Jump to content

Being hacked and OS exploit detection


HolyRoller
 Share

Recommended Posts

Allow me to explain as contritely as possible.

 

This all began about four years ago. I built my own pc, I purchased two different versions of windows xp from a local pc store. One xp pro 32 the other windows xp 64 bit.

My first ISP was verizon at the time. This is right after they laid the new fiber optic cables. My router began being flooded with massive amounts of data and contacting ip addresses world wide, even when the pc was not in any use at all. I began a carefully calculated lock down of remote ports and exploit ports. When I finally had the problem defeated within a few min my router was destroyed internally so I had to get a new one from verizon.

 

Fast forward many months of stolen data, mistreatment, harassment and remote destruction of my natural psychological state I called Microsoft. This call was made when they still used the India off shore company to handle all of their tech support calls (they no longer do because of them being rip off artists). They ran me through a closed remote administrative process to ensure validation of not just the installed operating system, but of both of the disks themselves. After a lengthy process the disks were found to be invalid and fakes distributed from remote locations in two different countries. One in China, the other in Russia. I guessed they were root kitted and crammed full of enough remote administration trojans to choke a horse.

 

So I sent them into the FBI with a detailed list of all IP addresses that got connected to my pc. I then switched ISP's. Before plugging in I reformatted using a windows xp disk purchased from a local college which I knew to be safe. Upon hooking to the net after completion of a lengthy security hardening process I waited for the odd behavior to begin again. Soon after it did I downloaded the isp provided virus scanner. Once the virus was found and turned in by myself through anon means, it was found that a total of 2,483 pc's world wide had been infected by the same virus.

 

Thinking I was in the clear, I began further processes of research, writing and information gathering as per my normal experience and use of the internet. Then the strangeness started up all over again. A few days ago now, my processes lowered down to no more than 7, my fire wall was turned off, my sound card control board was turned off, my graphics card control board was turned off. It almost appeared as though someone was either remote administrating my pc, or somehow had forced me into a virtual machine copy of my own PC before I installed any of my own software. However all my files existed on my desktop as per the norm. Instead of taking a screen capture I restarted, then I realized I had been had. I should have realized it sooner.

 

Do any of you know of a way to do this. I mean either force someone into a virtual pc copy while controlling their actual pc and keeping them running in a virtual machine. Or creating a remote administrative program that forces them to use your pc while you use theirs? Or perhaps even just control all processes and hide from them the end reality of their own pc while you exploit them? because that is what is happening to me.

Link to comment
Share on other sites

Allow me to explain as contritely as possible.

 

This all began about four years ago. I built my own pc, I purchased two different versions of windows xp from a local pc store. One xp pro 32 the other windows xp 64 bit.

My first ISP was verizon at the time. This is right after they laid the new fiber optic cables. My router began being flooded with massive amounts of data and contacting ip addresses world wide, even when the pc was not in any use at all. I began a carefully calculated lock down of remote ports and exploit ports. When I finally had the problem defeated within a few min my router was destroyed internally so I had to get a new one from verizon.

 

Fast forward many months of stolen data, mistreatment, harassment and remote destruction of my natural psychological state I called Microsoft. This call was made when they still used the India off shore company to handle all of their tech support calls (they no longer do because of them being rip off artists). They ran me through a closed remote administrative process to ensure validation of not just the installed operating system, but of both of the disks themselves. After a lengthy process the disks were found to be invalid and fakes distributed from remote locations in two different countries. One in China, the other in Russia. I guessed they were root kitted and crammed full of enough remote administration trojans to choke a horse.

 

So I sent them into the FBI with a detailed list of all IP addresses that got connected to my pc. I then switched ISP's. Before plugging in I reformatted using a windows xp disk purchased from a local college which I knew to be safe. Upon hooking to the net after completion of a lengthy security hardening process I waited for the odd behavior to begin again. Soon after it did I downloaded the isp provided virus scanner. Once the virus was found and turned in by myself through anon means, it was found that a total of 2,483 pc's world wide had been infected by the same virus.

