?
Solved

Computer possibly hacked?  Remotely

Posted on 2007-07-31
13
Medium Priority
?
247 Views
Last Modified: 2013-12-04
I think someone has gained access to my computer

1.  I'd like to know how it is they are able to see what is on your desktop?

2.  How do I stop any and all remote anything that is on my computer ?

3.  Every time I disable remote netmeeting  desktop the next time I start my computer and check msconfig services its checked again.  How can I stop this ?

I am about to install vista operating system for the security of it.  Am I wasting my time?  I think this person can see everything I am doing the minute the computer is turned on . Including but not limited to seeing me.  I do NOT have any cams or anything installed on my computers so I do not know how this is happening. I have NOT downloaded anything suspicious from the net or from anyone and I have zone alarm internet security 2007 on my computer.  I do not use anything like messengers ( of any kind for anything )  I have not recieved any downloads from anyone basically I only talk to family on here.  
0
Comment
Question by:Smcf4
  • 3
  • 3
  • 2
  • +3
13 Comments
 
LVL 27

Accepted Solution

by:
Tolomir earned 1000 total points
ID: 19606707
Well first of all you should download suggestions given below and disconnect that computer from the network.

Then boot into safe mode (press F8 during bootup)

then run prevx 2.0 and superantispyware to scan for spyware.

You can get them here:

www.prevx.com
www.superantispyware.com

After you made a full system scan, reboot again, connect to the network and report.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 19606718
I would only upgrade to vista if all specifications are met:

Especially graphics driver, enough RAM + CPU speed, enough free diskspace.
Also you will need an upgrade/update all all non Microsoft programs you use, because of the new security measures UAC and such. Could be expensive. XP in contrast is supported by Microsoft up to 2014 so I, personally would not upgrade to vista...

Tolomir
0
 
LVL 32

Assisted Solution

by:r-k
r-k earned 1000 total points
ID: 19606726
Can you provide a bit more information:

(1) Why do you think someone is able to see everything on your desktop?
(2) Are you running XP with SP2, Home or Pro?
(3) How are you connected to the Internet?

I am quite sure that without a camera no one can see you, so you can relax on that point. Here are some steps you can take to secure your system right now:
(I am assuming you're using Windows XP SP2)

Start -> Control panel -> Windows Firewall
make sure the ON button is selected, and "check" the box that reads "Don't Allow Exceptions"

The above steps will pretty well block future intrusions, but we need to make sure nothing is currently lurking on your system, so do the following two things:

(1) Download Autoruns from: http://www.microsoft.com/technet/sysinternals/utilities/Autoruns.mspx
(2) Run the program. It lists a bunch of things that start when Windows starts.
(3) From the menu bar, select Options, and uncheck "Include Empty Locations" and "check" "Hide Microsoft Entries"
    Important -> Then click the Refresh button in the toolbar.
(4) This will give you a shorter, more meaningful list.
(5) Use the File -> Save as.. option in Autoruns to save the list to a text file and then cut and paste it here.

Next, get RootkitRevealer from  http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx and use it to scan your hard drive. It takes a while so be patient. Use File -> Save as... to save the results to any text file, then copy-and-paste the first 30 or so lines of the results here.

Re. upgrading to Vista it's something to consider for the future however there are many pros and cons and certainly the first priority should be to get the current system clean and secure first.

Thanks.


0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 19607546
to stop netmeeting stop the service...set it to disable.
start -> run -> services.msc
0
 
LVL 24

Expert Comment

by:SunBow
ID: 19629453
You can also delete the service if uninstall not available.

But for when you suspect others of doing some evil deeds to you, the better first step is to open task manager to look for strangers, and to edit the registry run keys for startup files. You may want to also review all shortcuts, to review that you need them, use them, and that they work as intended and do no more
0
 
LVL 24

Expert Comment

by:SunBow
ID: 19629472
With a firewall you can also block ports.
Netmeeting itself typically takes two, one remote and one locl, while you can go in or go out. Remote desktop only takes one. So I could remote desktop to your machine, to manage your end of netmeeting, but why? Once in and with rights, why start another session to access again at same time? Doable, but seems a waste. Neither works well for maladepts when user is conscious and noticing computer going out of control.

> Computer possibly hacked?  Remotely

I doubt it

> I think someone has gained access to my computer

Possible, these days, but not indicated by evidence supplied. So I don't think so, unless you hear or have heard them telling others what they see on screen. Easier by far to set up a webcamera over your head and peak live, or swipe your broadcast if you are going cordless, wifi or whatever

> 1.  I'd like to know how it is they are able to see what is on your desktop?

I won't tell you and any anonymous viewers how to do that - aside from comments above

> 2.  How do I stop any and all remote anything that is on my computer ?

A) unplug from internet, it is not safe and cannot be made completely safe, sorry. Plug into internet ad you've opened the door

B) Unplug from wall socket. No power/no hack. This is needed for more secure systems

so you don't need to be too secure, to access internet.

First rebuild computer from scratch, no unknown software - when not connected. Then apply all patches for SW being used. Add firwall, and not until then plug into internet. You can still be had, but not by no script kiddie, and the others would not be interested in just your system

Load software only from virgin CDs, not SW from some backup made.
0
 

Author Comment

by:Smcf4
ID: 19674861
Sunbow- I think you for your indepth explainations but a few things still remain..

