Hacked

30yroldpig · #1 04-09-2005, 03:53 PM

Well my suspicions have been confirmed, my computer's been/is hacked.

2 months ago I decided I'd install a P2P program to preview some music. I also installed a BETA version of messenger.

Last week I get my internet bill and i have 23 gigs in uploads ( only allowed 10 per month).

I figured It's cause I left the P2P app running...my fault, I'll pay. Since then I've uninstalled the software.

Today I browsed my "internet consumption update" on my ISP's web site and it said I already have 6.8 gigs in uploads....

When I type netstat -a in DOS there are other ISP's connected...

Man this bites. Looks like i'm due for a re-install.

I dunno if I got hacked through MSN Beta (also now removed) or the P2P.

Anybody else get hacked? What did you guys do?

I feel a bit violated...I also do all my banking and transfers via the net. manoman.

bizkit666 · #2 04-09-2005, 07:19 PM

dont worry you havent been hacked, a P2P (peer to peer) is a program that lets the whole world share files, and u downloading files means your sharing them, so when you download a file, it auto shares it (you can turn this off so you dont share files) so sharing files means you are letting ppl download the files that you have downloaded from you, and this is why your upload bandwith is going up!

i hope tht made sence

Artist · #3 04-09-2005, 07:35 PM

have you scanned for spyware?

bammbamm · #4 04-09-2005, 08:22 PM

You could have EASILY picked up a trojan and are being used as a slave to send out mass emailings unbeknownst to you.
Which P2P system did you install?
2ndly, I would get a firewall installed ASAP.
3rd, run all manor of virus and spyware scanning to detect any infiltration.
Another way to find some of these is look at the running processes and look up the ones that don't look familliar to you, normally you should see 25-no more than 40-ish (with a lot of apps open) I try to keep my total processes as low as possible just so I know when something new is running on my machine. I haven't had a cirus or reinstall in 2 years since I built my machine. (with the exception of when I swapped over to a raid 0 config.)

Hope this helps.
There are also bandwidth meters to see incoming and outgoing traffic on all ports.

Bamm

Ralsch · #5 04-10-2005, 12:43 AM

Firstly,turn off all your active x updates as that is a major cause for hacker interference if you run xp...just get a firewall running and a program called zone alarm to alert and diable people from accessing your modem. run some anti-virus program and/or ad-aware , check the path if there is a problem and check it manually in your registry , if worse comes to worse just disable file sharing and reformat/defrag. . Like bam said you normally have a tagged section showing bandwith traffic and try to check whats running at startup. hope that helps

microdmitry · #6 04-10-2005, 12:49 AM

1. Enable a firewall. Better yet, use hardware router if you have one.
2. Run full virus and spyware scan. Microsoft scanning tool is pretty good.
3. Do not use P2P clients that are not written in Java, .NET languages (C#, VB.Net, Managed C++) or other language that is fully protected against buffer overflows.

I'm actually surprised nobody actively targets P2P clients like emule, edonkey, gnutella, etc. They were written by hobbyists, they expose ports to the web, and they most likely have more holes than Swiss cheese. Best of all, source code is often available, so you don't have to guess.

Look for a client written in Java or for Microsoft .NET platform. This automatically prevents a whole bunch of attacks. Many attacks are simply not possible on the systems that use runtime buffer length checking. I run Azureus myself, and it works pretty darn good. Also, before installing P2P software, google on the web to make sure that stuff you install doesn't come with spyware. P2P programs often have spyware. Once you install this stuff on your machine the only safe way to remove it is to rebuild the machine.

30yroldpig · #7 04-10-2005, 11:54 AM

Hi guys thanks for the replies.

Firstly I've been running zonealarm since I began surfing the web. I'm using an anti-virus (AVG FREE) and everytime i finnish surfing, i run add aware SE as well as Spybot-search & destroy. I know they're only freebee wares but I can't afford new software now and I don't believe in hacked software (no pun intended)

I understand the principle of P2P apps (was running shareazaa), what I don't understand is why, when I cleared ALL my shared files associated with shareazaa, there were 6.8 gigs in uploads. That's why I suspect that I've been hacked or as Bamm said had a trojan installed.

I'll look into all those options, Bamm, I have about 30 running processes, but to be perfectly honest, I don't really know what they all mean.

Once again, many thanks guys

Cheers
Pat

fettouhi · #8 04-10-2005, 12:29 PM

Get a program called hijackthis (use google to find it) and do a scan with it. The program will list the processes you are running then post the log file here.

Regards

André

Jem7RB MK · #9 04-10-2005, 01:42 PM

Quote:

Originally Posted by Pat knup

Hi guys thanks for the replies.

Firstly I've been running zonealarm since I began surfing the web. I'm using an anti-virus (AVG FREE) Cheers
Pat

Pat, Have used AVG for about 6 years now, after hearing of it on #UKMG and have never had a virus issue on the freeware version ... As for the P2P stuff, I rarely use Win*x and have never suffered unduley, Nor do i get spyware scans show up anything untoward.

Hope you get sorted out bro

Rob

30yroldpig · #10 04-12-2005, 09:20 PM

Rob, thanks for the encouragement, but I'll steer clear from P2P software.

So far everything seems back to normal, although I havn't really kept my system running long enough to see if there was any more activity.

André check your inbox, I've emailed you a Hijack this log.

Many thanks everyone.

Cheers
Pat

Serratus · #11 04-12-2005, 09:39 PM

Go to this page:

http://www.answersthatwork.com/Taskl...s/tasklist.htm

It is a list of almost all the programs that could be running in your task list (what processes are running in ctrl-alt-del) and what they do, and whether you need/want them. It's worth checking out and comparing to your tasklist every now and again to make certain you've not picked up anything nasty (in addition to all the other advice above).