 sj |
||
|
||
Tech: We've been hacked!
|
|
|
Subject: Tech: We've been hacked! From: Gypsy Date: 18 May 04 - 04:41 PM Sigh.....i don't understand the minds of some people. Handsome mando player is quite sure that his computer has been hacked.......symptoms: slowness, and the light indicating internet feed is constantly on........and when he clicked on it, showed information going OUT, as well as arriving. Yeah, we need a firewall, and will install on BOTH computers asapest, but how to remedy the current situation? He is running Windows XP. Any help will be appreciated. Himself will type up more symptoms later on. Thanks, all. |
|
Subject: RE: Tech: We've been hacked! From: DonMeixner Date: 18 May 04 - 05:17 PM Turn it off and unhook. Or down load right now some fire wall. I use Zonealarm and AVG. You will continue to have problems until you get the firewall and anti-virus issues fixed. |
|
Subject: RE: Tech: We've been hacked! From: Rasener Date: 18 May 04 - 05:24 PM I use AVG on automatic file update. I also go once a month to the PC Cillin website and do a free scan live. http://housecall.trendmicro.com/housecall/start_corp.asp Takes a bit of time but if you have any viruses having run AVG, it will pick them up. |
|
Subject: RE: Tech: We've been hacked! From: Bill D Date: 18 May 04 - 05:24 PM Kerio firewall works VERY well right "out of the box". also get the programs which find whatever is already ON the PC...Spyware Search & Destroy is good. |
|
Subject: RE: Tech: We've been hacked! From: Bill D Date: 18 May 04 - 05:26 PM and yes, AVG is a fine anti-virus.....but that doesn't sound like what you have...more likely spyware using your PC to send spam, or something |
|
Subject: RE: Tech: We've been hacked! From: Rasener Date: 18 May 04 - 05:35 PM Your probably correct and that is why I didn't mention any spyware software as you seem to feel good about the one you mentioned. |
|
Subject: RE: Tech: We've been hacked! From: mack/misophist Date: 18 May 04 - 05:37 PM Some of the latest virus's contain trojans that spammers use to send bulk mail. This kinda sounds like that. There are threads on spyware with good advice in them. People who live in glass houses (ones with windows in them) should ALWAYS have up to date anti-virus. |
|
Subject: RE: Tech: We've been hacked! From: GUEST Date: 18 May 04 - 05:48 PM i don't understand the minds of some people We tend to make allowances for Americans, but 'my partner' would suffice, as a description. Calling your partner 'Handsome mando player' might sound cute to you, but it annoys the fuck out of the rest of the world. If you're too dim to take decent precautions, or have ever noticed the need to do so, then more fool you. Americans get pretty upset if told that they are stupid. Please get a different President! |
|
Subject: RE: Tech: We've been hacked! From: Shanghaiceltic Date: 18 May 04 - 06:37 PM I use Norton Internet Security. It has an anti virus program as you would expect and a firewall which works very well. It alerts you to a possible intrusion as well as blocking the intrusion. |
|
Subject: RE: Tech: We've been hacked! From: Shanghaiceltic Date: 18 May 04 - 06:39 PM Also add freeware such as Spybot and Ad-aware. It will at least tell you what people have added to your hard disk when surfing. |
|
Subject: RE: Tech: We've been hacked! From: JohnInKansas Date: 18 May 04 - 06:48 PM Actually, WinXP has a built-in firewall, although it's not turned on as a default and most people don't seem to know it's there. It's not considered quite as good as many aftermarket products, but if you need to "stop-gap" until you can get something better, click "Start - Help" and put "Firewall" in the search box. It should bring up instructions for how to turn it on (and off). I can't vouch for how good - or bad - it is, as I'm connected thru LAN with a "server" that has good protection, so I've never turned it on. John |
|
Subject: RE: Tech: We've been hacked! From: kendall Date: 18 May 04 - 07:28 PM Guest, most of us didn't vote for Bush, and most of us are a match for your IQ. Come out of the shadows and talk about it. |
|
Subject: RE: Tech: We've been hacked! From: Rapparee Date: 18 May 04 - 07:56 PM Note,please, that a recent security alert (from CERT, no less!) warns of using Web-based services such as antivirus. The service opens a port in your PC which may or may not close afterwards. Just a heads-up. |
|
Subject: RE: Tech: We've been hacked! From: Fergie Date: 18 May 04 - 08:03 PM Well said Kendall. I think that 'Guest's' gratuitous comments are a sure sign that he has 'issues' that we on Mudcat can't solve and that maybe he should seek another forum to vent his spleen. Fergus |
