Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Is my computer compromised?

Reply
Thread Tools

Is my computer compromised?

 
 
Kompu Kid
Guest
Posts: n/a
 
      03-23-2009
I have built myself a new computer recently. I still have not fully
deployed it and keep using the old computer.

Today I started the computer and discovered that some internet related
software such as Skype, MSN messenger, etc. are not working.

Digging deeper I found out that the computer is not seeing the router.
I started the repair process, no success.

When I tried to find out what IP the computer has with the cmd window,
I found out that there was a "regedit" command issued recently--the
"run" box keeps the last command issued.

I also found out that the computer has an "169.254.187.13" IP address
instead of 192.168.2.5 that it usually gets through DHCP.

The computer is running XP professional and has the latest updates. I
have AVG's basic version as an antivirus software and the security. I
also have Spybot-SD.

I am able to get the computer connected to Internet by manually
assigning it an IP address, etc. DHCP won't work.

I did some search on "169.254.187.13" IP address, but I cannot figure
out who owns it. Any ideas as to how I can find out?
I cannot figure out what was done with the regedit command. Any idea
how I can do this?

I am currently running a scan with AVG and will later run Trendmicro's
"Housecalls".

What else would you do?

Thanks!

Deguza
 
Reply With Quote
 
 
 
 
1PW
Guest
Posts: n/a
 
      03-23-2009
On 03/23/2009 12:54 AM, Kompu Kid sent:
> I have built myself a new computer recently. I still have not fully
> deployed it and keep using the old computer.
>
> Today I started the computer and discovered that some internet related
> software such as Skype, MSN messenger, etc. are not working.
>
> Digging deeper I found out that the computer is not seeing the router.
> I started the repair process, no success.
>
> When I tried to find out what IP the computer has with the cmd window,
> I found out that there was a "regedit" command issued recently--the
> "run" box keeps the last command issued.
>
> I also found out that the computer has an "169.254.187.13" IP address
> instead of 192.168.2.5 that it usually gets through DHCP.
>
> The computer is running XP professional and has the latest updates. I
> have AVG's basic version as an antivirus software and the security. I
> also have Spybot-SD.
>
> I am able to get the computer connected to Internet by manually
> assigning it an IP address, etc. DHCP won't work.
>
> I did some search on "169.254.187.13" IP address, but I cannot figure
> out who owns it. Any ideas as to how I can find out?
> I cannot figure out what was done with the regedit command. Any idea
> how I can do this?
>
> I am currently running a scan with AVG and will later run Trendmicro's
> "Housecalls".
>
> What else would you do?
>
> Thanks!
>
> Deguza


If either of the above scans finds anything, report it here.

Try running the free versions of MBAM *AND* SAS:

<http://www.malwarebytes.org/mbam-download.php>
<http://www.superantispyware.com/>

Also make a rootkit check with GMER:

<http://www.gmer.net/index.php>

Please update this thread with your progress.

Pete
--
1PW @?6A62?FEH9E=6o2@=]4@> [r4o7t]
 
Reply With Quote
 
 
 
 
Zebby
Guest
Posts: n/a
 
      03-23-2009
The 169.x.x.x address is assigned by Windows when it set to use DHCP and
cannot ocntact the DHCP server.

Is your router still serving addresses correctly?

At the command prompt try:

ipconfig /release

then...

ipconfig /renew

(In both cases there is a space between ipconfig and the /)



"Kompu Kid" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I have built myself a new computer recently. I still have not fully
> deployed it and keep using the old computer.
>
> Today I started the computer and discovered that some internet related
> software such as Skype, MSN messenger, etc. are not working.
>
> Digging deeper I found out that the computer is not seeing the router.
> I started the repair process, no success.
>
> When I tried to find out what IP the computer has with the cmd window,
> I found out that there was a "regedit" command issued recently--the
> "run" box keeps the last command issued.
>
> I also found out that the computer has an "169.254.187.13" IP address
> instead of 192.168.2.5 that it usually gets through DHCP.
>
> The computer is running XP professional and has the latest updates. I
> have AVG's basic version as an antivirus software and the security. I
> also have Spybot-SD.
>
> I am able to get the computer connected to Internet by manually
> assigning it an IP address, etc. DHCP won't work.
>
> I did some search on "169.254.187.13" IP address, but I cannot figure
> out who owns it. Any ideas as to how I can find out?
> I cannot figure out what was done with the regedit command. Any idea
> how I can do this?
>
> I am currently running a scan with AVG and will later run Trendmicro's
> "Housecalls".
>
> What else would you do?
>
> Thanks!
>
> Deguza



