Please Help!
  1 / 4    
/wave.gif' class='bbc_emoticon' alt=':wave:' /> Hello everyone,
I have a serious security problem. Someone is connecting to my stable pc. I don’t have an Internet connection, nor a router. Can it be done using the motherboard? My modem is: Giga-byte GA-K8NMF-9. Motherboard chipset nVidia nForce4 (Crush CK804).

Please Help, Thank you!
/wave.gif' class='bbc_emoticon' alt=':wave:' /> Hello everyone,

I have a serious security problem. Someone is connecting to my stable pc. I don’t have an Internet connection, nor a router. Can it be done using the motherboard? My modem is: Giga-byte GA-K8NMF-9. Motherboard chipset nVidia nForce4 (Crush CK804).



Please Help, Thank you!

#1
Posted 07/15/2010 03:43 PM   
Why do you think someone is accessing your PC?
Why do you think someone is accessing your PC?

In Memory Of Chris Arthington "One Cool Cat"

#2
Posted 07/15/2010 03:50 PM   
[quote name='ExtremeGrandpa' post='1088472' date='Jul 15 2010, 03:50 PM']Why do you think someone is accessing your PC?[/quote]


That's a long one! For now, I just need to know If and how it can be done. Please help me!
[quote name='ExtremeGrandpa' post='1088472' date='Jul 15 2010, 03:50 PM']Why do you think someone is accessing your PC?





That's a long one! For now, I just need to know If and how it can be done. Please help me!

#3
Posted 07/15/2010 04:06 PM   
[quote name='Lia' post='1088480' date='Jul 15 2010, 12:06 PM']That's a long one! For now, I just need to know If and how it can be done. Please help me![/quote]
Wow.

Is this an episode of White Collar or Leverage?...
[quote name='Lia' post='1088480' date='Jul 15 2010, 12:06 PM']That's a long one! For now, I just need to know If and how it can be done. Please help me!

Wow.



Is this an episode of White Collar or Leverage?...

Intel Siler DX79SI Desktop Extreme | Intel Core i7-3820 Sandy Bridge-Extreme | DangerDen M6 and Koolance MVR-40s w/Black Ice Stealths | 32 GB Mushkin PC3-12800LV | NVIDIA GTX 970 3-Way SLI | 12 GB RAMDisk (C:\Temp\) | 2x 120 GB Intel Cherryville SSDs (OS and UserData) | 2x 240 GB Intel Dale Crest SSDs in SATA 2 RAID0 (C:\Games and Benchmarks\) | 60 GB G2 SSD (Linux) | 3 TB Western Digital USB-3 MyBook (Archive) | LG BE14NU20 USB ODD | LG 25UM56 21:9 Monitor | LogiTech X-530 Speakers | Razer Tiamat 7.1 Analog Headphones | Cooler Master UCP 1100 | Cooler Master HAF XB | Windows 7 Pro x64 SP1

Stock is Extreme now

#4
Posted 07/15/2010 04:16 PM   
Sorry but I dont think anyone will explain to you how to hack into a secure PC.


If you can prove to me someone has gained access to your PC then maybe I would consider helping you. But to error on the side of caution here I wont at this time. This is because you yourself could be asking for someone to help you access someone elses PC.

I tend to not be to trusting in topics such as this on the net.


I asked once for info. Now I ask a second time. Read my signature, you will see my patience wears thin quickly in situations such as this.

EG
Sorry but I dont think anyone will explain to you how to hack into a secure PC.





If you can prove to me someone has gained access to your PC then maybe I would consider helping you. But to error on the side of caution here I wont at this time. This is because you yourself could be asking for someone to help you access someone elses PC.



I tend to not be to trusting in topics such as this on the net.





I asked once for info. Now I ask a second time. Read my signature, you will see my patience wears thin quickly in situations such as this.



EG

In Memory Of Chris Arthington "One Cool Cat"

#5
Posted 07/15/2010 04:26 PM   
[quote name='Lia' post='1088471' date='Jul 15 2010, 10:43 AM'][b][u]I don’t have an Internet connection, nor a router[/u][/b].[/quote]

You do not need an Internet connection if you have a wireless adapter...of some sort.
[quote name='Lia' post='1088471' date='Jul 15 2010, 10:43 AM']I don’t have an Internet connection, nor a router.



You do not need an Internet connection if you have a wireless adapter...of some sort.

My Opinion is no more important or right than yours. But if your using the LATEST drivers, go back to the prior set.

Piss Poor tech support blame all issues on drivers and assumes that your an idiot. Find a set that you know worked and see if the problem exists still.

""Don't f with it if it ain't broken!""
Constantly updating drivers is a good way to F'up the whole system.

If the driver has an issue, don't be a fool, remove it.

Just because you can, does not mean you should.

#6
Posted 07/16/2010 01:07 AM   
[quote name='ExtremeGrandpa' post='1088491' date='Jul 15 2010, 04:26 PM']Sorry but I dont think anyone will explain to you how to hack into a secure PC.


If you can prove to me someone has gained access to your PC then maybe I would consider helping you. But to error on the side of caution here I wont at this time. This is because you yourself could be asking for someone to help you access someone elses PC.

I tend to not be to trusting in topics such as this on the net.


I asked once for info. Now I ask a second time. Read my signature, you will see my patience wears thin quickly in situations such as this.