|
Subject: RE: Tech: We've been hacked! From: open mike Date: 18 May 04 - 08:10 PM i woiuld beware of ANY site claiming you can get a free scan from them.. sounds like the fox saying "i will inspect your hen house for free!!" |
|
Subject: RE: Tech: We've been hacked! From: JohnInKansas Date: 18 May 04 - 09:30 PM There are quite a few known sites that offer "free scans" or "anti-spyware" software that actually load crud on you. These usually show up as popups while you're surfing. If you don't know them, don't go there. The known and reputable AV software sites nearly all do offer "web scans" and are almost indispensible if you've got a problem, since the "new varieties" of worms often attempt to disable the AV you have installed on your own machinge. Rapaire's comment should be noted, however. The report is that nearly all of the websites that offer a free AV check download a "bot" to your machine that actually runs the check. The bot, a small program, stays on your machine, and nearly all of the bots are susceptible, if you visit a malicious site, to a buffer overflow that could allow someone to take over your machine. Most of the reputable AV "free check" sites claim to have "fixes" that will be installed if you return to the site and run a new "free virus check," or have downloadable "repairs;" but remembering which sites you may have used may be a problem for many of us, and you'll need to confirm that the one you used has fixed the problem - for each and every one you've used - if you really want to feel safe. John |
|
Subject: RE: Tech: We've been hacked! From: Rapparee Date: 18 May 04 - 09:54 PM There are things you can do, of course. One of them is to do regular backups to a CD or ZIP disk of the data you consider critical. Another is to make emergency disks that will reboot your machine ("boot disks"). If you REALLY want, get a program like Norton "Ghost" and mirror your hard drive. Nothing, however, works better than what my ol' buddy Alistar Moody said: "CONSTANT vigilance!" |
|
Subject: RE: Tech: We've been hacked! From: Malcolm Douglas Date: 18 May 04 - 09:55 PM The symptoms you describe (completely inadequately if you want helpful advice rather than vague speculation) are probably quite normal for an "always on" connection without a basic firewall. It's unlikely that you have been "hacked", though it's not unlikely that programs you have installed are doing things that you don't know about (a lot of them "call home", reporting statistics, checking for updates and the like, unless you disable those functions). Other than that, the most common cause of unexpected behaviour is the result of malicious scripting picked up from porn or "warez" sites. You'd be better off asking your question properly at a technical support forum rather than one dedicated to music, but those places would give you short shrift for wasting their time if you couched it in the impossibly imprecise terms you've used so far. |
|
Subject: RE: Tech: We've been hacked! From: The Fooles Troupe Date: 19 May 04 - 12:45 AM JohnInKansas made some useful comments about 'bots' from web scan sites. I have "HijackThis!" (the exclamation mark is part of the name). www.spywareinfo.com is where you can find it. You can use this to 'rip out' any such bot immediately after you have used it, if you would feel safer that way. I regularly use it to 'rip out' RealPlayer's background process that wants to access the net all the time for it's own unfathomable inscrutable purposes. The damn thing reinserts itself every time you run the program to play music. After a bit of use, you become much more familiar with what is on your machine and can quickly see if something new is there, which you can quickly 'rip out' by the roots. It doesn't delete it, just disables startup processes, host file insertions, etc. Robin |
|
Subject: RE: Tech: We've been hacked! From: GUEST,English Guest Date: 19 May 04 - 04:16 AM Sorry for my (Guest)fellow countryman above. Most of us are not like her |
|
Subject: RE: Tech: We've been hacked! From: GUEST,leeneia Date: 19 May 04 - 09:40 AM What is a "warez" site? |
|
Subject: RE: Tech: We've been hacked! From: GUEST Date: 19 May 04 - 09:56 AM illegal software for the most part - or semi-legal - hacks and backdoors, |
|