 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      03-23-2009
From: "Kompu Kid" <(E-Mail Removed)>

| I have built myself a new computer recently. I still have not fully
| deployed it and keep using the old computer.

| Today I started the computer and discovered that some internet related
| software such as Skype, MSN messenger, etc. are not working.

| Digging deeper I found out that the computer is not seeing the router.
| I started the repair process, no success.

| When I tried to find out what IP the computer has with the cmd window,
| I found out that there was a "regedit" command issued recently--the
| "run" box keeps the last command issued.

| I also found out that the computer has an "169.254.187.13" IP address
| instead of 192.168.2.5 that it usually gets through DHCP.

| The computer is running XP professional and has the latest updates. I
| have AVG's basic version as an antivirus software and the security. I
| also have Spybot-SD.

| I am able to get the computer connected to Internet by manually
| assigning it an IP address, etc. DHCP won't work.

| I did some search on "169.254.187.13" IP address, but I cannot figure
| out who owns it. Any ideas as to how I can find out?
| I cannot figure out what was done with the regedit command. Any idea
| how I can do this?

| I am currently running a scan with AVG and will later run Trendmicro's
| "Housecalls".

| What else would you do?

| Thanks!

| Deguza

See Zebby's reply.

IP address 169.254.x.y is IP AutoConfiguration. That's what you get when a PC setup for
DHCP can't get an address. In your case your Ruter.

Look at your Router and make sure its functioning correctly. Reboot it, etc.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


 
Reply With Quote
 
Bert Hyman
Guest
Posts: n/a
 
      03-23-2009
In news:(E-Mail Removed)
Kompu Kid <(E-Mail Removed)> wrote:

> I did some search on "169.254.187.13" IP address, but I cannot figure
> out who owns it. Any ideas as to how I can find out?


Addresses in the 169.254.xxx.xxx range are assigned when a valid address
can't be obtained from the DHCP server. They're "link local" addresses and
will only allow communication with other hosts on your own local LAN.

http://www.ietf.org/rfc/rfc3927.txt

This document describes how a host may
automatically configure an interface with an IPv4 address
within the 169.254/16 prefix that is valid for communication
with other devices connected to the same physical (or
logical) link.

IPv4 Link-Local addresses are not suitable for communication
with devices not directly connected to the same physical (or
logical) link, and are only used where stable, routable
addresses are not available (such as on ad hoc or isolated
networks).

--
Bert Hyman St. Paul, MN http://www.velocityreviews.com/forums/(E-Mail Removed)
 
Reply With Quote
 
why?
Guest
Posts: n/a
 
      03-23-2009

x-post trimmed to 24HSHD from

On Mon, 23 Mar 2009 00:54:21 -0700 (PDT), Kompu Kid wrote:

<snip>

>I also found out that the computer has an "169.254.187.13" IP address
>instead of 192.168.2.5 that it usually gets through DHCP.


<snip>

>I did some search on "169.254.187.13" IP address, but I cannot figure


Usually 1 of the address registry sites, i.e.
https://ws.arin.net/whois for the IP you gave above.

OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US
NetRange: 169.254.0.0 - 169.254.255.255
CIDR: 169.254.0.0/16
NetName: LINKLOCAL
NetHandle: NET-169-254-0-0-1
Parent: NET-169-0-0-0-0
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: Please see RFC 3330 for additional information.
RegDate: 1998-01-27
Updated: 2002-10-14

<smail addresses removed>

# ARIN WHOIS database, last updated 2009-03-22 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.


>out who owns it. Any ideas as to how I can find out?