 

Thinking I was in the clear, I began further processes of research, writing and information gathering as per my normal experience and use of the internet. Then the strangeness started up all over again. A few days ago now, my processes lowered down to no more than 7, my fire wall was turned off, my sound card control board was turned off, my graphics card control board was turned off. It almost appeared as though someone was either remote administrating my pc, or somehow had forced me into a virtual machine copy of my own PC before I installed any of my own software. However all my files existed on my desktop as per the norm. Instead of taking a screen capture I restarted, then I realized I had been had. I should have realized it sooner.

 

Do any of you know of a way to do this. I mean either force someone into a virtual pc copy while controlling their actual pc and keeping them running in a virtual machine. Or creating a remote administrative program that forces them to use your pc while you use theirs? Or perhaps even just control all processes and hide from them the end reality of their own pc while you exploit them? because that is what is happening to me.

 

Microsofts XPs have lots of security holes and any half-expert hacker can write a program to control your PC remotely. I had a similar problem with a official XP professional edition. One day my computer it alone automatically dial-up to internet and when it got connection I could detect flow of data from my computer, but I could not disconnect or control the computer (fortunately modem was external and I was able to disconnect it manually).

 

Latter, when I did learn a bit more about computers I was able to trace the hacker to China and I was able to find the trojan hidden in some obscure system's folder. The problem is that when I eliminated it from the hard disk, the trojan was somewhat reintroduced when I connected to internet again. Installation of service packs for XP (those service packs eliminate hundred of security holes that people can use to enter in your computer) plus a good antivirus plus a good firewall mitigated rather the situation, but did not eliminate completely the attacks.

 

After several months trying to find a solution, I abandoned that insecure operative system and installed a Linux distribution. Since then I forgot antivirus and firewalls... I would recommend you to install a secure and modern operative system.

Edited by juanrga
Link to comment
Share on other sites

Is your computer connected directly to the Internet, or does it connect to a wireless router of some kind?

 

It's highly unlikely that anyone is directly accessing your machine and manually manipulating it; viruses are good business, and so they're entirely automated. The symptoms you describe do not sound like any virus I know. If your graphics and sound cards are turning off, I'd suggest checking your PC to ensure the power supply is functioning well and the system is not overheating.

 

juanrga is right to suggest XP is rather insecure. I'd suggest installing a clean copy of Windows 7 (or Linux, if you so choose), installing all the security updates immediately, and then installing Microsoft Security Essentials or another good antivirus program. Use the latest version of your Internet browser and use Plugin Check to make sure your plugins are up to date.

 

If you really want, you could set up a virtual machine in VMWare or Virtualbox and connect it to your router. Then set up a DMZ on the router to point incoming traffic to the virtual machine. However, it's vastly more likely that you'll pick up a virus during web browsing than it is that it'll remotely infect your computer.

Link to comment
Share on other sites

Is your computer connected directly to the Internet, or does it connect to a wireless router of some kind?

 

It's highly unlikely that anyone is directly accessing your machine and manually manipulating it; viruses are good business, and so they're entirely automated. The symptoms you describe do not sound like any virus I know. If your graphics and sound cards are turning off, I'd suggest checking your PC to ensure the power supply is functioning well and the system is not overheating.

 

juanrga is right to suggest XP is rather insecure. I'd suggest installing a clean copy of Windows 7 (or Linux, if you so choose), installing all the security updates immediately, and then installing Microsoft Security Essentials or another good antivirus program. Use the latest version of your Internet browser and use Plugin Check to make sure your plugins are up to date.

 

If you really want, you could set up a virtual machine in VMWare or Virtualbox and connect it to your router. Then set up a DMZ on the router to point incoming traffic to the virtual machine. However, it's vastly more likely that you'll pick up a virus during web browsing than it is that it'll remotely infect your computer.

