Is my computer compromised?

Discussion in 'Computer Support' started by Kompu Kid, Mar 23, 2009.

  1. Kompu Kid

    Kompu Kid Guest

    I have built myself a new computer recently. I still have not fully
    deployed it and keep using the old computer.

    Today I started the computer and discovered that some internet related
    software such as Skype, MSN messenger, etc. are not working.

    Digging deeper I found out that the computer is not seeing the router.
    I started the repair process, no success.

    When I tried to find out what IP the computer has with the cmd window,
    I found out that there was a "regedit" command issued recently--the
    "run" box keeps the last command issued.

    I also found out that the computer has an "169.254.187.13" IP address
    instead of 192.168.2.5 that it usually gets through DHCP.

    The computer is running XP professional and has the latest updates. I
    have AVG's basic version as an antivirus software and the security. I
    also have Spybot-SD.

    I am able to get the computer connected to Internet by manually
    assigning it an IP address, etc. DHCP won't work.

    I did some search on "169.254.187.13" IP address, but I cannot figure
    out who owns it. Any ideas as to how I can find out?
    I cannot figure out what was done with the regedit command. Any idea
    how I can do this?

    I am currently running a scan with AVG and will later run Trendmicro's
    "Housecalls".

    What else would you do?

    Thanks!

    Deguza
     
    Kompu Kid, Mar 23, 2009
    #1
    1. Advertising

  2. Kompu Kid

    1PW Guest

    On 03/23/2009 12:54 AM, Kompu Kid sent:
    > I have built myself a new computer recently. I still have not fully
    > deployed it and keep using the old computer.
    >
    > Today I started the computer and discovered that some internet related
    > software such as Skype, MSN messenger, etc. are not working.
    >
    > Digging deeper I found out that the computer is not seeing the router.
    > I started the repair process, no success.
    >
    > When I tried to find out what IP the computer has with the cmd window,
    > I found out that there was a "regedit" command issued recently--the
    > "run" box keeps the last command issued.
    >
    > I also found out that the computer has an "169.254.187.13" IP address
    > instead of 192.168.2.5 that it usually gets through DHCP.
    >
    > The computer is running XP professional and has the latest updates. I
    > have AVG's basic version as an antivirus software and the security. I
    > also have Spybot-SD.
    >
    > I am able to get the computer connected to Internet by manually
    > assigning it an IP address, etc. DHCP won't work.
    >
    > I did some search on "169.254.187.13" IP address, but I cannot figure
    > out who owns it. Any ideas as to how I can find out?
    > I cannot figure out what was done with the regedit command. Any idea
    > how I can do this?
    >
    > I am currently running a scan with AVG and will later run Trendmicro's
    > "Housecalls".
    >
    > What else would you do?
    >
    > Thanks!
    >
    > Deguza


    If either of the above scans finds anything, report it here.

    Try running the free versions of MBAM *AND* SAS:

    <http://www.malwarebytes.org/mbam-download.php>
    <http://www.superantispyware.com/>

    Also make a rootkit check with GMER:

    <http://www.gmer.net/index.php>

    Please update this thread with your progress.

    Pete
    --
    1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
     
    1PW, Mar 23, 2009
    #2
    1. Advertising

  3. Kompu Kid

    Zebby Guest

    The 169.x.x.x address is assigned by Windows when it set to use DHCP and
    cannot ocntact the DHCP server.

    Is your router still serving addresses correctly?

    At the command prompt try:

    ipconfig /release

    then...

    ipconfig /renew

    (In both cases there is a space between ipconfig and the /)



    "Kompu Kid" <> wrote in message
    news:...
    >I have built myself a new computer recently. I still have not fully
    > deployed it and keep using the old computer.
    >
    > Today I started the computer and discovered that some internet related
    > software such as Skype, MSN messenger, etc. are not working.
    >
    > Digging deeper I found out that the computer is not seeing the router.
    > I started the repair process, no success.
    >
    > When I tried to find out what IP the computer has with the cmd window,
    > I found out that there was a "regedit" command issued recently--the
    > "run" box keeps the last command issued.
    >
    > I also found out that the computer has an "169.254.187.13" IP address
    > instead of 192.168.2.5 that it usually gets through DHCP.
    >
    > The computer is running XP professional and has the latest updates. I
    > have AVG's basic version as an antivirus software and the security. I
    > also have Spybot-SD.
    >
    > I am able to get the computer connected to Internet by manually
    > assigning it an IP address, etc. DHCP won't work.
    >
    > I did some search on "169.254.187.13" IP address, but I cannot figure
    > out who owns it. Any ideas as to how I can find out?
    > I cannot figure out what was done with the regedit command. Any idea
    > how I can do this?
    >
    > I am currently running a scan with AVG and will later run Trendmicro's
    > "Housecalls".
    >
    > What else would you do?
    >
    > Thanks!
    >
    > Deguza
     