Subject: RE: Tech: We've been hacked! From: Stilly River Sage Date: 19 May 04 - 10:51 AM Malcolm, you must have had some grumpy flakes in your cereal this morning! The Mudcat is an excellent site to get some pretty-darned-good answers or guesses at solving computer and other tech problems, and the answers are usually prompt. I understood the question to mean that the computer was working much harder than normal, and interpreted that to mean that something had directed it to start this work. Perhaps it is a participant in a denial-of-service attack to so overload a single site that it can't do it's normal work. Or maybe it's busy sending out a worm. The free firewall should as a stopgap stop that, and then the program running it needs to be cleaned out. The free programs will help with this, and a regular routine maintained to keep it running. I second the various advice from Villan, Rapaire, Shanghaiceltic, and John in Kansas. I didn't have good luck with the free firewall, it wasn't tuned in such a way that I could send email without having to turn off the firewall, partially defeating the purpose of having a firewall. I went with several Norton programs (Anti-Virus, Firewall, and Ghost). I also use Ad-Aware (the free one) to weed out junk that still finds its way in. A router between the modem and the computer provides a layer of protection; I've had far fewer alerts from my firewall software since I put in the router to serve a second computer. The best thing to do for your computer is to regularly (daily) check for updates, both with the anti-virus folks and with Microsoft (you can sign up for automatic Microsoft updates). At work they have our network set up to run those updates automatically daily; I don't have the same resources so I do it manually. With three computers in the house it can sometimes keep me busy for a little while, but this is much easier than all of the hoops you have to jump through to fix it if the system crashes because you some of this crud going around. SRS |
|
Subject: RE: Tech: We've been hacked! From: open mike Date: 19 May 04 - 01:28 PM in most cases, having people visit your web site is a good thing...isn't that why you put it "up there"? |
|
Subject: RE: Tech: We've been hacked! From: GUEST Date: 19 May 04 - 02:49 PM most routers have a built in firewall to turn on the firewall in xp go to start click on control panel on the left see if it says classic view if it does click on that if it doesn't dont worry about it look for local area connection click on that look for the local area connection for your specific connection like wireless built in nic or whatnot. right click on it click on properties click on the advanced tab see if the firewall is checked click on it if not then click on apply it is a good idea to reboot and reset modem for settings to take effect and to get new ip information though sometimes it is unnecesssary |
|
Subject: RE: Tech: We've been hacked! From: Cluin Date: 19 May 04 - 03:05 PM Suggestions from another thread re: malware. And don't rely on the bundled firewall that comes with XP. Get ZoneAlarm too and install it and run it ALL the time. There's a free version. |
|
Subject: RE: Tech: We've been hacked! From: Mr Red Date: 19 May 04 - 04:35 PM There is a lot to be said for using dial-up - the tcp/ip is dynamic and you only give them an hour to find you. The way the ISP's are this week - make that 5 minutes. |
|
Subject: RE: Tech: We've been hacked! From: JohnInKansas Date: 19 May 04 - 05:06 PM As good a place as any for some "late breaking news." Real Player has released a "fix" for one of the vulnerabilities recently found in their media players. Recent news has implied that there may be additional ones, and similar holes have been found in virtually all of the popular "multimedia players." The hole that's patched only happens if you've installed one of their options, and applies only to certain versions. If you have Real Player on your machine, you may want to see if you're affected by this one at: RealPlayer fix. General interest - with unknown implications. Cisco Systems has been hacked and apparently all of the current version of their ISO source code has been copied. Portions of the source code have been released on the internet, so is available to hackers to look for holes. Since Cisco's ISO controls about 60% of the servers on the net - including some home users - the potential may be huge but has not been fully evaluated. Since the Cisco theft was current version info, the potential may be more serious than for the recent theft of Microsoft NT code. (The NT code stolen was an older version.) Cisco has released at least one fix that's probably based on a vulnerability