact information to an ISP and go knock on their door.  And without a subpeona they'll just laugh at you.

Alex, if it's just your home network don't sweat it.  Just monitor to see if it appears again.  If it was a rogue, they were probably just trying to get at your bandwidth.  Post again if you see it again and reference a link back to this question.  It's hard to garner much info w/o the connection being live.
0
 
PatG042800Commented:
First of all, 10.x.x.x are non-routable addresses reserved for private LAN use.

http://en.wikipedia.org/wiki/Private_network

You will not be able ping this 10.x.x.x address anywhere outside of your own local network.

What address space is your home network set up in? Typical home use is 192.168.x.x but some routers do allow 10.x.x.x addressing. Typically the 10.x.x.x addressing is used in larger companies or maybe even a hotspot location.  Has the laptop in question ever been in another location?  Windows wireless can connect to hotspots automatically. Or if you plugged into a network somewhere else with the 10.x.x.x the tmp link could just be a remnant of a connection done outside of your home network.

Plain and simple, if your home network is not set up in the 10.0.1.x address space it is highly unlikely that this tmp link was a result of someone connecting to your network at home.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 7
  • 4
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now