 

Its not the graphics card itself shutting off. Its just portions of the software. Like the software control board for sound max, and the software control board for invidia, and the software control board for norton as well as a myriad of other software programs including internal windows xp services. Right now I am behind two fire walls, one linux based on my router and one windows based on my pc from norton. The wireless router is Mac address locked so only Mac addresses as I specify can get through.

 

But what I saw, when this strange thing happened, was all services off, internet functioning fine, nvidia software control panel gone, sound max control panel gone and norton control panel gone as well as the windows based sound control "speaker" icon gone. I checked the processes in the task manager, only 7 were running. It was literally like all the sudden whatever was going on I could see and that my pc and my desktop were either copied or transported over to another pc running no firewall or any of the software. Before when I tracked down what was going on it went back to Russia and China. Now there is nothing to track down. It is as if I my pc is being run on a virtual machine on another pc while they use my pc, wherein somehow I accidently saw what was going on or someone turned off all those services instantly to show me what was going on. Or even perhaps they remoted me and showed me their desktop with all my personal property on it.

 

The questions here are. How do I make them stop? How do I catch them? How do I determine if its law enforcement? Could it be Microsoft? And finally, since what I saw is possible, how on earth are they doing it?

 

 

 

Link to comment
Share on other sites

I don't buy the virtual machine hypothesis. Malware is capable of hiding itself without such trickery. It's possible that malware could disable system processes and virus scanners to hide itself.

 

You may want to run something like Windows Defender Offline, which scans the system for viruses without firing up Windows, giving the viruses no chance to hide themselves.

Link to comment
Share on other sites

I don't buy the virtual machine hypothesis. Malware is capable of hiding itself without such trickery. It's possible that malware could disable system processes and virus scanners to hide itself.

 

You may want to run something like Windows Defender Offline, which scans the system for viruses without firing up Windows, giving the viruses no chance to hide themselves.

 

LOL windows defender, thats funny right there, that is the most hilarious joke I have ever heard in my entire life.

 

This is more advanced than just regular everyday malware. Someone is up to something serious very serious.

I am out millions, my life itself has been damaged and I am trying to figure out how they are doing this.

So lets all get our thinking caps on, and try and figure out how they are doing this.

 

lets get thinking here people

 

 

 

Link to comment
Share on other sites

I somehow got caught out in a phishing scam recently, lost access to my Facebook. Not that it mattered, I don't use it much and hate it, and it took less that 5 minutes to get back.

Sounds like you have a trojan horse, my friend; either Orifice or Netbus. I have no idea how to get rid of it for certain, only on windows 98 dry.gif.

 

But at least now you probably know what you're dealing with and can research it (there's stuff everywhere online about it). Just don't ironically pick one up when looking to fix it by visiting dodgy sites and downloading everything.

 

Do not get Windows Security Essentials biggrin.gif Its only function is to welcome viruses as they stroll on in.

 

Consider paying for decent security protection, or get Malwarebytes, for free. Malwarebytes always does a good job and detects malicious items bar none.

 

 

 

Helpful Link: http://curiosity.dis...mputer-remotely

 

Latter, when I did learn a bit more about computers I was able to trace the hacker to China and I was able to find the trojan hidden in some obscure system's folder.

 

After several months trying to find a solution, I abandoned that insecure operative system and installed a Linux distribution. Since then I forgot antivirus and firewalls... I would recommend you to install a secure and modern operative system.

 

I'd be interested to know how you traced the hacker.

 

I can trace malicious emails back to their sources, and they are forever coming from China, sometimes California, USA. Not surprising seeing as hackers are being trained in their masses in China.

Edited by Iota
Link to comment
Share on other sites

Ignore Iota dissing MSE...it's equal to anything. Use Malwarebytes and Superantispyware as on-demand scanners.