As well as the link Bert posted, the RFCs are sometimes a bit indepth
for light reading here are a few others.

http://support.microsoft.com/kb/220874

http://www.webopedia.com/TERM/A/APIPA.html

<snip>

Me
 
Reply With Quote
 
Lem
Guest
Posts: n/a
 
      03-23-2009
Kompu Kid wrote:
> I have built myself a new computer recently. I still have not fully
> deployed it and keep using the old computer.
>
> Today I started the computer and discovered that some internet related
> software such as Skype, MSN messenger, etc. are not working.
>
> Digging deeper I found out that the computer is not seeing the router.
> I started the repair process, no success.
>
> When I tried to find out what IP the computer has with the cmd window,
> I found out that there was a "regedit" command issued recently--the
> "run" box keeps the last command issued.
>
> I also found out that the computer has an "169.254.187.13" IP address
> instead of 192.168.2.5 that it usually gets through DHCP.
>
> The computer is running XP professional and has the latest updates. I
> have AVG's basic version as an antivirus software and the security. I
> also have Spybot-SD.
>
> I am able to get the computer connected to Internet by manually
> assigning it an IP address, etc. DHCP won't work.
>
> I did some search on "169.254.187.13" IP address, but I cannot figure
> out who owns it. Any ideas as to how I can find out?
> I cannot figure out what was done with the regedit command. Any idea
> how I can do this?
>
> I am currently running a scan with AVG and will later run Trendmicro's
> "Housecalls".
>
> What else would you do?
>
> Thanks!
>
> Deguza


In addition to everything else, when you wrote:

> I found out that there was a "regedit" command issued recently--the"run" box keeps the last command issued.


did you mean that someone *other than you* had entered "regedit" in the
run box? If that's what you meant, then yes, if an unauthorized
possibly malicious person has had physical access to your computer, it
is entirely likely that your computer has been compromised, completely
aside from any symptoms you may actually be seeing.



--
Lem -- MS-MVP

To the moon and back with 2K words of RAM and 36K words of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
http://history.nasa.gov/afj/compessay.htm
 
Reply With Quote
 
doS
Guest
Posts: n/a
 
      03-25-2009
you ran a whois on a 169 ip address???
BWHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA


"why?" <fgrirp*sgc@VAINY!Qznq.fpvragvfg.pbz> wrote in message
news:(E-Mail Removed)...
>
> x-post trimmed to 24HSHD from
>
> On Mon, 23 Mar 2009 00:54:21 -0700 (PDT), Kompu Kid wrote:
>
> <snip>
>
>>I also found out that the computer has an "169.254.187.13" IP address
>>instead of 192.168.2.5 that it usually gets through DHCP.

>
> <snip>
>
>>I did some search on "169.254.187.13" IP address, but I cannot figure

>
> Usually 1 of the address registry sites, i.e.
> https://ws.arin.net/whois for the IP you gave above.
>
> OrgName: Internet Assigned Numbers Authority
> OrgID: IANA
> Address: 4676 Admiralty Way, Suite 330
> City: Marina del Rey
> StateProv: CA
> PostalCode: 90292-6695
> Country: US
> NetRange: 169.254.0.0 - 169.254.255.255
> CIDR: 169.254.0.0/16
> NetName: LINKLOCAL
> NetHandle: NET-169-254-0-0-1
> Parent: NET-169-0-0-0-0
> NetType: IANA Special Use
> NameServer: BLACKHOLE-1.IANA.ORG
> NameServer: BLACKHOLE-2.IANA.ORG
> Comment: Please see RFC 3330 for additional information.
> RegDate: 1998-01-27
> Updated: 2002-10-14
>
> <smail addresses removed>
>
> # ARIN WHOIS database, last updated 2009-03-22 19:10
> # Enter ? for additional hints on searching ARIN's WHOIS database.
>
>
>>out who owns it. Any ideas as to how I can find out?

>
> As well as the link Bert posted, the RFCs are sometimes a bit indepth
> for light reading here are a few others.
>
> http://support.microsoft.com/kb/220874
>
> http://www.webopedia.com/TERM/A/APIPA.html
>
> <snip>
>
> Me


 
Reply With Quote
 
why?
Guest
Posts: n/a
 
      03-25-2009

On Tue, 24 Mar 2009 20:20:37 -0400, doS wrote:

>you ran a whois on a 169 ip address???


