Solved

Is my Network Hacked

Posted on 2006-10-25
18
257 Views
Last Modified: 2010-04-11
When in My Computer / My Network Places, there are two sections.  Local and Internet.

IN the INternet section there has always been an MSN entry.  All of a sudden a new one appeared.  It is

tmp on Davide Ramo (10.0.1.158)

I have no idea what it is or how it got there, but if I left or right click on it, explorer hangs
0
Comment
Question by:Alexjc01
  • 7
  • 4
  • 2
  • +2
18 Comments
 
LVL 31

Expert Comment

by:rid
ID: 17805612
What kind of network is this? Is there a firewall somewhere? Is 10.0.x.x a valid address on your LAN?
/RID
0
 

Author Comment

by:Alexjc01
ID: 17805732
It's a simple home network with a main pc and 2 laptops sharing files and a printer.  Internet connection comes into a router which has a wired connection to the main PC and a wireless to the laptops.

The strange entry is visable from one of the laptops.  It is a main folder

I have no such valid address
0
 
LVL 31

Expert Comment

by:rid
ID: 17805815
Well, I guess it's time for a thorough virus and malware scan. Download something you trust and/or believe can scan the computer(s) and then disconnect the suspect from the network and scan it. Are you running a server of any kind, visible to the internet? If so, close the connection (port forwarding) in the router for the time being.
/RID
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 

Author Comment

by:Alexjc01
ID: 17805939
No server...wouldn't know how
0
 
LVL 31

Expert Comment

by:rid
ID: 17806015
OK :) then it's time for virus scan.... Can't help you with specifics, unfortunately, but you may have comments from experts with more knowledge or you can search the site for "virus scan" or something similar; "free virus scanner" might be a search string that could be useful.
/RID
0
 

Author Comment

by:Alexjc01
ID: 17806113
I'm scanning with AVG in a second.  IT's a work laptop and only has XP Firewall and Symantic Anti-Virus.  I can't see how to scan the specific file with this tool so will use AVG
0
 

Author Comment

by:Alexjc01
ID: 17806140
If it's fine though, how do I get rid of this file?  I can neither left or right click on it nor find reference to it in the registry
0
 
LVL 31

Expert Comment

by:rid
ID: 17806171
Try it in safe mode...

Also, of course, check any autostarting processes/programs (msconfig or check the registry or the services applet in control panel>??? ; I don't have an english windows here to check the proper applet, sorry).
/RID
0
 
LVL 4

Expert Comment

by:expexchuser
ID: 17807124
Do you know anyone named Davide Ramo?  There are several of them
http://www.zabasearch.com/query1_zaba.php?sname=David%20Ramo&state=ALL&ref=%24ref&se=%24se&doby=&city=&name_style=1

Can you ping 10.0.1.158?

Without looking in detail, I would guess someone joined a rouge laptop to your network.  Can you log into and look at your wireless router to see logs etc?  I usually lock down wireless routers by MAC address, so only authorized NICs can use the connection.
0
 

Author Comment

by:Alexjc01
ID: 17809909
How can somebody do that.  I have the SSID hidden and the higher security level on my network?

Where can I check on my BT Voyager to find a log.

Do you think they were just stealing bandwidth?
0
 

Author Comment

by:Alexjc01
ID: 17809911
And no..I don't know anyone calld that for sure.
0
 
LVL 2

Expert Comment

by:apostle12
ID: 17811313
What you can do is do a lookup on the ip address/service provider and then do a people search on his name in that city until you think you have pretty much narrowed it down and then go knock on his door and ask him what the hell he wants.
0
 

Author Comment

by:Alexjc01
ID: 17811503
Well whilst not connected to the net, I was able to right click and delete the file.  Don;t know is that achieves anything but it's gone.  Seems there was nothing really suggested that did much good though I'm still interested if I can see what happened if expexchuser can continue that thread
0
 
LVL 4

Accepted Solution

by:
expexchuser earned 63 total points
ID: 17812988
apostle, the IP is most likely a nat ip address and even if it were real, at best you would probably only get the contact information to an ISP and go knock on their door.  And without a subpeona they'll just laugh at you.

Alex, if it's just your home network don't sweat it.  Just monitor to see if it appears again.  If it was a rogue, they were probably just trying to get at your bandwidth.  Post again if you see it again and reference a link back to this question.  It's hard to garner much info w/o the connection being live.
0
 
LVL 8

Assisted Solution

by:PatG042800
PatG042800 earned 62 total points
ID: 17816693
First of all, 10.x.x.x are non-routable addresses reserved for private LAN use.

http://en.wikipedia.org/wiki/Private_network

You will not be able ping this 10.x.x.x address anywhere outside of your own local network.

What address space is your home network set up in? Typical home use is 192.168.x.x but some routers do allow 10.x.x.x addressing. Typically the 10.x.x.x addressing is used in larger companies or maybe even a hotspot location.  Has the laptop in question ever been in another location?  Windows wireless can connect to hotspots automatically. Or if you plugged into a network somewhere else with the 10.x.x.x the tmp link could just be a remnant of a connection done outside of your home network.

Plain and simple, if your home network is not set up in the 10.0.1.x address space it is highly unlikely that this tmp link was a result of someone connecting to your network at home.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
non-domain members are not prompted for credentials 18 60
Palo Alto Networks - find the sec zone 3 64
ASP server side get value 15 35
Admin Certificates in my browser 2 31
It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question