 

Best thing to do is a clean reinstall and then image that clean installation to another drive or partition...if you suspect in the future you've got another bit of malware just reimage with the good image, It takes 15 mins to half an hour to reimage to a good image depending on the data size. I use Macrium Reflect Free. Imaging cures all manner of computer ills...do it. ;)

Edited by StringJunky
Link to comment
Share on other sites

Ignore Iota dissing MSE...it's equal to anything. Use Malwarebytes and Superantispyware as on-demand scanners.

 

It doesn't detect or deal with half as many threats as Malwarebytes does xD.

Link to comment
Share on other sites

It doesn't detect or deal with half as many threats as Malwarebytes does xD.

 

No single scanning option is best....that's why three are listed together and used in series. Take your pick out of Avast, Avira or MSE for always on use that are also free...Malwarebytes constant protection is not free.

Link to comment
Share on other sites

No single scanning option is best....that's why three are listed together and used in series. Take your pick out of Avast, Avira or MSE for always on use that are also free...Malwarebytes constant protection is not free.

 

Ah I see your point, although I didn't claim that any one is the best- I just pointed out that MSE has low effectiveness, from past experience and lots of ratings. Even teamed with other programs it doesn't really play a valued role.

 

I've had Malwarebytes for years, for free. Downloaded from the official website.

Edited by Iota
Link to comment
Share on other sites

I'd be interested to know how you traced the hacker.

 

I can trace malicious emails back to their sources, and they are forever coming from China, sometimes California, USA. Not surprising seeing as hackers are being trained in their masses in China.

 

It was several years ago and I do not remember now the details. I suppose that I was able to obtain the IP either from the firewall (during a attack) or I was able to find the IP in the source code of the trojan. But it was many time ago and I do not remember many details (for instance I do not remember now the name of the trojan neither the antivirus/firewall combination I used then).

Link to comment
Share on other sites

Ah I see your point, although I didn't claim that any one is the best- I just pointed out that MSE has low effectiveness, from past experience and lots of ratings. Even teamed with other programs it doesn't really play a valued role.

 

I've had Malwarebytes for years, for free. Downloaded from the official website.

 

I've used MSE from its release and have yet to have malware in my system. I frequent a computer forum and it is just about unheard there to hear people say: "I an infection and I'm using MSE...how do I get rid of it?" AVG is another story! Every system and user combination is different so all that matters is that it works for any given scenario, regardless of which one scores the highest test ratings.

Link to comment
Share on other sites

I've used MSE from its release and have yet to have malware in my system.

 

Okay, great it's worked for you, but that's not necessarily a causation. Seeing as you're computer savvy so probably browse the web quite safely anyway.

 

I frequent a computer forum and it is just about unheard there to hear people say: "I an infection and I'm using MSE...how do I get rid of it?" AVG is another story! Every system and user combination is different so all that matters is that it works for any given scenario, regardless of which one scores the highest test ratings.

 

Very similar scenarios- 'browsing the web daily and need protection when security's compromised', basically put. The test ratings have meaning and can't just be thrown to one side really.

 

It's a possibility that the reason why you never hear people reporting infections while using MSE is that it doesn't pick them up.

 

I think we're both set on our differing opinions of MSE so I'll leave it at that. I agree with you when it comes to AVG though.

Edited by Iota
Link to comment
Share on other sites

Okay, great it's worked for you, but that's not necessarily a causation. Seeing as you're computer savvy so probably browse the web quite safely anyway.

 

 

 

Very similar scenarios- 'browsing the web daily and need protection when security's compromised', basically put. The test ratings have meaning and can't just be thrown to one side really.

 

It's a possibility that the reason why you never hear people reporting infections while using MSE is that it doesn't pick them up.

 

I think we're both set on our differing opinions of MSE so I'll leave it at that. I agree with you when it comes to AVG though.

 

If one uses MSE realtime, then uses SAS and MB scanners regularly and they consistently come up empty, MSE is doing its job is it not?