EG[/quote]


I am sorry I didn't explain from the first place. That's because my native forums I have visited were king of ironic. I needed to know that it can be done before I presented my data I am not trying to hack a pc. I am the victim here! I have little knowledge and it has been hard even to gather the data I am about to post. I have already read your signature, please don't give up on me. I am into deep on this one.
Here it goes:



It is not a laptop. It's a steady pc. I don't have an Internet connection at home; I don't even have a router. All I have is my motherboad, unless someone has accessed my room and changed something. I can not exclude that. However, I have serious reasents to believe that some guys have gained access to my computer and keep messing things up. People keep telling me that this cannot be done since I don't have a router. But it has been going on for months and it has developped to a nightmare. The funny part is that I never wished to connect to the Internet, in order to be safer.
I used to have XP Home Edition. I have formatted the computer a few times as it wouldn’t open. Now I have Vista 7. My software is legal.

Indications:
- I have used a number of firewalls. They mention that some programs are listening and it refers to a remote computer with zeros as an address. Of course that could mean nothing. They use 127.0.0.0.1.
- I get the feeling that they connect to the computer as part of the system, to the main console through TCP/UDP, local port.
- I have scanned the pc with various antivirus programs. Right now they can not detect a virus.

- They move my mouse, it moves to irrelevant positions on the desktop, it even gets disconnected. Once, my mouse started moving asif someone was dragging it. It moved from one edge of the screen to the other and kept on. My hand was perfectly steady. I think they can hear everything in my room, as whenever I mention something annoying for them, they take control of my mouse. I use a black mouse pad. They disable the port and I can’t use it, it gets back when I have failed to do the job I was intending to. Sometimes I have failed to open my USB disc, it just comes and goes, whenever they want to. Usually when I have something important to copy from the flash disk.
- There is no software problem concering the quides, I have the original cds in good shape and I have programs like “Registry Mechanic”, “Tune Up Utilities”, “Ashampoo Optimizer” etch. They don’t detect any hardware problems.
- My security programs fail/collapse one after the other in a matter of days or ask me to download them again…. It’s a disaster. I insist that it is not a virus! Though I do think it's somekind of malware/worm I can not detect.
- In the past I could not see the user accounts. I could not get in through the control panel. Nor could I see the incidents (Security, Local settings…., appliances/hardware like gates, services,monitor… ) I know I had done nothing which would justify this. It just happened. These problems starting occuring when I started checking these things, like trying to anderstand what the incidents were showing. Whenever I got to discover something new (to me it was an unknown world), it would be the last time I gained access to the data. My account was one of an adminastrator. After that I used a non-administrator account to be safer.

- There are problems with my keybord as well. It's new. But what I think you might find interesting is that: When I once restarted the pc, the keyboard was inactive, thus I could not enter safe mode pressing enter. When I had to type my password to enter, it worked, when windows started, it was once more inactive, thus I could not access any security program or settings because for that, I would have to type my administrator password. This was not the case for a much older keyboard of different type. I don't know the word in english. It's the one which connects at the back of the tower. I think it is called serial. The other keyboard connects like a flash disk.

- The RPC Remote Process Control is working and I can not terminate it! Do I need it as I do not wish to connect to any network? It does not even allow me to check its properties. It is locked by the SYSTEM account and there is a password. I do not know if this is default. When I finally managed to terminate it once, the computer wouldn’t start, it kept returning to the log in Window, I kept typing the password all over again! I had to format the computer. I guess that's because it was programmed to do so if it failed to connect or something.

- When I used Windows XP, during shut down, it mentioned that it was terminating the Internet connections. Is that normal? What was it terminating as I had no connections to the internet.

- I get the feeling that I am part of a local network and various users can log in. It is like they have their own administrator accounts. Someone had told me that I do not need a Wifi connection and that a neighbor could easily connect to the LAN using their router, or something like that. Then another guy said that If I don’t have a router I don’t have a LAN. Some other guy said that the only case for that to happen would be for me to connect to a neighbor’s router. I think they are giving me a lot of misleading information. They even told me that I don't have an IP adress. I certainly have not attempted to connect to anyone’s pc. I wouldn't know how, even if I wanted to.

- Once, I saw my firewall block a command/file called ping. I checked it on the Internet and I found that If someone knows your IP they can connect to the computer, through this command. Why did the command start running out of nowhere?

- Most or all of the programs I use, even simple arcade games, try to perform actiong through Iscvhost.exe-irpcss and RPC (Remote process control).

- DHCP, DNS, SMB, NAStatus UI, LP Remote, I will not pretend I know what these thing are, but they have run on a daily basis. Once my firewall blocked a java script.

- I had a problem with svchost files, Local Network. One or two of its proccesses and one of the SYSTEM as well, were causing my CPU use reach 100%. This started when I tried to install a firewall program "On line Armor". I had to terminate these proccesses to finish the installation. My pc kept running without any problems despite terminating these proccesses.

- All the programs running on my desktop keep trying to access and modify my registry. Even paintbrush. Additionally, all programs try to control my firewall! Not the other way around! I can see it as a notification by the firewall. Even paintbrusth. The programs perform these actions through DNS resolver/RPC!

- My screen turned blue a few days after that as soon as Windows started and I had to reinstall Vista. I don't know what caused this.

- Power Bios server with the server RPC CONTROL\OLEEE8087F002824DC6A2060115E55A and svchost as a port was trying to control a network enebled connection using OLE.