    Zebby, Mar 23, 2009
    #3
  4. From: "Kompu Kid" <>

    | I have built myself a new computer recently. I still have not fully
    | deployed it and keep using the old computer.

    | Today I started the computer and discovered that some internet related
    | software such as Skype, MSN messenger, etc. are not working.

    | Digging deeper I found out that the computer is not seeing the router.
    | I started the repair process, no success.

    | When I tried to find out what IP the computer has with the cmd window,
    | I found out that there was a "regedit" command issued recently--the
    | "run" box keeps the last command issued.

    | I also found out that the computer has an "169.254.187.13" IP address
    | instead of 192.168.2.5 that it usually gets through DHCP.

    | The computer is running XP professional and has the latest updates. I
    | have AVG's basic version as an antivirus software and the security. I
    | also have Spybot-SD.

    | I am able to get the computer connected to Internet by manually
    | assigning it an IP address, etc. DHCP won't work.

    | I did some search on "169.254.187.13" IP address, but I cannot figure
    | out who owns it. Any ideas as to how I can find out?
    | I cannot figure out what was done with the regedit command. Any idea
    | how I can do this?

    | I am currently running a scan with AVG and will later run Trendmicro's
    | "Housecalls".

    | What else would you do?

    | Thanks!

    | Deguza

    See Zebby's reply.

    IP address 169.254.x.y is IP AutoConfiguration. That's what you get when a PC setup for
    DHCP can't get an address. In your case your Ruter.

    Look at your Router and make sure its functioning correctly. Reboot it, etc.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
    David H. Lipman, Mar 23, 2009
    #4
  5. Kompu Kid

    Bert Hyman Guest

    In news:
    Kompu Kid <> wrote:

    > I did some search on "169.254.187.13" IP address, but I cannot figure
    > out who owns it. Any ideas as to how I can find out?


    Addresses in the 169.254.xxx.xxx range are assigned when a valid address
    can't be obtained from the DHCP server. They're "link local" addresses and
    will only allow communication with other hosts on your own local LAN.

    http://www.ietf.org/rfc/rfc3927.txt

    This document describes how a host may
    automatically configure an interface with an IPv4 address
    within the 169.254/16 prefix that is valid for communication
    with other devices connected to the same physical (or
    logical) link.

    IPv4 Link-Local addresses are not suitable for communication
    with devices not directly connected to the same physical (or
    logical) link, and are only used where stable, routable
    addresses are not available (such as on ad hoc or isolated
    networks).

    --
    Bert Hyman St. Paul, MN
     
    Bert Hyman, Mar 23, 2009
    #5
  6. Kompu Kid

    why? Guest

    x-post trimmed to 24HSHD from

    On Mon, 23 Mar 2009 00:54:21 -0700 (PDT), Kompu Kid wrote:

    <snip>

    >I also found out that the computer has an "169.254.187.13" IP address
    >instead of 192.168.2.5 that it usually gets through DHCP.


    <snip>

    >I did some search on "169.254.187.13" IP address, but I cannot figure


    Usually 1 of the address registry sites, i.e.
    https://ws.arin.net/whois for the IP you gave above.

    OrgName: Internet Assigned Numbers Authority
    OrgID: IANA
    Address: 4676 Admiralty Way, Suite 330
    City: Marina del Rey
    StateProv: CA
    PostalCode: 90292-6695
    Country: US
    NetRange: 169.254.0.0 - 169.254.255.255
    CIDR: 169.254.0.0/16
    NetName: LINKLOCAL
    NetHandle: NET-169-254-0-0-1
    Parent: NET-169-0-0-0-0
    NetType: IANA Special Use
    NameServer: BLACKHOLE-1.IANA.ORG
    NameServer: BLACKHOLE-2.IANA.ORG
    Comment: Please see RFC 3330 for additional information.
    RegDate: 1998-01-27
    Updated: 2002-10-14

    <smail addresses removed>

    # ARIN WHOIS database, last updated 2009-03-22 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.


    >out who owns it. Any ideas as to how I can find out?