1.  I do not want to know how to webcam ( whatever ) Just how to stop it .  

2.  I do NOT webcam with anyone I owned two and have two cameras that can be used as webcams but have never done it but this person seems to know what i'm wearing ??? I did not add that before because I know the thoughts that are running through your mind , but my children are with me constantly and I am married have been for 16 years ( seems like needless info for you but I felt in needed to be said to let you know I do not do anything like what must be assumed by now )

3.  I play yahoo games, have for about 5 years or a little longer  and when I go into a game room, things  I've said in my home, things i'm wearing and such are being made as an id.  I have witnesses to this so its not my imagination working overtime.

4. If someone did break into my computer and are using a webcam and go over my head ( as I said I'm not interested in doing it I JUST WANT TO STOP IT )  anything I can look for to see if this is happening to me?  can it be detected in safe mode?  Is there a way to stop this ?

I am looking on the internet now to replace all hardrives and network cards in my computer but I am wondering if I should also by a new motherboard as well.  Those are the 3 main things i can think of to replace , ( is there something more ? )

I was told hardrives aren't that expensive someone mentioned them being about 100.00 or a little more. Most of my computers are hp.  When I go to their website to replace it. Hp wants the old one and will give me a different one, I am concerned they are refurbished.  Also I am leery of my CC # and other private info falling into the wrong hands.  

By this point I'm sure you are going to tell me to get a new computer but I have so many computers buying new ones outright is not an option at the moment.

Also, can you tell me I am fairly sure when I bug my isp to make a new account they link it with the old ones ( mainly because when I call for a problem and they ask me the account info they repeat previous accounts we had before)  This has been an ongoing problem.

Will appreciate any suggestions


Thanks for all your effort

Sherry
0
 
LVL 32

Expert Comment

by:r-k
ID: 19674931
Did you try my couple of suggestions i.e. Autoruns and RootkitRevealer? That should show clearly whether anyone has installed trojan type programs on your computer. Please see my post above for details.

Re, people being able to see you, that can never happen remotely unless (a) there is a webcam attached to your computer (b) Then can see you through a window or (c) they are just guessing what you're wearing. The first two points you can easily establish and fix by visual inspection, the third is nothing to worry about.

As for your specific questions about how to remove and prevent these trojans, running the two programs and letting us know the results is the best way to indentify the problem, is any, before anyone can suggest a removal process.
0
 

Author Comment

by:Smcf4
ID: 19678319
Ok Rk I'm going to run those programs although I think i already did once and I don't think they found anything but i will do it again.  

Here is more to the situation at hand..  Somehow he knows what we are doing in the car or being said and what is being said while we are watching tv and the computers are computerly unplugged from the internet.  Follow my logic and then tell me if you think I am paranoid ok?  

If he has somehow infected my computer with a non-detectable trojan or virus.  Gained administrative rights,  which means everything on my computer is infected ( without knowing it at the time )  I copied some pictures onto a cd I placed them into my dvd recorder and was able to look at them ( the pictures from the computer that he is doing this on )  I also was able to play it in the playstation,  if these pictures were infected with a trojan would they infect those machines?  Also I sent some to my husbands cell phone , my cell phone and my daughters .  I think this is how he is hearing and seeing what is going on in our car.  When our cell phones are on he can see and hear everything.  Even makes ids up and follows me from room to room on yahoo games with these ids.  I'm not imagining it the things that are being seen and heard is not easily guessed by just anyone.  

And before you say it ,  NO, I am pretty sure he has not broken into my home or leaves around here.  

The other strange part is  he cannot see or hear anything that goes on in our dining room ,  our kids rooms , my bedroom or the bathroom.   Only the living room and again even when the computers are shut down,  power cord unplugged and speakers turned off.  

My daughter and I tested our theory on our car.  We had the cell phones turned off and spoke about something that was out of the ordinary something special.  He didn't repeat it.   Then we turned them on and spoke of something else that was different.  He repeated it even told us what we had on.  Which he couldn't know unless he sees us.

There are no webcam programs on my computer.  But to be certain there isn't some software left on here how can I find out ?  where can I check to make sure?  any particular port that shouldn't be opened that might be if he's compromised my system?  

I am enclosing a diagram of the setup of our living room to show you what I'm talking about.   I am not an artist and it looks like a child drew it but you will get the layout none the less.

[URL=http://img105.imageshack.us/my.php?image=diagramoflivingroomcw0.jpg][IMG]http://img105.imageshack.us/img105/5924/diagramoflivingroomcw0.th.jpg[/IMG][/URL]

Now, I'm going to try your suggestions again.  I know I sound completely paranoid but  I have witnessess
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 19678711
If you are serious about this - and I assume you are - then you need to allert the apropiate authorities immediately. This is not a 'normal' hack of your computer.
The above looks you have been bugged by someone who is stalking you. And it may not involve your computer only.
This is a serious crime and invasion of privacy with major penalties and possible jail time for the perpetrator (depending on your country of residence).
So gather evidence and some witnesses (preferably also outside your family) and go to the police.

BTW, replacing harddisk drives, motherboards and network cards is NOT a security measure.

J.
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 19678714
Oh, and don't destroy any evidence by trying to stop this.

J.
0
 
LVL 32

Expert Comment

by:r-k
ID: 19679280
I agree with PowerIT. This does not sound like a computer hack or trojan, but someone stalking you by other means, possibly. This is a case for law enforcement. Good luck!
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 19823251
Thank you for the points, but could we get any update on the scan results, if something was found, or what else.

Thank you.
Tolomir
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question