I read a magazine article lately which explained that you can access a pc just through its network card. That a series of programs like Web client, DNS, IPV6, και 4, Ι/Ο e.t.c collaborate for this to happen. All these programs run on my pc like crazy, I get notifications from the firewall. The article said that to do this you need a hacking tool and that the rest is done by a worm. It is called "conficker/Kido". That the worm creates a cory of the svchost file and takes control of the system. It even starts procedures, like the ones of Local Network I had to terminate due to CPU reaching 100%. My ad-aware Pro antivirus had once detected Kido. I kept removing it and adding it to the quarantine but everytime a ran a new scan, it was there. I finally never saw it again.
I think that something like this is what is happening here.

These are my Web adopters (if I am saying it right), in Managing devices:
WAN MINOPORT (IP)
WAN MINOPORT (IP) COMODO FIREWALL MINOPORT
WAN MINOPORT (IP) PC TOOL DRIVER
WAN MINOPORT (IPv6)
WAN MINOPORT (IPv6) COMODO FIREWALL MINOPORT
WAN MINOPORT (IPv6) PC TOOL DRIVER
WAN MINOPORT (L2TP)
WAN MINOPORT (PPPOE)
WAN MINOPORT (PPTP)
Host Controller Nvidia nForce COMODO FIREWALL MINOPORT (my firewall)
Host Controller Nvidia nForce PC TOOL DRIVER
Host Controller Nvidia nForce 2 PC TOOL DRIVER

In Mobile Devices: There is a Windows Mobile Device (Since reinstalling Windows, it has been trying to download its drivers)



I am willing to attatch any data you will need, from my pc. I have many screenshots. I tried to upload one but I didn't make it.

Technitians say I should perform a format but I know they will be in my system before I even start the Windows. I have already tried this option. It does not shut them off.

Please, I know it’s a lot of work.
[quote name='ExtremeGrandpa' post='1088491' date='Jul 15 2010, 04:26 PM']Sorry but I dont think anyone will explain to you how to hack into a secure PC.





If you can prove to me someone has gained access to your PC then maybe I would consider helping you. But to error on the side of caution here I wont at this time. This is because you yourself could be asking for someone to help you access someone elses PC.



I tend to not be to trusting in topics such as this on the net.





I asked once for info. Now I ask a second time. Read my signature, you will see my patience wears thin quickly in situations such as this.



EG





I am sorry I didn't explain from the first place. That's because my native forums I have visited were king of ironic. I needed to know that it can be done before I presented my data I am not trying to hack a pc. I am the victim here! I have little knowledge and it has been hard even to gather the data I am about to post. I have already read your signature, please don't give up on me. I am into deep on this one.

Here it goes:







It is not a laptop. It's a steady pc. I don't have an Internet connection at home; I don't even have a router. All I have is my motherboad, unless someone has accessed my room and changed something. I can not exclude that. However, I have serious reasents to believe that some guys have gained access to my computer and keep messing things up. People keep telling me that this cannot be done since I don't have a router. But it has been going on for months and it has developped to a nightmare. The funny part is that I never wished to connect to the Internet, in order to be safer.

I used to have XP Home Edition. I have formatted the computer a few times as it wouldn’t open. Now I have Vista 7. My software is legal.



Indications:

- I have used a number of firewalls. They mention that some programs are listening and it refers to a remote computer with zeros as an address. Of course that could mean nothing. They use 127.0.0.0.1.

- I get the feeling that they connect to the computer as part of the system, to the main console through TCP/UDP, local port.

- I have scanned the pc with various antivirus programs. Right now they can not detect a virus.



- They move my mouse, it moves to irrelevant positions on the desktop, it even gets disconnected. Once, my mouse started moving asif someone was dragging it. It moved from one edge of the screen to the other and kept on. My hand was perfectly steady. I think they can hear everything in my room, as whenever I mention something annoying for them, they take control of my mouse. I use a black mouse pad. They disable the port and I can’t use it, it gets back when I have failed to do the job I was intending to. Sometimes I have failed to open my USB disc, it just comes and goes, whenever they want to. Usually when I have something important to copy from the flash disk.

- There is no software problem concering the quides, I have the original cds in good shape and I have programs like “Registry Mechanic”, “Tune Up Utilities”, “Ashampoo Optimizer” etch. They don’t detect any hardware problems.

- My security programs fail/collapse one after the other in a matter of days or ask me to download them again…. It’s a disaster. I insist that it is not a virus! Though I do think it's somekind of malware/worm I can not detect.

- In the past I could not see the user accounts. I could not get in through the control panel. Nor could I see the incidents (Security, Local settings…., appliances/hardware like gates, services,monitor… ) I know I had done nothing which would justify this. It just happened. These problems starting occuring when I started checking these things, like trying to anderstand what the incidents were showing. Whenever I got to discover something new (to me it was an unknown world), it would be the last time I gained access to the data. My account was one of an adminastrator. After that I used a non-administrator account to be safer.



- There are problems with my keybord as well. It's new. But what I think you might find interesting is that: When I once restarted the pc, the keyboard was inactive, thus I could not enter safe mode pressing enter. When I had to type my password to enter, it worked, when windows started, it was once more inactive, thus I could not access any security program or settings because for that, I would have to type my administrator password. This was not the case for a much older keyboard of different type. I don't know the word in english. It's the one which connects at the back of the tower. I think it is called serial. The other keyboard connects like a flash disk.