 

I'll agree to disagree with you and yes I'm quite computer savvy user-wise so I'm not really vulnerable through ignorance and know where to avoid. I know when I'm going into malware-infested territory, which I used to do do to test things out. :)

 

My general strategy is to use AV's for detection and reimaging for malware removal if it happens.

Link to comment
Share on other sites

Its not the graphics card itself shutting off. Its just portions of the software. Like the software control board for sound max, and the software control board for invidia, and the software control board for norton as well as a myriad of other software programs including internal windows xp services. Right now I am behind two fire walls, one linux based on my router and one windows based on my pc from norton. The wireless router is Mac address locked so only Mac addresses as I specify can get through.

 

But what I saw, when this strange thing happened, was all services off, internet functioning fine, nvidia software control panel gone, sound max control panel gone and norton control panel gone as well as the windows based sound control "speaker" icon gone. I checked the processes in the task manager, only 7 were running. It was literally like all the sudden whatever was going on I could see and that my pc and my desktop were either copied or transported over to another pc running no firewall or any of the software. Before when I tracked down what was going on it went back to Russia and China. Now there is nothing to track down. It is as if I my pc is being run on a virtual machine on another pc while they use my pc, wherein somehow I accidently saw what was going on or someone turned off all those services instantly to show me what was going on. Or even perhaps they remoted me and showed me their desktop with all my personal property on it.

 

The questions here are. How do I make them stop? How do I catch them? How do I determine if its law enforcement? Could it be Microsoft? And finally, since what I saw is possible, how on earth are they doing it?

 

 

 

 

BACK ON TOPIC! Please don't hijack the thread. Malware this or that is not going to help, MSE is not going to help. This is something outside the norm to deal with. Someone is up to something extremely illeagal.

 

 

 

Link to comment
Share on other sites

BACK ON TOPIC! Please don't hijack the thread. Malware this or that is not going to help, MSE is not going to help. This is something outside the norm to deal with. Someone is up to something extremely illeagal.

 

I'm sorry if you think we are hijacking but the solution is to think about your security strategy. Get over it, the threat of people trying to take over your pc and its information is part of daily life and you should focus on the weaknesses of your system and strengthen them.

Link to comment
Share on other sites

The questions here are. How do I make them stop?

String Junky proposed a good method for this. Try it.

How do I catch them?

No simple or complex answer can explain to you how to do this. It could easily be an impossible task, it all depends.

 

 

How do I determine if its law enforcement?

Why would it be law enforcement?

Could it be Microsoft? No.

 

And finally, since what I saw is possible, how on earth are they doing it?

I proposed an answer for this. Research Netbus and Orifice.

Link to comment
Share on other sites

 

String Junky proposed a good method for this. Try it.

 

 

No simple or complex answer can explain to you how to do this. It could easily be an impossible task, it all depends.

 

 

 

Why would it be law enforcement?

 

Could it be Microsoft? No.

 

 

 

I proposed an answer for this. Research Netbus and Orifice.

 

Script kiddie deployment programs such as net bus, back door sd bot and orifice are not enough to cause what is going on. (just so you know, microsoft has to build in remote administrative back doors for use by the government including law enforcement, the FBI and the CIA into each of its operating systems. That is why every six months or so A GIANT RAPE SECURITY FLAW WITH REMOTE ADMINISTRATIVE ABILITY HAS TO BE PATCHED.)

 

Whatever this person on the outside is doing, they have something or know something they are not supposed to know. The connection makes no arrival in firewall logs either interior or exterior to my pc. No services are high jacked during the process and no extra processes begin running. I know it is something heavy duty and well hidden and also possible because when I got hacked 2 years ago I also had the Feds remote into my pc and they bypassed both of my firewalls in under 5 seconds and where looking through my files to determine what other trojans had been dropped in due to the software. I have been through just about everything including "string junkies" idea.