    As well as the link Bert posted, the RFCs are sometimes a bit indepth
    for light reading :) here are a few others.

    http://support.microsoft.com/kb/220874

    http://www.webopedia.com/TERM/A/APIPA.html

    <snip>

    Me
     
    why?, Mar 23, 2009
    #6
  7. Kompu Kid

    Lem Guest

    Kompu Kid wrote:
    > I have built myself a new computer recently. I still have not fully
    > deployed it and keep using the old computer.
    >
    > Today I started the computer and discovered that some internet related
    > software such as Skype, MSN messenger, etc. are not working.
    >
    > Digging deeper I found out that the computer is not seeing the router.
    > I started the repair process, no success.
    >
    > When I tried to find out what IP the computer has with the cmd window,
    > I found out that there was a "regedit" command issued recently--the
    > "run" box keeps the last command issued.
    >
    > I also found out that the computer has an "169.254.187.13" IP address
    > instead of 192.168.2.5 that it usually gets through DHCP.
    >
    > The computer is running XP professional and has the latest updates. I
    > have AVG's basic version as an antivirus software and the security. I
    > also have Spybot-SD.
    >
    > I am able to get the computer connected to Internet by manually
    > assigning it an IP address, etc. DHCP won't work.
    >
    > I did some search on "169.254.187.13" IP address, but I cannot figure
    > out who owns it. Any ideas as to how I can find out?
    > I cannot figure out what was done with the regedit command. Any idea
    > how I can do this?
    >
    > I am currently running a scan with AVG and will later run Trendmicro's
    > "Housecalls".
    >
    > What else would you do?
    >
    > Thanks!
    >
    > Deguza


    In addition to everything else, when you wrote:

    > I found out that there was a "regedit" command issued recently--the"run" box keeps the last command issued.


    did you mean that someone *other than you* had entered "regedit" in the
    run box? If that's what you meant, then yes, if an unauthorized
    possibly malicious person has had physical access to your computer, it
    is entirely likely that your computer has been compromised, completely
    aside from any symptoms you may actually be seeing.



    --
    Lem -- MS-MVP

    To the moon and back with 2K words of RAM and 36K words of ROM.
    http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
    http://history.nasa.gov/afj/compessay.htm
     
    Lem, Mar 23, 2009
    #7
  8. Kompu Kid

    doS Guest

    you ran a whois on a 169 ip address???
    BWHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA


    "why?" <fgrirp*sgc@VAINY!Qznq.fpvragvfg.pbz> wrote in message
    news:...
    >
    > x-post trimmed to 24HSHD from
    >
    > On Mon, 23 Mar 2009 00:54:21 -0700 (PDT), Kompu Kid wrote:
    >
    > <snip>
    >
    >>I also found out that the computer has an "169.254.187.13" IP address
    >>instead of 192.168.2.5 that it usually gets through DHCP.

    >
    > <snip>
    >
    >>I did some search on "169.254.187.13" IP address, but I cannot figure

    >
    > Usually 1 of the address registry sites, i.e.
    > https://ws.arin.net/whois for the IP you gave above.
    >
    > OrgName: Internet Assigned Numbers Authority
    > OrgID: IANA
    > Address: 4676 Admiralty Way, Suite 330
    > City: Marina del Rey
    > StateProv: CA
    > PostalCode: 90292-6695
    > Country: US
    > NetRange: 169.254.0.0 - 169.254.255.255
    > CIDR: 169.254.0.0/16
    > NetName: LINKLOCAL
    > NetHandle: NET-169-254-0-0-1
    > Parent: NET-169-0-0-0-0
    > NetType: IANA Special Use
    > NameServer: BLACKHOLE-1.IANA.ORG
    > NameServer: BLACKHOLE-2.IANA.ORG
    > Comment: Please see RFC 3330 for additional information.
    > RegDate: 1998-01-27
    > Updated: 2002-10-14
    >
    > <smail addresses removed>
    >
    > # ARIN WHOIS database, last updated 2009-03-22 19:10
    > # Enter ? for additional hints on searching ARIN's WHOIS database.
    >
    >
    >>out who owns it. Any ideas as to how I can find out?

    >
    > As well as the link Bert posted, the RFCs are sometimes a bit indepth
    > for light reading :) here are a few others.
    >
    > http://support.microsoft.com/kb/220874
    >
    > http://www.webopedia.com/TERM/A/APIPA.html
    >
    > <snip>
    >
    > Me
     
    doS, Mar 25, 2009
    #8
  9. Kompu Kid

    why? Guest

    On Tue, 24 Mar 2009 20:20:37 -0400, doS wrote:

    >you ran a whois on a 169 ip address???