- The RPC Remote Process Control is working and I can not terminate it! Do I need it as I do not wish to connect to any network? It does not even allow me to check its properties. It is locked by the SYSTEM account and there is a password. I do not know if this is default. When I finally managed to terminate it once, the computer wouldn’t start, it kept returning to the log in Window, I kept typing the password all over again! I had to format the computer. I guess that's because it was programmed to do so if it failed to connect or something.



- When I used Windows XP, during shut down, it mentioned that it was terminating the Internet connections. Is that normal? What was it terminating as I had no connections to the internet.



- I get the feeling that I am part of a local network and various users can log in. It is like they have their own administrator accounts. Someone had told me that I do not need a Wifi connection and that a neighbor could easily connect to the LAN using their router, or something like that. Then another guy said that If I don’t have a router I don’t have a LAN. Some other guy said that the only case for that to happen would be for me to connect to a neighbor’s router. I think they are giving me a lot of misleading information. They even told me that I don't have an IP adress. I certainly have not attempted to connect to anyone’s pc. I wouldn't know how, even if I wanted to.



- Once, I saw my firewall block a command/file called ping. I checked it on the Internet and I found that If someone knows your IP they can connect to the computer, through this command. Why did the command start running out of nowhere?



- Most or all of the programs I use, even simple arcade games, try to perform actiong through Iscvhost.exe-irpcss and RPC (Remote process control).



- DHCP, DNS, SMB, NAStatus UI, LP Remote, I will not pretend I know what these thing are, but they have run on a daily basis. Once my firewall blocked a java script.



- I had a problem with svchost files, Local Network. One or two of its proccesses and one of the SYSTEM as well, were causing my CPU use reach 100%. This started when I tried to install a firewall program "On line Armor". I had to terminate these proccesses to finish the installation. My pc kept running without any problems despite terminating these proccesses.



- All the programs running on my desktop keep trying to access and modify my registry. Even paintbrush. Additionally, all programs try to control my firewall! Not the other way around! I can see it as a notification by the firewall. Even paintbrusth. The programs perform these actions through DNS resolver/RPC!



- My screen turned blue a few days after that as soon as Windows started and I had to reinstall Vista. I don't know what caused this.



- Power Bios server with the server RPC CONTROL\OLEEE8087F002824DC6A2060115E55A and svchost as a port was trying to control a network enebled connection using OLE.





I read a magazine article lately which explained that you can access a pc just through its network card. That a series of programs like Web client, DNS, IPV6, και 4, Ι/Ο e.t.c collaborate for this to happen. All these programs run on my pc like crazy, I get notifications from the firewall. The article said that to do this you need a hacking tool and that the rest is done by a worm. It is called "conficker/Kido". That the worm creates a cory of the svchost file and takes control of the system. It even starts procedures, like the ones of Local Network I had to terminate due to CPU reaching 100%. My ad-aware Pro antivirus had once detected Kido. I kept removing it and adding it to the quarantine but everytime a ran a new scan, it was there. I finally never saw it again.

I think that something like this is what is happening here.



These are my Web adopters (if I am saying it right), in Managing devices:

WAN MINOPORT (IP)

WAN MINOPORT (IP) COMODO FIREWALL MINOPORT

WAN MINOPORT (IP) PC TOOL DRIVER

WAN MINOPORT (IPv6)

WAN MINOPORT (IPv6) COMODO FIREWALL MINOPORT

WAN MINOPORT (IPv6) PC TOOL DRIVER

WAN MINOPORT (L2TP)

WAN MINOPORT (PPPOE)

WAN MINOPORT (PPTP)

Host Controller Nvidia nForce COMODO FIREWALL MINOPORT (my firewall)

Host Controller Nvidia nForce PC TOOL DRIVER

Host Controller Nvidia nForce 2 PC TOOL DRIVER



In Mobile Devices: There is a Windows Mobile Device (Since reinstalling Windows, it has been trying to download its drivers)







I am willing to attatch any data you will need, from my pc. I have many screenshots. I tried to upload one but I didn't make it.



Technitians say I should perform a format but I know they will be in my system before I even start the Windows. I have already tried this option. It does not shut them off.



Please, I know it’s a lot of work.

#7
Posted 07/16/2010 03:40 PM   
Does it require a password for you to log onto the network? if not I would set the router to WEP and setup a password to protect your network. It maybe possible that you can not get control without having to set the router back to factory settings and reset it up again. Do you have sharing enabled in windows on your PC? If so disable it. I agree that the PC will need to be reformatted but they are accessing your network at the router level I am sure.


Can you describe what happened prior to your PC being hijacked? Its probably being used as a bot on a bot network. I would shut down the entire system and set it back up from step 1 all over again. I know its a pain but your network is compromised badly.

EG
Does it require a password for you to log onto the network? if not I would set the router to WEP and setup a password to protect your network. It maybe possible that you can not get control without having to set the router back to factory settings and reset it up again. Do you have sharing enabled in windows on your PC? If so disable it. I agree that the PC will need to be reformatted but they are accessing your network at the router level I am sure.





Can you describe what happened prior to your PC being hijacked? Its probably being used as a bot on a bot network. I would shut down the entire system and set it back up from step 1 all over again. I know its a pain but your network is compromised badly.



