help recovering from hack

Discussion in 'Computer Security' started by zigzag, Oct 28, 2004.

  1. zigzag

    zigzag Guest

    Hi I could use a bit of help from someone in the know I'll just start from
    the beginning

    Until a few days back I had never had any trouble with virus or malicious
    attacks in the 5 years I'd been online, I kept a low profile, never bothered
    with chatrooms or places where you'd be noticed. Also at the time this
    trouble started I had no protection as my norton internet security had
    corrupted and I uninstalled it and hadn't reinstalled it yet. Anyway I was
    on winmx and ran into some racist girl who didn't like the kind of music I
    had shared and she started trying to hack me. All I had was the Winxp
    firewall. I had a bad feeling about her and went to event viewer right away
    and noticed she was changing IPSec policies and system policies so I
    unplugged and reinstalled Norton Internet Security suite 2004 the next day.
    I also backed this up with Zone Alarm. Anyway I do a port scan and it shows
    that my ICMP Ping port, HTTP Port 80 and worse yet my Telnet port 23 are all
    open. These ports are supposed to be stealthed if not being used and Im
    definately not running anything that uses these ports. This isn't even a
    full port scan just a scan of the most common ones. Also my msnmessenger
    keeps wanting to open up as a server, I turn it off and it wants to open up
    again though I can deny it with my firewall.
    How do I close these ports manually? Or how do I find out what is using
    these ports? Also is there anywhere I can go to find out what policy
    changes she made? My virus scan shows there is no virus or trojan horse
    present. any advice would be apreciated. Thanks in advance.

    zigzag
     
    zigzag, Oct 28, 2004
    #1
    1. Advertising

  2. zigzag

    zigzag Guest

    "zigzag" <> wrote in message
    news:fy0gd.44236$%k.1767@pd7tw2no...
    > Hi I could use a bit of help from someone in the know I'll just start

    from
    > the beginning
    >
    > Until a few days back I had never had any trouble with virus or

    malicious
    > attacks in the 5 years I'd been online, I kept a low profile, never

    bothered
    > with chatrooms or places where you'd be noticed. Also at the time this
    > trouble started I had no protection as my norton internet security had
    > corrupted and I uninstalled it and hadn't reinstalled it yet. Anyway I was
    > on winmx and ran into some racist girl who didn't like the kind of music I
    > had shared and she started trying to hack me. All I had was the Winxp
    > firewall. I had a bad feeling about her and went to event viewer right

    away
    > and noticed she was changing IPSec policies and system policies so I
    > unplugged and reinstalled Norton Internet Security suite 2004 the next

    day.
    > I also backed this up with Zone Alarm. Anyway I do a port scan and it

    shows
    > that my ICMP Ping port, HTTP Port 80 and worse yet my Telnet port 23 are

    all
    > open. These ports are supposed to be stealthed if not being used and Im
    > definately not running anything that uses these ports. This isn't even a
    > full port scan just a scan of the most common ones. Also my msnmessenger
    > keeps wanting to open up as a server, I turn it off and it wants to open

    up
    > again though I can deny it with my firewall.
    > How do I close these ports manually? Or how do I find out what is using
    > these ports? Also is there anywhere I can go to find out what policy
    > changes she made? My virus scan shows there is no virus or trojan horse
    > present. any advice would be apreciated. Thanks in advance.
    >
    > zigzag


    I just noticed something. Looking through the program access in both
    firewalls I see a
    program called "generic host process for win 32 services" and it's wanting
    server rights, or access or whatever you want to call it. I don't know what
    this is, or what is keeping my ports open when they should be stealth. Does
    anyone know what this is?
     
    zigzag, Oct 28, 2004
    #2
    1. Advertising

  3. zigzag

    KG6VQE Guest

    Zigzag,
    What you are experiencing is typical of having a PC on an open Internet
    port. First, I suggest you go to www.grc.com, and run "Shields Up". It is
    FREE, and will tell you what is open, and what is not. Second, there are
    three services that are open, that Steve Gibson has patches for. Third,
    there are tools for testing your firewall vulnerability.
    Lastly, I STRONGLY suggeest you go to a hardware firewall/Router. Unless
    you are using a dial up account (which makes firewall prevention more
    complicated), they do a much better job of preventing hacking. You
    basically close all incoming ports, and also you NAT (network address
    translation) your IP address, so you then have a "Non- Routable" Private IP
    address behind the router.
    There are just too many services that Microsoft has running that you have to
    watch out for.
    I run a IT shop with about 20 PC's behind a strong firewall, and no hacking
    ever takes place...I even can watch Ports 23, 445, 135-137 probes into my
    firewall, but none get through.
    You can still run all your apps. and you can put your PC in a DMZ (between
    the firewall and your outside Cable/DSL modem), and have it still protected
    (if you want remote access or run a web/FTP server)..

    Lastly, I also highly suggest this tool from www. sysinternals.com. It is
    called TCPVIEW. It will show you what activity is taking place on your
    network stack, and let you see who or what has connected. It is FREE. I
    also use PROCESS VIEWER, and it works great...Anytime my PC is acting up, I
    run this utility, and can see EXACTLY what is running....then kill it off.

    Think of the Internet as the mideval times...You live in a castle, and have
    to have a mote and draw bridge, to prevent the hackers from coming in.
    Having your PC on the Intenet is like living in a straw house....