    Of course, the APIPA addresses are only a small subset of the 169 block,
    registered to the likes of JMC, Eveready and PaeTec.

    Maybe you are confused? It's an IP address like any other.

    As OP said -
    "I did some search on "169.254.187.13" IP address, but I cannot figure
    out who owns it. Any ideas as to how I can find out?"

    One of the other references says,
    "From a range that has been reserved especially for Microsoft. The IP
    address range is 169.254.0.1 through 169.254.255.254."

    >BWHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA


    How so?

    >
    >"why?" <fgrirp*sgc@VAINY!Qznq.fpvragvfg.pbz> wrote in message
    >news:...
    >>
    >> x-post trimmed to 24HSHD from
    >>
    >> On Mon, 23 Mar 2009 00:54:21 -0700 (PDT), Kompu Kid wrote:
    >>
    >> <snip>
    >>
    >>>I also found out that the computer has an "169.254.187.13" IP address
    >>>instead of 192.168.2.5 that it usually gets through DHCP.

    >>
    >> <snip>
    >>
    >>>I did some search on "169.254.187.13" IP address, but I cannot figure

    >>
    >> Usually 1 of the address registry sites, i.e.
    >> https://ws.arin.net/whois for the IP you gave above.
    >>
    >> OrgName: Internet Assigned Numbers Authority
    >> OrgID: IANA
    >> Address: 4676 Admiralty Way, Suite 330
    >> City: Marina del Rey
    >> StateProv: CA
    >> PostalCode: 90292-6695
    >> Country: US
    >> NetRange: 169.254.0.0 - 169.254.255.255
    >> CIDR: 169.254.0.0/16
    >> NetName: LINKLOCAL


    <snip>

    Me
     
    why?, Mar 25, 2009
    #9
  10. Kompu Kid

    Kompu Kid Guest

    On Mar 23, 12:54 am, Kompu Kid <> wrote:
    > I have built myself a  new computer recently. I still have not fully
    > deployed it and keep using the old computer.
    >
    > Today I started the computer and discovered that some internet related
    > software such as Skype, MSN messenger, etc. are not working.
    >
    > Digging deeper I found out that the computer is not seeing the router.
    > I started  the repair process, no success.
    >
    > When I tried to find out what IP the computer has with the cmd window,
    > I found out that there was a "regedit" command issued recently--the
    > "run" box keeps the last command issued.
    >
    > I also found out that the computer has an "169.254.187.13" IP address
    > instead of 192.168.2.5 that it usually gets through DHCP.
    >
    > The computer is running XP professional and has the latest updates. I
    > have AVG's basic version as an antivirus software and the security. I
    > also have Spybot-SD.
    >
    > I am able to get the computer connected to Internet by manually
    > assigning it an IP address, etc. DHCP won't work.
    >
    > I did some search on "169.254.187.13" IP address, but I cannot figure
    > out who owns it. Any ideas as to how I can find out?
    > I cannot figure out what was done with the regedit command. Any idea
    > how I can do this?
    >
    > I am currently running a scan with AVG and will later run Trendmicro's
    > "Housecalls".
    >
    > What else would you do?
    >
    > Thanks!
    >
    > Deguza


    Thank you for all of you who helped me in this matter. I guess my
    router's DHCP server was acting up. I did not realize that the
    "169.254.187.13" IP address is a default in cases like this.

    As for the REGEDIT issue, it is still a mystery. But scans showed no
    problems.

    Deguza
     
    Kompu Kid, Mar 26, 2009
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. shahidsheikh....com
    Replies:
    5
    Views:
    3,712
    farmerc
    Sep 21, 2007
  2. Jene Keller
    Replies:
    4
    Views:
    535
  3. Steve

    Has my Internet Explorer been Compromised ?

    Steve, Sep 27, 2004, in forum: Computer Security
    Replies:
    5
    Views:
    877
    Hairy One Kenobi
    Sep 30, 2004
  4. Replies:
    10
    Views:
    665
    David H. Lipman
    Jun 29, 2006
  5. coop

    compromised computer - question

    coop, Apr 18, 2010, in forum: Computer Support
    Replies:
    14
    Views:
    586
    chuckcar
    Apr 18, 2010
Loading...

Share This Page