EG

In Memory Of Chris Arthington "One Cool Cat"

#8
Posted 07/16/2010 03:55 PM   
[quote name='ExtremeGrandpa' post='1088974' date='Jul 16 2010, 04:55 PM']Does it require a password for you to log onto the network? if not I would set the router to WEP and setup a password to protect your network. It maybe possible that you can not get control without having to set the router back to factory settings and reset it up again. Do you have sharing enabled in windows on your PC? If so disable it. I agree that the PC will need to be reformatted but they are accessing your network at the router level I am sure.


Can you describe what happened prior to your PC being hijacked? Its probably being used as a bot on a bot network. I would shut down the entire system and set it back up from step 1 all over again. I know its a pain but your network is compromised badly.

EG[/quote]

I wouldn't know if it requires a password as I do not connect to any network. They connect through Local Network. I am using a different computer right now. There is no equipment to connect to the WEB. There is no router. I have disabled sharings and the green light is not on. Yet, this only stands for the sub devisions. The main (green light for sharing) seems active and I can not click on it using my mouse. I am afraid I can not describe this any better. Sorry. Is there a way for me to upload screenshots?

All these incidents I mention have been occuring for months. The problems started when I started to suspect something was not right. I had a hunch and started paying attention. Before that there were no problems like the ones I am describing. I knew even less about computers than I know now (I am still an ignorant user). I don't know how this started or for how long it has been going on. I will do what I must to put an end to it. I don't mind about the trouble.

Are you reffering to some king of different server that is supported by hardware? Sorry, I know little, but I am willing to lurn.
[quote name='ExtremeGrandpa' post='1088974' date='Jul 16 2010, 04:55 PM']Does it require a password for you to log onto the network? if not I would set the router to WEP and setup a password to protect your network. It maybe possible that you can not get control without having to set the router back to factory settings and reset it up again. Do you have sharing enabled in windows on your PC? If so disable it. I agree that the PC will need to be reformatted but they are accessing your network at the router level I am sure.





Can you describe what happened prior to your PC being hijacked? Its probably being used as a bot on a bot network. I would shut down the entire system and set it back up from step 1 all over again. I know its a pain but your network is compromised badly.



EG



I wouldn't know if it requires a password as I do not connect to any network. They connect through Local Network. I am using a different computer right now. There is no equipment to connect to the WEB. There is no router. I have disabled sharings and the green light is not on. Yet, this only stands for the sub devisions. The main (green light for sharing) seems active and I can not click on it using my mouse. I am afraid I can not describe this any better. Sorry. Is there a way for me to upload screenshots?



All these incidents I mention have been occuring for months. The problems started when I started to suspect something was not right. I had a hunch and started paying attention. Before that there were no problems like the ones I am describing. I knew even less about computers than I know now (I am still an ignorant user). I don't know how this started or for how long it has been going on. I will do what I must to put an end to it. I don't mind about the trouble.



Are you reffering to some king of different server that is supported by hardware? Sorry, I know little, but I am willing to lurn.

#9
Posted 07/16/2010 04:04 PM   
I am sorry If I said something wrong. I' ve already started to do my individual research on bot on a bot networks. It makes perfect sence. I can't thank you enough for telling me this, nor for your time.

I have not attempted to connect to any Network to see if there is a password, but If there is something I need to try out, please tell me how to do it, or show me where I can find the Information relevant.

When you say that they are accessing my network at the router level what exactly do you meen since I don't have a router? Could there be one that I can not detect? Or are you reffering to some service supported by the motherboard?

How can I shut down the entire system and set it back up from step 1 all over again? What's the procedure?

I will probably access the Internet tomorrow to see If there are any new messages. I visit an Internet cafe whenever I want to do so.
I am sorry If I said something wrong. I' ve already started to do my individual research on bot on a bot networks. It makes perfect sence. I can't thank you enough for telling me this, nor for your time.



I have not attempted to connect to any Network to see if there is a password, but If there is something I need to try out, please tell me how to do it, or show me where I can find the Information relevant.



When you say that they are accessing my network at the router level what exactly do you meen since I don't have a router? Could there be one that I can not detect? Or are you reffering to some service supported by the motherboard?



How can I shut down the entire system and set it back up from step 1 all over again? What's the procedure?



I will probably access the Internet tomorrow to see If there are any new messages. I visit an Internet cafe whenever I want to do so.

#10
Posted 07/16/2010 04:29 PM   
First when you believe your infected, do not connect the computer to a network or the internet.

If you do not have an Internet connection, nor a router, the only way they can connect to your computer is thruogh a local network, which you must be connected to, or a wireless adapter.

Wireless can be disabled. And you can unplug the network cable.

Once that is done, you need to shut of the REMOTE ACCESS service in safe mode.
Download COMBOFIX and RUBOTTED from another computer onto a USB stick.

If the odd behavior happens when not connected to the networks, your infected, if it stops then your remoted or botted.
First when you believe your infected, do not connect the computer to a network or the internet.



If you do not have an Internet connection, nor a router, the only way they can connect to your computer is thruogh a local network, which you must be connected to, or a wireless adapter.



Wireless can be disabled. And you can unplug the network cable.



Once that is done, you need to shut of the REMOTE ACCESS service in safe mode.

Download COMBOFIX and RUBOTTED from another computer onto a USB stick.



If the odd behavior happens when not connected to the networks, your infected, if it stops then your remoted or botted.

My Opinion is no more important or right than yours. But if your using the LATEST drivers, go back to the prior set.

Piss Poor tech support blame all issues on drivers and assumes that your an idiot. Find a set that you know worked and see if the problem exists still.