 

For instance, the processes being shut off and the internet still working as well as all sound and other peripheral devices. Was that remote services management? Or was it the trojan being shut off and a demonstration of all peripheral software device control being useless and nothing more than trojan monitoring software from different companies?

 

 

 

 

Script kiddie deployment programs such as net bus, back door sd bot and orifice are not enough to cause what is going on. (just so you know, microsoft has to build in remote administrative back doors for use by the government including law enforcement, the FBI and the CIA into each of its operating systems. That is why every six months or so A GIANT RAPE SECURITY FLAW WITH REMOTE ADMINISTRATIVE ABILITY HAS TO BE PATCHED.)

 

Whatever this person on the outside is doing, they have something or know something they are not supposed to know. The connection makes no arrival in firewall logs either interior or exterior to my pc. No services are high jacked during the process and no extra processes begin running. I know it is something heavy duty and well hidden and also possible because when I got hacked 2 years ago I also had the Feds remote into my pc and they bypassed both of my firewalls in under 5 seconds and where looking through my files to determine what other trojans had been dropped in due to the software. I have been through just about everything including "string junkies" idea.

 

For instance, the processes being shut off and the internet still working as well as all sound and other peripheral devices. Was that remote services management? Or was it the trojan being shut off and a demonstration of all peripheral software device control being useless and nothing more than trojan monitoring software from different companies?

 

 

 

 

Its either Microsoft or someone else.

Just found two additions to my firewall that I never put in. Both of them are non record exceptions.

 

1. Windows remote management. TCP 5985

2. Windows remote management - Compatability Mode (HTTP-in) Port 80 tcp <--always thought there was an exploit for port 80 for remote admin.

 

 

Link to comment
Share on other sites

Sounds like you're asking for illicit advice now. doh.gif

 

I know it is something heavy duty and well hidden and also possible because when I got hacked 2 years ago I also had the Feds remote into my pc and they bypassed both of my firewalls in under 5 seconds

 

My question about that is: how could you possibly know it was the Feds? Did they leave a message in notepad saying "Feds waz 'ere". Or clumsily leave an IP address lying around that openly corresponds to CIA HQ?

 

If you was under real Federal interest, they wouldn't mess about hacking into your computer again and again. They would raid your house, confiscate your computer(s), and throw you in the slammer until they found the evidence they needed. And they'd be reading this forum, right now.

 

My only advice from this point on; 'if' you're involved in something that's putting you at risk of federal surveillance, stop being involved in it, with immediate effect. You will get caught eventually.

 

If a malicious hacker is getting into your PC with information that you don't want them to have; don't put it on your PC. It's not a safe place for highly important stuff.

 

You describe the symptoms like there's a fire somewhere, but you can't see it, and there's no smoke anywhere, but you know it exists.

Link to comment
Share on other sites

Sounds like you're asking for illicit advice now. doh.gif

 

 

 

My question about that is: how could you possibly know it was the Feds? Did they leave a message in notepad saying "Feds waz 'ere". Or clumsily leave an IP address lying around that openly corresponds to CIA HQ?

 

If you was under real Federal interest, they wouldn't mess about hacking into your computer again and again. They would raid your house, confiscate your computer(s), and throw you in the slammer until they found the evidence they needed. And they'd be reading this forum, right now.

 

My only advice from this point on; 'if' you're involved in something that's putting you at risk of federal surveillance, stop being involved in it, with immediate effect. You will get caught eventually.

 

If a malicious hacker is getting into your PC with information that you don't want them to have; don't put it on your PC. It's not a safe place for highly important stuff.

 

You describe the symptoms like there's a fire somewhere, but you can't see it, and there's no smoke anywhere, but you know it exists.

 

To your first question. I called the local FBI office on discovery of the first time I got hacked and gave the desk Sargent my IP address, then I observed the behavior of them busting in.

