Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > help recovering from hack

Reply
Thread Tools

help recovering from hack

 
 
zigzag
Guest
Posts: n/a
 
      10-28-2004
Hi I could use a bit of help from someone in the know I'll just start from
the beginning

Until a few days back I had never had any trouble with virus or malicious
attacks in the 5 years I'd been online, I kept a low profile, never bothered
with chatrooms or places where you'd be noticed. Also at the time this
trouble started I had no protection as my norton internet security had
corrupted and I uninstalled it and hadn't reinstalled it yet. Anyway I was
on winmx and ran into some racist girl who didn't like the kind of music I
had shared and she started trying to hack me. All I had was the Winxp
firewall. I had a bad feeling about her and went to event viewer right away
and noticed she was changing IPSec policies and system policies so I
unplugged and reinstalled Norton Internet Security suite 2004 the next day.
I also backed this up with Zone Alarm. Anyway I do a port scan and it shows
that my ICMP Ping port, HTTP Port 80 and worse yet my Telnet port 23 are all
open. These ports are supposed to be stealthed if not being used and Im
definately not running anything that uses these ports. This isn't even a
full port scan just a scan of the most common ones. Also my msnmessenger
keeps wanting to open up as a server, I turn it off and it wants to open up
again though I can deny it with my firewall.
How do I close these ports manually? Or how do I find out what is using
these ports? Also is there anywhere I can go to find out what policy
changes she made? My virus scan shows there is no virus or trojan horse
present. any advice would be apreciated. Thanks in advance.

zigzag


 
Reply With Quote
 
 
 
 
zigzag
Guest
Posts: n/a
 
      10-28-2004

"zigzag" <(E-Mail Removed)> wrote in message
news:fy0gd.44236$%k.1767@pd7tw2no...
> Hi I could use a bit of help from someone in the know I'll just start

from
> the beginning
>
> Until a few days back I had never had any trouble with virus or

malicious
> attacks in the 5 years I'd been online, I kept a low profile, never

bothered
> with chatrooms or places where you'd be noticed. Also at the time this
> trouble started I had no protection as my norton internet security had
> corrupted and I uninstalled it and hadn't reinstalled it yet. Anyway I was
> on winmx and ran into some racist girl who didn't like the kind of music I
> had shared and she started trying to hack me. All I had was the Winxp
> firewall. I had a bad feeling about her and went to event viewer right

away
> and noticed she was changing IPSec policies and system policies so I
> unplugged and reinstalled Norton Internet Security suite 2004 the next

day.
> I also backed this up with Zone Alarm. Anyway I do a port scan and it

shows
> that my ICMP Ping port, HTTP Port 80 and worse yet my Telnet port 23 are

all
> open. These ports are supposed to be stealthed if not being used and Im
> definately not running anything that uses these ports. This isn't even a
> full port scan just a scan of the most common ones. Also my msnmessenger
> keeps wanting to open up as a server, I turn it off and it wants to open

up
> again though I can deny it with my firewall.
> How do I close these ports manually? Or how do I find out what is using
> these ports? Also is there anywhere I can go to find out what policy
> changes she made? My virus scan shows there is no virus or trojan horse
> present. any advice would be apreciated. Thanks in advance.
>
> zigzag


I just noticed something. Looking through the program access in both
firewalls I see a
program called "generic host process for win 32 services" and it's wanting
server rights, or access or whatever you want to call it. I don't know what
this is, or what is keeping my ports open when they should be stealth. Does
anyone know what this is?


 
Reply With Quote
 
 
 
 
KG6VQE
Guest
Posts: n/a
 
      10-28-2004
Zigzag,
What you are experiencing is typical of having a PC on an open Internet
port. First, I suggest you go to www.grc.com, and run "Shields Up". It is
FREE, and will tell you what is open, and what is not. Second, there are
three services that are open, that Steve Gibson has patches for. Third,
there are tools for testing your firewall vulnerability.
Lastly, I STRONGLY suggeest you go to a hardware firewall/Router. Unless
you are using a dial up account (which makes firewall prevention more
complicated), they do a much better job of preventing hacking. You
basically close all incoming ports, and also you NAT (network address
translation) your IP address, so you then have a "Non- Routable" Private IP
address behind the router.
There are just too many services that Microsoft has running that you have to
watch out for.
I run a IT shop with about 20 PC's behind a strong firewall, and no hacking
ever takes place...I even can watch Ports 23, 445, 135-137 probes into my
firewall, but none get through.
You can still run all your apps. and you can put your PC in a DMZ (between
the firewall and your outside Cable/DSL modem), and have it still protected
(if you want remote access or run a web/FTP server)..

Lastly, I also highly suggest this tool from www. sysinternals.com. It is
called TCPVIEW. It will show you what activity is taking place on your
network stack, and let you see who or what has connected. It is FREE. I
also use PROCESS VIEWER, and it works great...Anytime my PC is acting up, I
run this utility, and can see EXACTLY what is running....then kill it off.