they expect the hackers to find and try to exploit soon. (Major users were notified before the "public release" of the admission that they were hit. Check with Cisco direct if you might be affected. General web disruption may be expected due to the shutdown of several major systems. Hackers have apparently targeted a "large number" of major academic and research company sites, and have achieved "a number of unauthorized accesses." Several sites are down for patching of holes. There is no indication that the "hacks" did any damage (they say), and they appear to be mostly "just to prove I can" kinds of things; but the ability to enter these sites potentially puts very large systems at risk of being used for things like DoS attacks. Many of the sites affected include "backbone" servers for the net, so the maintenance may affect traffic in general. Waiting for better evaluation on this. John |
|
Subject: RE: Tech: We've been hacked! From: Dave Wynn Date: 19 May 04 - 06:59 PM Don't get too paranoic about hackers. Most are script kiddies who don't really have a clue and just follow scripts. The rest are automotives and are not personal. There is a lot of good advice here and I would add my threepence by saying go to www.grc.com and read Steves advice. Use firewalls that stealth (Sygate has a personal freebie that I swear by). Don't open mail if you don't know the sender. The internet is truly democratic. The price is obvious. Spot |
|
Subject: RE: Tech: We've been hacked! From: Malcolm Douglas Date: 19 May 04 - 11:32 PM You are probably right about the Grumpy Flakes, Stilly (though they do wonders for the digestion, of course; I prefer them with soft fruit and low-fat cheese at this time of year; maybe a spot of honey if I can get the bloody bees to behave). It's important, though, that people learn how to ask questions so that they have a reasonable chance of getting a helpful answer. That means -in the case of technical issues like this- describing in tedious detail not just the symptoms that they are worried about, but also anything they have done between not having those symptoms, and first noticing them. Almost all problems with computers, internet-related or not, are the result of something that the user has done themself. The malicious hacker is little more than an imaginary bogey-man in most cases; a convenient scapegoat for personal incompetence. Until we are given the promised details, all we can do is guess; and that will just confuse Gypsy and her friend to no useful purpose. The main advantage of asking this sort of question in a music forum is that we aren't as fussy about the technical stuff as a technical forum would be; but the downside is that we don't know as much. Horses for courses, really. Or bees. |
|
Subject: RE: Tech: We've been hacked! From: A Wandering Minstrel Date: 20 May 04 - 08:05 AM speaking as someone who spent most of last week eradicating FavoriteMan, Sandboxer and Netsearchsoft trojans I would say the bogeyman aspect can't be underplayed! there does seem to be a spate of driveby downloading just at present. Good reliable resources are SpyBotS&D, HijackThis! and Pest Patrol |
|
Subject: RE: Tech: We've been hacked! From: Nigel Parsons Date: 20 May 04 - 01:50 PM Rapaire: presumably you're referring to 'Alastor (Mad-eye) Moody', not Alistar Alastor: An avenging deity or spirit, the masculine personification of Nemesis, frequently evoked in Greek tragedy. Nigel (Trivia Keeper) |
|
Subject: RE: Tech: We've been hacked! From: Gypsy Date: 20 May 04 - 11:58 PM John, you gots it good. Problem came up after installing real player, so will go there and use your fix. Malcolm, i apologize for offending your sensibilities. Guess i am just not as brilliant as you are. All, thanks ever so much for the help and moral support. |
|
Subject: RE: Tech: We've been hacked! From: JohnInKansas Date: 21 May 04 - 12:39 PM Gypsy - The Real Player fix only appies if you have certain versions, and certain "accessory" packages installed. The information at the fix page should tell you whether it applies to your case. There haven't been any reports of anyone using the "hole" that's fixed by this particular patch, so it's unlikely that Real Player is responsible for your "excessive activity." Real Player, like some other programs, is obnoxious and intrusive with it's constant "popup" demands that you get their latest version, but so far as is known it hasn't (yet) been exploited by bad guys. John |
|