This is where reading my entire post comes in handy, instead of just posting a comment without any knowledge of the previous happenings.

 

If you notice the section where I discovered two remote back doors opened on my firewall that were not there before, 5985 and 80 exploit point. You would realize what the actual conversation is. Lets get thinking here. Because there has to be some type of identifier I can use to determine the exact moment of entry. Whatever they use to get in is hidden very well.

 

 

 

 

Sounds like you're asking for illicit advice now. doh.gif

 

 

 

My question about that is: how could you possibly know it was the Feds? Did they leave a message in notepad saying "Feds waz 'ere". Or clumsily leave an IP address lying around that openly corresponds to CIA HQ?

 

If you was under real Federal interest, they wouldn't mess about hacking into your computer again and again. They would raid your house, confiscate your computer(s), and throw you in the slammer until they found the evidence they needed. And they'd be reading this forum, right now.

 

My only advice from this point on; 'if' you're involved in something that's putting you at risk of federal surveillance, stop being involved in it, with immediate effect. You will get caught eventually.

 

If a malicious hacker is getting into your PC with information that you don't want them to have; don't put it on your PC. It's not a safe place for highly important stuff.

 

You describe the symptoms like there's a fire somewhere, but you can't see it, and there's no smoke anywhere, but you know it exists.

 

To your first question. I called the local FBI office on discovery of the first time I got hacked and gave the desk Sargent my IP address, then I observed the behavior of them busting in.

This is where reading my entire post comes in handy, instead of just posting a comment without any knowledge of the previous happenings.

 

If you notice the section where I discovered two remote back doors opened on my firewall that were not there before, 5985 and 80 exploit point. You would realize what the actual conversation is. Lets get thinking here. Because there has to be some type of identifier I can use to determine the exact moment of entry. Whatever they use to get in is hidden very well.

 

Sounds like you're asking for illicit advice now. doh.gif

 

 

 

My question about that is: how could you possibly know it was the Feds? Did they leave a message in notepad saying "Feds waz 'ere". Or clumsily leave an IP address lying around that openly corresponds to CIA HQ?

 

If you was under real Federal interest, they wouldn't mess about hacking into your computer again and again. They would raid your house, confiscate your computer(s), and throw you in the slammer until they found the evidence they needed. And they'd be reading this forum, right now.

 

My only advice from this point on; 'if' you're involved in something that's putting you at risk of federal surveillance, stop being involved in it, with immediate effect. You will get caught eventually.

 

If a malicious hacker is getting into your PC with information that you don't want them to have; don't put it on your PC. It's not a safe place for highly important stuff.

 

You describe the symptoms like there's a fire somewhere, but you can't see it, and there's no smoke anywhere, but you know it exists.

 

I am not doing anything to get the feds in here. Before when I got hacked I actually called the desk Sargent at the fbi and gave them my direct IP. They got through both firewalls in about 6 seconds and again, were in digging through files to determine what other trojans had been dropped in due to the fake MS software.

 

Now, someone added to exceptions to my firewall to allow for tcp 5985 remote admin and 80 remote admin to be used. I don't use remote administrative programs, ever. So how are they doing this, why are they doing this and most importantly what do I need to do in order to make them stop, or catch them so I can either sue or report their illeagal activities to the proper law enforcement.

 

 

Link to comment
Share on other sites

sub7? blackhole ek?

 

Your NOT getting hacked through port 80; Theres a short list of reasons to be hacked.

 

your in a botnet

you have access to sensitive data (c-card db dumps)

your doing something against the law

OR

your working at the bleeding edge of some technology (governmental)

 

you definitely did not track any hacker down to china or russia because hackers use proxies and shell into servers here there and everywhere to cover their tracks.

 

Why would someone target you specifically?

 

try netstat (-n) to determine any addresses that shouldnt be there, check your services for signatures wmic:Service and use netsh:advfirewall to get your firewall locked down.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.