    For commercial routers, I have used Linksys, Belkin, and D-Link. My local
    computer store has CABLE/DSL Routers on sale for $8.00 (after
    rebate)...surely you can afford that. If you can't, let me know, and I will
    "DONATE" one for you. I am independant computer consultant...I do not make
    money off helping people.
    I own several "professional" Router/Firewall units. I have purchased them
    from EBAY. The SOHO units from WATCHGUARD work well, and are relatively
    cheap ($25-$50). It generates a SYSLOG so that I get a recording of all
    incoming and outgoing activity.

    good luck,
     
    KG6VQE, Oct 28, 2004
    #3
  4. zigzag

    Rasta Robert Guest

    On 2004-10-28, zigzag <> wrote:
    >
    > I just noticed something. Looking through the program access in both
    > firewalls I see a
    > program called "generic host process for win 32 services" and it's wanting
    > server rights, or access or whatever you want to call it. I don't know what
    > this is, or what is keeping my ports open when they should be stealth. Does
    > anyone know what this is?
    >


    Do I understand correctly that you are running both the firewall
    from the Norton suit as well as Zone Alarm?
    Running two software firewalls simultaneously can give unpredictable
    results and is unadvisable.

    --
    <http://rr.www.cistron.nl/> -!- <http://www.rr.dds.nl/>
     
    Rasta Robert, Oct 28, 2004
    #4
  5. zigzag

    Bill Unruh Guest

    "zigzag" <> writes:

    ]Hi I could use a bit of help from someone in the know I'll just start from
    ]the beginning

    ] Until a few days back I had never had any trouble with virus or malicious
    ]attacks in the 5 years I'd been online, I kept a low profile, never bothered
    ]with chatrooms or places where you'd be noticed. Also at the time this
    ]trouble started I had no protection as my norton internet security had
    ]corrupted and I uninstalled it and hadn't reinstalled it yet. Anyway I was
    ]on winmx and ran into some racist girl who didn't like the kind of music I
    ]had shared and she started trying to hack me. All I had was the Winxp
    ]firewall. I had a bad feeling about her and went to event viewer right away
    ]and noticed she was changing IPSec policies and system policies so I
    ]unplugged and reinstalled Norton Internet Security suite 2004 the next day.
    ]I also backed this up with Zone Alarm. Anyway I do a port scan and it shows
    ]that my ICMP Ping port, HTTP Port 80 and worse yet my Telnet port 23 are all
    ]open. These ports are supposed to be stealthed if not being used and Im
    ]definately not running anything that uses these ports. This isn't even a
    ]full port scan just a scan of the most common ones. Also my msnmessenger
    ]keeps wanting to open up as a server, I turn it off and it wants to open up
    ]again though I can deny it with my firewall.
    ] How do I close these ports manually? Or how do I find out what is using
    ]these ports? Also is there anywhere I can go to find out what policy
    ]changes she made? My virus scan shows there is no virus or trojan horse
    ]present. any advice would be apreciated. Thanks in advance.

    Advice: Reinstall.
     
    Bill Unruh, Oct 28, 2004
    #5
  6. zigzag

    zigzag Guest

    Thanks for the advices KG6VQE, and Bill. Paritcularly for the offer of the
    router if I needed it. I'm sure I can scrape together the $8.

    I'd consider the re-install if I didn't have 20 or more gigs of important
    (to me) instructional information that took me many many dozens of hours to
    get on winmx.

    zigz
     
    zigzag, Oct 29, 2004
    #6
  7. zigzag

    Apollo Guest

    zigzag wrote:
    > Thanks for the advices KG6VQE, and Bill. Paritcularly for the offer
    > of the router if I needed it. I'm sure I can scrape together the $8.
    >
    > I'd consider the re-install if I didn't have 20 or more gigs of
    > important (to me) instructional information that took me many many
    > dozens of hours to get on winmx.
    >


    That's exactly the reason you should put your important data on a second
    partition or second drive.

    I would re-install, you won't be completely sure it's clean until then.
    Find a free/shareware partitioning tool and re-size your OS partition,
    create a data partition and move your important stuff there, then a
    re-install becomes much simpler.

    I can't recommend a free tool to this, I use Partition Magic, but there
    are plenty of freeware / shareware tools around that can resize
    partitions without loosing data.

    A NAT router will give you a very good level of basic security, combine
    this with one software firewall and one anti-virus package and you will
    be safe from most things.

    Google for and read a few reviews on the various firewall / AV packages
    out there, the most well known ones (especially Norton) are regularly
    out-performed by less well known packages.

    HTH

    --
    Apollo
     
    Apollo, Oct 29, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Cuanto
    Replies:
    0
    Views:
    472
    Cuanto
    Aug 19, 2003
  2. paul s
    Replies:
    0
    Views:
    393
    paul s
    Aug 19, 2003
  3. Dan
    Replies:
    3
    Views:
    497
    The Old Sourdough
    Aug 20, 2003
  4. P. Lui

    Need help in recovering data

    P. Lui, Jan 12, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    528
    SgtMinor
    Jan 12, 2004
  5. Aubrey Hemler

    Help recovering Word file

    Aubrey Hemler, Jun 6, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    883
Loading...

Share This Page