Think of the Internet as the mideval times...You live in a castle, and have
to have a mote and draw bridge, to prevent the hackers from coming in.
Having your PC on the Intenet is like living in a straw house....

For commercial routers, I have used Linksys, Belkin, and D-Link. My local
computer store has CABLE/DSL Routers on sale for $8.00 (after
rebate)...surely you can afford that. If you can't, let me know, and I will
"DONATE" one for you. I am independant computer consultant...I do not make
money off helping people.
I own several "professional" Router/Firewall units. I have purchased them
from EBAY. The SOHO units from WATCHGUARD work well, and are relatively
cheap ($25-$50). It generates a SYSLOG so that I get a recording of all
incoming and outgoing activity.

good luck,


 
Reply With Quote
 
Rasta Robert
Guest
Posts: n/a
 
      10-28-2004
On 2004-10-28, zigzag <(E-Mail Removed)> wrote:
>
> I just noticed something. Looking through the program access in both
> firewalls I see a
> program called "generic host process for win 32 services" and it's wanting
> server rights, or access or whatever you want to call it. I don't know what
> this is, or what is keeping my ports open when they should be stealth. Does
> anyone know what this is?
>


Do I understand correctly that you are running both the firewall
from the Norton suit as well as Zone Alarm?
Running two software firewalls simultaneously can give unpredictable
results and is unadvisable.

--
<http://rr.www.cistron.nl/> -!- <http://www.rr.dds.nl/>
 
Reply With Quote
 
Bill Unruh
Guest
Posts: n/a
 
      10-28-2004
"zigzag" <(E-Mail Removed)> writes:

]Hi I could use a bit of help from someone in the know I'll just start from
]the beginning

] Until a few days back I had never had any trouble with virus or malicious
]attacks in the 5 years I'd been online, I kept a low profile, never bothered
]with chatrooms or places where you'd be noticed. Also at the time this
]trouble started I had no protection as my norton internet security had
]corrupted and I uninstalled it and hadn't reinstalled it yet. Anyway I was
]on winmx and ran into some racist girl who didn't like the kind of music I
]had shared and she started trying to hack me. All I had was the Winxp
]firewall. I had a bad feeling about her and went to event viewer right away
]and noticed she was changing IPSec policies and system policies so I
]unplugged and reinstalled Norton Internet Security suite 2004 the next day.
]I also backed this up with Zone Alarm. Anyway I do a port scan and it shows
]that my ICMP Ping port, HTTP Port 80 and worse yet my Telnet port 23 are all
]open. These ports are supposed to be stealthed if not being used and Im
]definately not running anything that uses these ports. This isn't even a
]full port scan just a scan of the most common ones. Also my msnmessenger
]keeps wanting to open up as a server, I turn it off and it wants to open up
]again though I can deny it with my firewall.
] How do I close these ports manually? Or how do I find out what is using
]these ports? Also is there anywhere I can go to find out what policy
]changes she made? My virus scan shows there is no virus or trojan horse
]present. any advice would be apreciated. Thanks in advance.

Advice: Reinstall.


 
Reply With Quote
 
zigzag
Guest
Posts: n/a
 
      10-29-2004
Thanks for the advices KG6VQE, and Bill. Paritcularly for the offer of the
router if I needed it. I'm sure I can scrape together the $8.

I'd consider the re-install if I didn't have 20 or more gigs of important
(to me) instructional information that took me many many dozens of hours to
get on winmx.

zigz


 
Reply With Quote
 
Apollo
Guest
Posts: n/a
 
      10-29-2004
zigzag wrote:
> Thanks for the advices KG6VQE, and Bill. Paritcularly for the offer
> of the router if I needed it. I'm sure I can scrape together the $8.
>
> I'd consider the re-install if I didn't have 20 or more gigs of
> important (to me) instructional information that took me many many
> dozens of hours to get on winmx.
>


That's exactly the reason you should put your important data on a second
partition or second drive.

I would re-install, you won't be completely sure it's clean until then.
Find a free/shareware partitioning tool and re-size your OS partition,
create a data partition and move your important stuff there, then a
re-install becomes much simpler.

I can't recommend a free tool to this, I use Partition Magic, but there
are plenty of freeware / shareware tools around that can resize
partitions without loosing data.

A NAT router will give you a very good level of basic security, combine
this with one software firewall and one anti-virus package and you will
be safe from most things.

Google for and read a few reviews on the various firewall / AV packages
out there, the most well known ones (especially Norton) are regularly
out-performed by less well known packages.

HTH

--
Apollo


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help recovering Word file Aubrey Hemler Computer Support 4 03-29-2008 04:11 PM
Need help in recovering data P. Lui Computer Support 1 01-12-2004 11:05 PM
Need help recovering first memories of my daughter :( Dan Computer Support 3 08-20-2003 01:26 PM
Re: Need help recovering lost memories from dead Hard Drive :( paul s Computer Support 0 08-19-2003 06:23 PM
Re: Need help recovering lost memories from dead Hard Drive :( Cuanto Computer Support 0 08-19-2003 05:59 PM



Advertisments