Am I hacked and is there a defence?

Viewing 5 reply threads
  • Author
    Posts
    • #6165
      veronca
      Participant

      Hello,
      I have problems with my PC and internet connection for a long time and I´m definitely unable to solve it.
      Perhaps it would be better to show some examples:
      4/2010
      tracing to server seznam.cz

      Microsoft Windows XP [Verze 5.1.2600]
      (C) Copyright 1985-2001 Microsoft Corp.

      C:Documents and Settingspc1>tracert 77.75.72.3

      Výpis trasy k 77.75.72.3 s nejvýše 30 směrováními

      1 1 ms 1 ms 1 ms 10.0.0.138
      2 * * * Vypršel časový limit žádosti.
      3 * * * Vypršel časový limit žádosti.
      4 * * * Vypršel časový limit žádosti.
      5 * * * Vypršel časový limit žádosti.
      6 * * * Vypršel časový limit žádosti.
      7 * * * Vypršel časový limit žádosti.
      8 * * * Vypršel časový limit žádosti.
      9 * * * Vypršel časový limit žádosti.
      10 * * * Vypršel časový limit žádosti.
      11 * 43 ms 43 ms http://www.seznam.cz [77.75.72.3]

      Trasování bylo dokončeno.

      after I discussed my provider (Telefonica) – according to it´s statement, there was no trouble – the tracing had after few days changed:

      Microsoft Windows XP [Verze 5.1.2600]
      (C) Copyright 1985-2001 Microsoft Corp.

      C:Documents and Settingspc1>tracert 77.75.72.3

      Výpis trasy k http://www.seznam.cz [77.75.72.3]
      s nejvýše 30 směrováními:

      1 1 ms 1 ms 1 ms 10.0.0.138
      2 * 8 ms 8 ms 194.228.196.8
      3 12 ms 12 ms * 88.103.203.33
      4 13 ms 12 ms 12 ms 198.18.65.65
      5 14 ms 13 ms 14 ms 198.18.10.37
      6 13 ms 12 ms 13 ms 194.228.190.158
      7 13 ms 12 ms 12 ms 194.228.190.157
      8 13 ms 13 ms 14 ms nix.seznam.cz [194.50.100.195]
      6 15 ms 13 ms 13 ms http://www.seznam.cz [77.75.72.3]

      now it seems like this:

      Microsoft Windows XP [Verze 5.1.2600]
      (C) Copyright 1985-2001 Microsoft Corp.

      C:Documents and Settingsh>tracert 77.75.72.3

      Výpis trasy k http://www.seznam.cz [77.75.72.3]
      s nejvýše 30 směrováními:

        1    2 ms    2 ms    2 ms  10.0.0.138
        2    40 ms    40 ms    39 ms  88.103.200.10
        3    47 ms    44 ms    44 ms  88.103.203.33
        4    47 ms    45 ms    44 ms  194.228.190.161
        5    46 ms    45 ms    45 ms  nix.seznam.cz [194.50.100.195]
        6    44 ms    45 ms    45 ms  http://www.seznam.cz [77.75.72.3]

      Trasování bylo dokončeno.

      Microsoft Windows XP [Verze 5.1.2600]
      (C) Copyright 1985-2001 Microsoft Corp.

      C:Documents and Settingsh>tracert 77.75.72.3

      Výpis trasy k http://www.seznam.cz [77.75.72.3]
      s nejvýše 30 směrováními:

        1    2 ms    2 ms    2 ms  10.0.0.138
        2    40 ms    40 ms    39 ms  88.103.200.10
        3    47 ms    44 ms    44 ms  88.103.203.33
        4    47 ms    45 ms    44 ms  194.228.190.161
        5    46 ms    45 ms    45 ms  nix.seznam.cz [194.50.100.195]
        6    44 ms    45 ms    45 ms  http://www.seznam.cz [77.75.72.3]

      Trasování bylo dokončeno.

      Microsoft Windows XP [Verze 5.1.2600]
      (C) Copyright 1985-2001 Microsoft Corp.

      C:Documents and Settingsh>tracert 77.75.72.3

      Výpis trasy k http://www.seznam.cz [77.75.72.3]
      s nejvýše 30 směrováními:

        1    2 ms    2 ms    2 ms  10.0.0.138
        2    40 ms    40 ms    39 ms  88.103.200.10
        3    47 ms    44 ms    44 ms  88.103.203.33
        4    47 ms    45 ms    44 ms  194.228.190.161
        5    46 ms    45 ms    45 ms  nix.seznam.cz [194.50.100.195]
        6    44 ms    45 ms    45 ms  http://www.seznam.cz [77.75.72.3]

      Trasování bylo dokončeno.

      Time to 10.0.0.138 is sometimes below 1ms.
      But there are some others things which threaten me.
      For example:
      I do manualy clean my disk to cut free more space. I delete all possible temp files from: C:Documents and SettingshLocal Settings but when emptying basket it shows it´s not empty and if I try to reampte it shows label asking whether I want to delete file WINDOWS and if I agree then it says it´s it´impossible Dc6 can´t be deleted since it´s currently used: access was denied.
      Sometimes it shows file Dc3, Dc23.
      Once when started Firefox it started with http://95.168.201.76/ instead of google.com another time it started with http://dp.000.in/.
      I used Combofix, avptool, SystemLook, HickjackThis but no problem has been found.
      To protect my PC I´m using NOD32 and ZoneAlarm.

                                      Thanks for Your help and suggestions

                                                                            Veronca

    • #38527
      kriscamaro68
      Participant

      Why don’t you just back up your data and re-install windows? If you do you need to scan the backed up data for possible malware as well. If your that worried about it that is probably the only way to get rid of a possible infection to the OS.

    • #38528
      WCNA
      Participant

      The best answer has already been given- wipe the machine and start over.

      However if you must:
      Compare the traceroute from a different machine on the same switch to see if there’s a difference
      AND/OR
      shut down all connections on the box, run wireshark, determine if any remaining traffic is legitimate. If you still have traffic after that……. wipe the machine  ;D

    • #38529
      veronca
      Participant

      I should mentioned that it´s not the first PC I´m using but troubles like that had appeared in about 24 hours in every one I had connected. I even tryed to secure them with different security soft (different antivirus, firewalls, antispy- antimale-ware) and I reinstalled OS many times but there was no effect.
      I was told that it´s like revers DNS attack but I´m not sure.
      Do You know some really good soft which is able to detect it?

    • #38530
      WCNA
      Participant

      Detect it? Other than Wireshark, no. In your case, I’d consider deepfreeze from faronics.

    • #38531
      veronca
      Participant

      @veronca wrote:

      I´ll try it since yesterday while surfing ZoneAlarm showed me alarm: ZoneAlarm has detected a new network with IP (10.0.0.0/255.255.255.0) and added it to the Internet Zone.
      Thanks

Viewing 5 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?