""Don't f with it if it ain't broken!""
Constantly updating drivers is a good way to F'up the whole system.

If the driver has an issue, don't be a fool, remove it.

Just because you can, does not mean you should.

#11
Posted 07/17/2010 08:54 PM   
[quote name='Greybear' post='1089599' date='Jul 17 2010, 08:54 PM']First when you believe your infected, do not connect the computer to a network or the internet.

If you do not have an Internet connection, nor a router, the only way they can connect to your computer is thruogh a local network, which you must be connected to, or a wireless adapter.

Wireless can be disabled. And you can unplug the network cable.

Once that is done, you need to shut of the REMOTE ACCESS service in safe mode.
Download COMBOFIX and RUBOTTED from another computer onto a USB stick.

If the odd behavior happens when not connected to the networks, your infected, if it stops then your remoted or botted.[/quote]

Thank you for your answer. If I have these adapters, then what does this mean for the equiment I have on the PC? These are Network adapters, they show in my devices. Are these wireless adapters? And given the fact that the only equipment I know of is the one on the motherboard, did these exist since I bought the machine, or were they added later?
WAN MINOPORT (IP)
WAN MINOPORT (IP) COMODO FIREWALL MINOPORT
WAN MINOPORT (IP) PC TOOL DRIVER
WAN MINOPORT (IPv6)
WAN MINOPORT (IPv6) COMODO FIREWALL MINOPORT
WAN MINOPORT (IPv6) PC TOOL DRIVER
WAN MINOPORT (L2TP)
WAN MINOPORT (PPPOE)
WAN MINOPORT (PPTP)
Host Controller Nvidia nForce COMODO FIREWALL MINOPORT (my firewall)
Host Controller Nvidia nForce PC TOOL DRIVER
Host Controller Nvidia nForce 2 PC TOOL DRIVER

What I have notised is that RPC is on, even on safe mode. It is locked by the account "system". There is a password! If I manage to disconnect RPC somehow, I will not be able to start my computer because it is programmed to restart if the service is not running. I can see it but I can't enter the properties. I will download what you have told me to.

There is a Local connection but it says that the wire is disconnected. It uses Web client, my firewall driver,QoS, shares (files, printers), TCP Ipv6, TCP Ipv4, I/O and something like answering detectionplace of connection, level.

There are incidents like: system,workgroup, 0*3e7, process 0*26c, services.exe, advapi, negotiate,
And another that says: null sid, 0x0, type 3, [b]anonymous logon[/b], NT Authority, 0x60920, GUID (00000000-0000-0000-0000-000000000000), 0x0, NTLMssp, NTLM. What's that?

I never connect to any network, not willingly. My pc says that I am not connected to any network, yet I know they are in. I think I am part of a Local Network. It is not just an infection. I have even detected the house which is only about 100 meters away, probably less. I know it's their router connecting to my machine. But I need to proove that I have the equipment necessary for them to connect. Like a Wireless adarter you mentioned.

I ran the commant ipconfig show helpers. It was full of details like proxy server, RPC, DNS ....
[quote name='Greybear' post='1089599' date='Jul 17 2010, 08:54 PM']First when you believe your infected, do not connect the computer to a network or the internet.



If you do not have an Internet connection, nor a router, the only way they can connect to your computer is thruogh a local network, which you must be connected to, or a wireless adapter.



Wireless can be disabled. And you can unplug the network cable.



Once that is done, you need to shut of the REMOTE ACCESS service in safe mode.

Download COMBOFIX and RUBOTTED from another computer onto a USB stick.



If the odd behavior happens when not connected to the networks, your infected, if it stops then your remoted or botted.



Thank you for your answer. If I have these adapters, then what does this mean for the equiment I have on the PC? These are Network adapters, they show in my devices. Are these wireless adapters? And given the fact that the only equipment I know of is the one on the motherboard, did these exist since I bought the machine, or were they added later?

WAN MINOPORT (IP)

WAN MINOPORT (IP) COMODO FIREWALL MINOPORT

WAN MINOPORT (IP) PC TOOL DRIVER

WAN MINOPORT (IPv6)

WAN MINOPORT (IPv6) COMODO FIREWALL MINOPORT

WAN MINOPORT (IPv6) PC TOOL DRIVER

WAN MINOPORT (L2TP)

WAN MINOPORT (PPPOE)

WAN MINOPORT (PPTP)

Host Controller Nvidia nForce COMODO FIREWALL MINOPORT (my firewall)

Host Controller Nvidia nForce PC TOOL DRIVER

Host Controller Nvidia nForce 2 PC TOOL DRIVER



What I have notised is that RPC is on, even on safe mode. It is locked by the account "system". There is a password! If I manage to disconnect RPC somehow, I will not be able to start my computer because it is programmed to restart if the service is not running. I can see it but I can't enter the properties. I will download what you have told me to.



There is a Local connection but it says that the wire is disconnected. It uses Web client, my firewall driver,QoS, shares (files, printers), TCP Ipv6, TCP Ipv4, I/O and something like answering detectionplace of connection, level.



There are incidents like: system,workgroup, 0*3e7, process 0*26c, services.exe, advapi, negotiate,

And another that says: null sid, 0x0, type 3, anonymous logon, NT Authority, 0x60920, GUID (00000000-0000-0000-0000-000000000000), 0x0, NTLMssp, NTLM. What's that?