Subject: RE: Tech: We've been hacked! From: The Fooles Troupe Date: 21 May 04 - 08:02 PM Real Player is so obnoxious that I have decided never to buy it. It also will download an mp3, save it in a temp dir, then the next time reload it over the net again if you try to immediately replay it ... It sits on my PC, and I have decided not to stop it running as the primary player only thru laziness. Funny enough there is a free player that handles almost anything - graphics were its first forte, but now it plays most sound and video as well - continually upgraded. 'Irfanview' - available everywhere, even on many PC magazine CDs. Once you have one version, you can easily track down the upgraded versions. Robin |
|
Subject: RE: Tech: We've been hacked! From: GUEST,sorefingers Date: 21 May 04 - 08:22 PM Used to be called 'noise' in the good old days. Now it is often seen as harrasment or something equaly evil. Fact is XP machines still contain the dogged old networking utils that display who and/or what is connec/ing/ed to a computer, and you can turn on the firewall, but I would not bother if you are behind a newish router. The basic extra net command is 'netstat -an. The local is slighly more exotic but just as effective 'nbtstat'. Sure there are skipt kiddies out there smart enough to find a workaround, but hey not every machine is configured in the same generic way, AND lots of them have updated and/or encrypted BIOS - decrypt that for what? Some old geezer in the Garage venting about the price of dogfood? Naw.. Mostly the assebler savy homemade HL kid is not even slightly interested in finding out where you keep your system files. More often they like to break into corporate networks to steal something usefull.. Your'e not hacked, your networking files are old or badly configured or your on a Cable network that is too noisey... |
|
Subject: RE: Tech: We've been hacked! From: Malcolm Douglas Date: 21 May 04 - 09:11 PM It's nothing to do with "sensibilities" or "brilliance", Gypsy. It's about asking the question effectively and providing the necessary supporting information, as you must do in all cases where you seek technical support. If you fail to do that, you should not be surprised or offended if you are told as much. Though you may not like my comments, they contain sound advice. Mentioning Real Player may have been helpful. It will automatically send out statistical information, check for updates and so on, unless you disable those functions via the preferences menu. There may well be other factors at work, of course, but the first thing to try is to rein in Real as much as you can and see if that makes a difference. I deliberately use an old version of it which is a bit less intrusive than later iterations, though it's still inclined, as "Foolstroupe" says, to be obnoxious. |
|
Subject: RE: Tech: We've been hacked! From: The Fooles Troupe Date: 21 May 04 - 11:51 PM With Real Player, I turned off all the options I could, and it doesn't seem to make much difference... If you run something like Zone Alarm (a useful free firewall) you can tell it to stop nusicances like Real Player trying to access the net everytime it feels like it - which seems to include trying play even a local file, cause it tries to 'help' you by downloading resource wasting pretty images to put in the player, etc. Also Adobe Reader. Some of these things put little 'robots' in the background processes, but you can't access them with 'Ctrl Alt Del' as they are hidden. You need to use something like HijackThis! to track them down. I just killed 'RealSchedule' again... Unfortunately PCs are like cars - You need a certain amount of technical savvy to handle them. Most people have learnt to cope with cars, but the manufacturers of cars have improved the product since the early 1900's - if cars were like PCs you would only be able to drive them 10kms before they broke down on the side of the road, and you would need to replace the engine. I have several friends who have run their cars into the ground because they didn't check oil & water - one lady drove her car for hundreds of miles around town and just kept on turning up the radio to keep drowning out the increasingly loud grinding noise the engine started to make... And with regard to 'driveby' hacking attempts - Zone Alarm (which is a stealth firewall) if set to display every external access attempt, pops up every minute or so on average - luckily I keep it in "don't display" mode or I'd never get anything done :-) I've actually had cookies implanted on my PC when downloading emails - Mailwasher lets me 'peek and destroy'! Robin |
| Share Thread: |