Of course, the APIPA addresses are only a small subset of the 169 block,
registered to the likes of JMC, Eveready and PaeTec.

Maybe you are confused? It's an IP address like any other.

As OP said -
"I did some search on "169.254.187.13" IP address, but I cannot figure
out who owns it. Any ideas as to how I can find out?"

One of the other references says,
"From a range that has been reserved especially for Microsoft. The IP
address range is 169.254.0.1 through 169.254.255.254."

>BWHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA


How so?

>
>"why?" <fgrirp*sgc@VAINY!Qznq.fpvragvfg.pbz> wrote in message
>news:(E-Mail Removed).. .
>>
>> x-post trimmed to 24HSHD from
>>
>> On Mon, 23 Mar 2009 00:54:21 -0700 (PDT), Kompu Kid wrote:
>>
>> <snip>
>>
>>>I also found out that the computer has an "169.254.187.13" IP address
>>>instead of 192.168.2.5 that it usually gets through DHCP.

>>
>> <snip>
>>
>>>I did some search on "169.254.187.13" IP address, but I cannot figure

>>
>> Usually 1 of the address registry sites, i.e.
>> https://ws.arin.net/whois for the IP you gave above.
>>
>> OrgName: Internet Assigned Numbers Authority
>> OrgID: IANA
>> Address: 4676 Admiralty Way, Suite 330
>> City: Marina del Rey
>> StateProv: CA
>> PostalCode: 90292-6695
>> Country: US
>> NetRange: 169.254.0.0 - 169.254.255.255
>> CIDR: 169.254.0.0/16
>> NetName: LINKLOCAL


<snip>

Me
 
Reply With Quote
 
Kompu Kid
Guest
Posts: n/a
 
      03-26-2009
On Mar 23, 12:54*am, Kompu Kid <(E-Mail Removed)> wrote:
> I have built myself a *new computer recently. I still have not fully
> deployed it and keep using the old computer.
>
> Today I started the computer and discovered that some internet related
> software such as Skype, MSN messenger, etc. are not working.
>
> Digging deeper I found out that the computer is not seeing the router.
> I started *the repair process, no success.
>
> When I tried to find out what IP the computer has with the cmd window,
> I found out that there was a "regedit" command issued recently--the
> "run" box keeps the last command issued.
>
> I also found out that the computer has an "169.254.187.13" IP address
> instead of 192.168.2.5 that it usually gets through DHCP.
>
> The computer is running XP professional and has the latest updates. I
> have AVG's basic version as an antivirus software and the security. I
> also have Spybot-SD.
>
> I am able to get the computer connected to Internet by manually
> assigning it an IP address, etc. DHCP won't work.
>
> I did some search on "169.254.187.13" IP address, but I cannot figure
> out who owns it. Any ideas as to how I can find out?
> I cannot figure out what was done with the regedit command. Any idea
> how I can do this?
>
> I am currently running a scan with AVG and will later run Trendmicro's
> "Housecalls".
>
> What else would you do?
>
> Thanks!
>
> Deguza


Thank you for all of you who helped me in this matter. I guess my
router's DHCP server was acting up. I did not realize that the
"169.254.187.13" IP address is a default in cases like this.

As for the REGEDIT issue, it is still a mystery. But scans showed no
problems.

Deguza
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
2 computer Peer to Peer - one computer not able to be pinged. =?Utf-8?B?VGltbWF5?= Wireless Networking 5 08-02-2005 01:49 PM
How do I link a wireless computer to a DSL computer? =?Utf-8?B?TVdI?= Wireless Networking 4 07-07-2005 04:41 AM
2nd network computer can't see 100% of files in certain folders on 1st computer R. D. Silvester Wireless Networking 0 03-15-2005 02:52 PM
Computer to computer with Wi-Fi =?Utf-8?B?SGFucyAoYmVsZ2l1bSk=?= Wireless Networking 1 12-19-2004 03:51 PM
Computer to computer connection MS Wireless Networking 2 07-23-2004 11:31 PM



Advertisments