I never connect to any network, not willingly. My pc says that I am not connected to any network, yet I know they are in. I think I am part of a Local Network. It is not just an infection. I have even detected the house which is only about 100 meters away, probably less. I know it's their router connecting to my machine. But I need to proove that I have the equipment necessary for them to connect. Like a Wireless adarter you mentioned.



I ran the commant ipconfig show helpers. It was full of details like proxy server, RPC, DNS ....

#12
Posted 07/19/2010 01:14 PM   
From the sound of it I can tell you two things.

1. backorifice would explain the mouse and keyboard issues you are having and also would allow them to view a webcam or listen to a mic if you have one attached to the PC. They would have to add an exception to your antivirus and allow the ports through the windows firewall though because it's a well known program which some consider a virus.

2. If you do not wish to connect to any network or the internet the easiest thing to do would be to disable your wireless card (why do you have a wireless card if you have no router anyway?) and disable the wired NIC and unplug any cable that is connected to it. That would take you totally off of any network possible and there would be no way for anyone to connect to your PC remotely (of course other then sitting at it). 127.0.0.1 is the loop back address which is the local IP of your nic card so anything going to 127.0.0.1 is basically going nowhere.

#2 will totally solve your problem for sure. You mentioned feeling like they are using your connection as part of a botnet and that may be true but would be pointless with no internet connection. They use your internet connection to avoid being caught sending illegal files or accessing places they shouldn't be. I would rule botnet out.
From the sound of it I can tell you two things.



1. backorifice would explain the mouse and keyboard issues you are having and also would allow them to view a webcam or listen to a mic if you have one attached to the PC. They would have to add an exception to your antivirus and allow the ports through the windows firewall though because it's a well known program which some consider a virus.



2. If you do not wish to connect to any network or the internet the easiest thing to do would be to disable your wireless card (why do you have a wireless card if you have no router anyway?) and disable the wired NIC and unplug any cable that is connected to it. That would take you totally off of any network possible and there would be no way for anyone to connect to your PC remotely (of course other then sitting at it). 127.0.0.1 is the loop back address which is the local IP of your nic card so anything going to 127.0.0.1 is basically going nowhere.



#2 will totally solve your problem for sure. You mentioned feeling like they are using your connection as part of a botnet and that may be true but would be pointless with no internet connection. They use your internet connection to avoid being caught sending illegal files or accessing places they shouldn't be. I would rule botnet out.

Image

#13
Posted 07/19/2010 05:41 PM   
[quote name='420Ryme' post='1090369' date='Jul 19 2010, 06:41 PM']From the sound of it I can tell you two things.

1. backorifice would explain the mouse and keyboard issues you are having and also would allow them to view a webcam or listen to a mic if you have one attached to the PC. They would have to add an exception to your antivirus and allow the ports through the windows firewall though because it's a well known program which some consider a virus.

2. If you do not wish to connect to any network or the internet the easiest thing to do would be to disable your wireless card (why do you have a wireless card if you have no router anyway?) and disable the wired NIC and unplug any cable that is connected to it. That would take you totally off of any network possible and there would be no way for anyone to connect to your PC remotely (of course other then sitting at it). 127.0.0.1 is the loop back address which is the local IP of your nic card so anything going to 127.0.0.1 is basically going nowhere.

#2 will totally solve your problem for sure. You mentioned feeling like they are using your connection as part of a botnet and that may be true but would be pointless with no internet connection. They use your internet connection to avoid being caught sending illegal files or accessing places they shouldn't be. I would rule botnet out.[/quote]

Thank you so much!

Do all the WAN MINIPORTS I mention proove that I have a Network card? I had no idea! I know I didn't ask for one when I bought the PC, so If it is not part ot the basic equipment of the pc, like on the motherboard, it has been added later and not be me! Please clarify this!

I have done some homework. I don't believe it is a bot to bot case anymore, yet I do think it is a case of [b]reverse connection[/b]! I tried to install a firewall program yesterday and since it required an internet connection, it open Internet Explorer and the adress I was to connect to was "LocalHost 6060 server something...." I read that in reverse connection the adress of the attacker is saved on the pc in this format so that everytime I open my PC, I connect to their router/server. Could it be that the program showed me by default the fastest or the only way to connect to the Internet? Meaning that it showed me how they connect?

I had also noticed, through "Processes managent (if I am saying it right)" that the service of Telephony is running on my PC.

And, when I tried to unistall the program, since I did not have an internet connection, I noticed that only two programs were displayed on the Control Panel. The rest of them were missing and had been moved to a different location! How could I fix this?
[quote name='420Ryme' post='1090369' date='Jul 19 2010, 06:41 PM']From the sound of it I can tell you two things.



1. backorifice would explain the mouse and keyboard issues you are having and also would allow them to view a webcam or listen to a mic if you have one attached to the PC. They would have to add an exception to your antivirus and allow the ports through the windows firewall though because it's a well known program which some consider a virus.



2. If you do not wish to connect to any network or the internet the easiest thing to do would be to disable your wireless card (why do you have a wireless card if you have no router anyway?) and disable the wired NIC and unplug any cable that is connected to it. That would take you totally off of any network possible and there would be no way for anyone to connect to your PC remotely (of course other then sitting at it). 127.0.0.1 is the loop back address which is the local IP of your nic card so anything going to 127.0.0.1 is basically going nowhere.



#2 will totally solve your problem for sure. You mentioned feeling like they are using your connection as part of a botnet and that may be true but would be pointless with no internet connection. They use your internet connection to avoid being caught sending illegal files or accessing places they shouldn't be. I would rule botnet out.



