13 replies to this topic

[english30]

Hi, everyone I recently found GSO and hope one of the experts on here can help me out.
I have been hacked and online stalked for a year now, and replaced my computer 2 times.
Now running Window Xp Sp 3
I have closed unnecessary ports and services as seen here

http://www.governmen...?showtopic=1480

I also changed my password infos and emails multiple times after each clean reformat.

When I do the reformat I use dban to clear completely on my hard drives, so there are no mbr lingerings.

http://www.dban.org/

Yet after all this it's still hacked, sometimes I get these mouse twitches and window tabs minimizing by itself.

I used maltwarebytes to clean my system along with AVG, NOD32, and Avast to sweep.
All I got was cookie dangers.

The only thing I have not replaced since I've been hacked is my 2wire router.

Could it be there is a rootkit in the router?
Like a hacked firmware?

Thanks alot,
English30

[Paul]

Mouse twitches and minimizing window tabs by itself are your reasons to think you're hacked?
If you have an optical mouse and a bad mouse pad the mouse might twitch at times cause of the laser.
Minimizing window tabs might be caused by some evil vb program that an anti-virus won't pickup.
Also, having multiple anti-virus scanners on the same system is a VERY bad thing to do. It makes your system horrible slower.

[english30]

<br />Mouse twitches and minimizing window tabs by itself are your reasons to think you're hacked?<br />If you have an optical mouse and a bad mouse pad the mouse might twitch at times cause of the laser.<br />Minimizing window tabs might be caused by some evil vb program that an anti-virus won't pickup.<br />Also, having multiple anti-virus scanners on the same system is a VERY bad thing to do. It makes your system horrible slower.<br />

<br /><br /><br />

Yes I agree about the optical mouse twitches, I have replaced my mousepad since it happened.
It still continues.

I do not have multiple anti virus scanners all on at once, I simply installed each one to scan for false positives.
I have also tried sandboxie my internet browsers, and deep freeze to safeguard my hard drive.

How can I detect DNS sniffers in my network?

[Marts McFly]

I'd have to agree and say it doesn't really sound like you have been hacked... might sound stupid bust have you tried different keyboard/mice/USB ports? I dont know of any virus that would make your mouse twitch unless someone was controlling your PC with a trojan or someting similar.. why would they want to alert the victim?

Before you go to any more extremes (sounds like you've done a fair bit to protect yourself), try a new keyboard, and mouse.. if it still happens, change USB ports. IFFF it still happens, maybe install a software firewall like Outpost and deny everything from running and selectively enable your known-trusted services through, and maybe install wireshark and have a look at if you can see any strange traffic coming in and out of your PC. But it doesn't sound like you're hacked. Is there any other reason why you might think that? You said you've been stalked for over a year now? Can you give us some more details (don't have to be specific). It's entirely possible someone got into your machine... you've cleaned it, but now your mouse is just screwed and you are being paranoid (hopefully).

[loki80]

Have you installed windows from an original cd or from one downloaded from p2p/untrusted site??

[english30]

Thanks for everyone replying to this.

@Trajik Yes, I have tried looking at the connections with Hijack This, however I am a complete nub in that. I also tried Process Explorer (http://technet.micro...s/bb896653.aspx) to see which .dlls are attached to my processes. My biggest concern is someone is dns baiting me on the router, that I believe maybe the weakest link. This is also why I switched to OpenDNS. I've used Zonealarm as my firewall before.

@loki80 The OS I have on this computer is installed from the factories, my guess oem?

Is there a way to install hacked firmware on a router to get sniffs remotely?If so, how can I remove it?

Thanks alot guys

edit-More details, I have scanned my computer ports with ShieldsUp (https://www.grc.com/x/ne.dll?bh0bkyd2) before, and have closed all necessary ports via my router.

Would a hacked firmware bypass all my settings?

[Fireice]

I would say that you are overly paranoid. Do you know any particular person that would want to stalk/hack you? Nowadays, unless you are targeted specifically, a hack would most probably mean turning your pc into a botnet zombie, which is pretty simple to detect if you pay attention (your internet connection will slow down once it starts pushing out spam).

[english30]

I'd have to agree and say it doesn't really sound like you have been hacked... might sound stupid bust have you tried different keyboard/mice/USB ports? I dont know of any virus that would make your mouse twitch unless someone was controlling your PC with a trojan or someting similar.. why would they want to alert the victim?

Before you go to any more extremes (sounds like you've done a fair bit to protect yourself), try a new keyboard, and mouse.. if it still happens, change USB ports. IFFF it still happens, maybe install a software firewall like Outpost and deny everything from running and selectively enable your known-trusted services through, and maybe install wireshark and have a look at if you can see any strange traffic coming in and out of your PC. But it doesn't sound like you're hacked. Is there any other reason why you might think that? You said you've been stalked for over a year now? Can you give us some more details (don't have to be specific). It's entirely possible someone got into your machine... you've cleaned it, but now your mouse is just screwed and you are being paranoid (hopefully).

Trajik I took your advice and ran WireShark.

506 134.090208 199.238.166.245 10.0.1.33 TCP http > pcttunnell [RST, ACK] Seq=21092 Ack=751 Win=0 Len=0

http://www.bleepingc...opic133425.html

I found following information about pcttunnel
My computer is a home computer unlike the stuff people are described on there.

[Fireice]

There is nothing suspicious about the packet that you just posted.
It was generated when your PC was disconnecting from a website, probably _http://whois.securesites.net/. 2274 is just a random port number.

[ruchiicoool]

yes its doesnt seems like a problem

[dellthinker]

How can I detect DNS sniffers in my network?

First time I've heard of one of those. The others are right, what you've explained does not seem to be a hack. When you say you replaced your computer does that mean you went out and 'bought' a brand new one? Or does that mean you just reinstalled Windows?

The only thing I have not replaced since I've been hacked is my 2wire router.

Yeah this could pose a threat if you don't disable the wireless(that's enabled by default when you activate the modem/router) or take steps to secure it properly.

[infiltrator]

I think you should definitely buy a new router that does not have a wireless functionality or simply disable it if you can. Make sure your anti-virus is updated with the latest virus definitions and your windows box contains all the latest patches.
Install a firewall and only allow it to permit applications that you trust, any other application that you are not sure about deny access for it.
If you really are paranoid you could use a sniffing program like Wire-shark to sniff out your network traffic in order to determine if there is any abnormal traffic occurring.

[netcomm]

What type of encrytption are you running on the router?
It could be possible that someone near you is hacking into your wireless network.

I suggest you do the following,

Set it to WPA2 if possible rather than WEP.
Disable netbios over tcp/ip.
Change the deault logins for your router.

Peace.

[infiltrator]

How to secure a home computer:

1. Ensure all software, including the OS is fully patched up
2. To mitigate zero days attack, a good firewall (I recommend Comodo) should be installed, with rules set to only allow certain traffic to access the internet and to deny any incoming request, that hasn't been made.
3. I would recommend using Avast 5, as your AV engine. Its free and it will 99.0% of all times protect your computer, there is no user interaction required for updating it it all happens automatically on the background.
4. If you are still using XP, do not use LMLam to manage your logon passwords, upgrade it to NTLM and make sure you use a complex password or use another means for user authentication that doesn't rely on windows itself.
5. For spyware detection, I use spybot - Search and Destroy and spyware blaster.
6. A VM could also be used for isolating viruses infections when browsing the internet.
7. For a more effective protection a firewall with IDPS functionality could be implemented at the Network perimeter to prevent threats from entering the network.
8. Upgrade any firmware you have on your router or switch and always remember to never click on files or links you are not 100% sure where they come from.