Thank you so much!



Do all the WAN MINIPORTS I mention proove that I have a Network card? I had no idea! I know I didn't ask for one when I bought the PC, so If it is not part ot the basic equipment of the pc, like on the motherboard, it has been added later and not be me! Please clarify this!



I have done some homework. I don't believe it is a bot to bot case anymore, yet I do think it is a case of reverse connection! I tried to install a firewall program yesterday and since it required an internet connection, it open Internet Explorer and the adress I was to connect to was "LocalHost 6060 server something...." I read that in reverse connection the adress of the attacker is saved on the pc in this format so that everytime I open my PC, I connect to their router/server. Could it be that the program showed me by default the fastest or the only way to connect to the Internet? Meaning that it showed me how they connect?



I had also noticed, through "Processes managent (if I am saying it right)" that the service of Telephony is running on my PC.



And, when I tried to unistall the program, since I did not have an internet connection, I noticed that only two programs were displayed on the Control Panel. The rest of them were missing and had been moved to a different location! How could I fix this?

#14
Posted 07/21/2010 03:52 PM   
[quote name='420Ryme' post='1090369' date='Jul 19 2010, 06:41 PM']From the sound of it I can tell you two things.

1. backorifice would explain the mouse and keyboard issues you are having and also would allow them to view a webcam or listen to a mic if you have one attached to the PC. They would have to add an exception to your antivirus and allow the ports through the windows firewall though because it's a well known program which some consider a virus.

2. If you do not wish to connect to any network or the internet the easiest thing to do would be to disable your wireless card (why do you have a wireless card if you have no router anyway?) and disable the wired NIC and unplug any cable that is connected to it. That would take you totally off of any network possible and there would be no way for anyone to connect to your PC remotely (of course other then sitting at it). 127.0.0.1 is the loop back address which is the local IP of your nic card so anything going to 127.0.0.1 is basically going nowhere.

#2 will totally solve your problem for sure. You mentioned feeling like they are using your connection as part of a botnet and that may be true but would be pointless with no internet connection. They use your internet connection to avoid being caught sending illegal files or accessing places they shouldn't be. I would rule botnet out.[/quote]

Thank you so much!

Do all the WAN MINIPORTS I mention proove that I have a Network card? I had no idea! I know I didn't ask for one when I bought the PC, so If it is not part ot the basic equipment of the pc, like on the motherboard, it has been added later and not be me! Please clarify this!

I have done some homework. I don't believe it is a bot to bot case anymore, yet I do think it is a case of [b]reverse connection[/b]! I tried to install a firewall program yesterday and since it required an internet connection, it open Internet Explorer and the adress I was to connect to was "LocalHost 6060 server something...." I read that in reverse connection the adress of the attacker is saved on the pc in this format so that everytime I open my PC, I connect to their router/server. Could it be that the program showed me by default the fastest or the only way to connect to the Internet? Meaning that it showed me how they connect?

I had also noticed, through "Processes managent (if I am saying it right)" that the service of Telephony is running on my PC.

And, when I tried to unistall the program, since I did not have an internet connection, I noticed that only two programs were displayed on the Control Panel. The rest of them were missing and had been moved to a different location! How could I fix this?
[quote name='420Ryme' post='1090369' date='Jul 19 2010, 06:41 PM']From the sound of it I can tell you two things.



1. backorifice would explain the mouse and keyboard issues you are having and also would allow them to view a webcam or listen to a mic if you have one attached to the PC. They would have to add an exception to your antivirus and allow the ports through the windows firewall though because it's a well known program which some consider a virus.



2. If you do not wish to connect to any network or the internet the easiest thing to do would be to disable your wireless card (why do you have a wireless card if you have no router anyway?) and disable the wired NIC and unplug any cable that is connected to it. That would take you totally off of any network possible and there would be no way for anyone to connect to your PC remotely (of course other then sitting at it). 127.0.0.1 is the loop back address which is the local IP of your nic card so anything going to 127.0.0.1 is basically going nowhere.



#2 will totally solve your problem for sure. You mentioned feeling like they are using your connection as part of a botnet and that may be true but would be pointless with no internet connection. They use your internet connection to avoid being caught sending illegal files or accessing places they shouldn't be. I would rule botnet out.



Thank you so much!



Do all the WAN MINIPORTS I mention proove that I have a Network card? I had no idea! I know I didn't ask for one when I bought the PC, so If it is not part ot the basic equipment of the pc, like on the motherboard, it has been added later and not be me! Please clarify this!



I have done some homework. I don't believe it is a bot to bot case anymore, yet I do think it is a case of reverse connection! I tried to install a firewall program yesterday and since it required an internet connection, it open Internet Explorer and the adress I was to connect to was "LocalHost 6060 server something...." I read that in reverse connection the adress of the attacker is saved on the pc in this format so that everytime I open my PC, I connect to their router/server. Could it be that the program showed me by default the fastest or the only way to connect to the Internet? Meaning that it showed me how they connect?



I had also noticed, through "Processes managent (if I am saying it right)" that the service of Telephony is running on my PC.



And, when I tried to unistall the program, since I did not have an internet connection, I noticed that only two programs were displayed on the Control Panel. The rest of them were missing and had been moved to a different location! How could I fix this?

#15
Posted 07/21/2010 03:53 PM   
  1 / 4    
Scroll To Top