| Pages: [1] 2 :: one page |
| Author |
Thread Statistics | Show CCP posts - 1 post(s) |
Cutter Isaacson
Minmatar
Hollow World Mining Corporation
QUANT Hegemony
   |
Posted - 2008.09.07 09:29:00 -
[1]
Hi guys and gals,
I need a bit of advice from someone with a bit more experience than myself. Various types of "files" keep appearing on my PC, of a nature that I would not download, which is causing my girlfriend a great deal of distress.
I have already removed (or atleast thought I'd removed) a keylogger from this PC that was installed by her ex who was an IT technician with quite a lot of skill. Now we keep finding "videos" popping up in places on the PC which neither of us would ever download but which he used to watch on a regular basis it seems.
I have been as thorough as I can, using my limited skills, in finding and deleting/removing various viruses and malicious software but these things keep popping up. Also, having run a netstat check, it seems as though someone is remotely logging into my PC. I really need to know what to do know as Im unsure if this guy might really still have some sort of remote access and is being an shithead (and yes he was known for being one).
Any help would be greatly appreciated.
 Originally by: Haks'he Lirky
Some people should just stick to Pac Man.
|
Louella Dougans
Amarr
|
Posted - 2008.09.07 09:42:00 -
[2]
have you disabled remote assistance?
beyond that I've got nothing. hope it works out for you.
maybe talk to your isp?
Mother disapproves of my lifestyle |
Gungankllr
Caldari
Isonami Syndicate
|
Posted - 2008.09.07 09:44:00 -
[3]
Wipe the HD and reinstall the operating system. That's the only way I know of to make sure everything is gone.
Sucks that you'll lose data, but better to do that than have to deal with that crap/
|
nartela
|
Posted - 2008.09.07 09:44:00 -
[4]
Edited by: nartela on 07/09/2008 09:44:37
if your desperate and are useless with computers either hire someone to remove it for you.
or find you operating system disk and reinstall it, this will erase all your programs and history but your computer will be safe and as fast as it was when it was new.
i reinstall every 6 months you can always save programs you want to keep on a disk or something.
|
Arvald
Caldari
Ninjas N Pirates
Pirate Coalition
|
Posted - 2008.09.07 09:49:00 -
[5]
Originally by: nartela
Edited by: nartela on 07/09/2008 09:44:37
if your desperate and are useless with computers either hire someone to remove it for you.
or find you operating system disk and reinstall it, this will erase all your programs and history but your computer will be safe and as fast as it was when it was new.
i reinstall every 6 months you can always save programs you want to keep on a disk or something.
thats reformat and reinstall, you can reinstall most os and not reformat
|
Fink Angel
Caldari
The Merry Men
|
Posted - 2008.09.07 09:53:00 -
[6]
How do you connect to the Internet? Via a home router? If so, what type?
Reboot your PC, then without running up anything whatsoever, open a command prompt and type NETSTAT -AMO ("Oh", not "zero")
Post the results here and we might be able to see if anything nasty is listening for a connection.
Disable Remote Assistance: http://support.microsoft.com/kb/305608
Get a good scanner and firewall package. I recommend Kaspersky Internet Security.
Other than that, what the man says above. Only true way of knowing you've really got rid of everything is to wipe and re-install.
|
SoftRevolution
|
Posted - 2008.09.07 09:54:00 -
[7]
Edited by: SoftRevolution on 07/09/2008 09:54:23
If you go for a fresh install make sure you reformat not just reinstall and put a firewall on the fresh install.
Oooh. I presume if you can see him on Netstat you can see his IP?
Doing a TRACERT and seeing where it goes to might be informative. With a bit of luck it will be his place of work.
EVE RELATED CONTENT |
Arvald
Caldari
Ninjas N Pirates
Pirate Coalition
|
Posted - 2008.09.07 10:07:00 -
[8]
also for if you do reformat and reinstall
avast
zone alarm
spybot search and destroy
adwatch
all free
ill send you the bill 
|
Cutter Isaacson
Minmatar
Hollow World Mining Corporation
QUANT Hegemony
|
Posted - 2008.09.07 10:12:00 -
[9]
Edited by: Cutter Isaacson on 07/09/2008 10:13:46
Ok, I've run a netstat check and here are the results:
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 86.1.199.98:1947 84.53.178.18:80 TIME_WAIT
TCP 86.1.199.98:1948 84.53.178.18:80 TIME_WAIT
TCP 86.1.199.98:1949 84.53.178.18:80 TIME_WAIT
TCP 86.1.199.98:1950 84.53.178.18:80 TIME_WAIT
TCP 86.1.199.98:1951 84.53.178.18:80 TIME_WAIT
TCP 86.1.199.98:1980 87.237.39.199:80 ESTABLISHED
TCP 86.1.199.98:1992 216.239.59.127:80 ESTABLISHED
TCP 86.1.199.98:1993 87.237.39.200:80 ESTABLISHED
TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1524 127.0.0.1:1525 ESTABLISHED
TCP 127.0.0.1:1525 127.0.0.1:1524 ESTABLISHED
TCP 127.0.0.1:1526 127.0.0.1:1527 ESTABLISHED
TCP 127.0.0.1:1527 127.0.0.1:1526 ESTABLISHED
TCP 127.0.0.1:33233 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:4500 *:*
UDP 86.1.199.98:123 *:*
UDP 86.1.199.98:1900 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1900 *:*
I'm also currently running a trendmicro "housecall" check and I will be looking through those links for some anti-spyware.
EDIT: sorry for the state of the above data, but for some reason i cant even get that to work right today, i hope you can make sense of it 
Originally by: Haks'he Lirky
Some people should just stick to Pac Man.
|
Arvald
Caldari
Ninjas N Pirates
Pirate Coalition
|
Posted - 2008.09.07 10:13:00 -
[10]
Originally by: Cutter Isaacson
Ok, I've run a netstat check and here are the results:
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 86.1.199.98:1947 84.53.178.18:80 TIME_WAIT
TCP 86.1.199.98:1948 84.53.178.18:80 TIME_WAIT
TCP 86.1.199.98:1949 84.53.178.18:80 TIME_WAIT
TCP 86.1.199.98:1950 84.53.178.18:80 TIME_WAIT
TCP 86.1.199.98:1951 84.53.178.18:80 TIME_WAIT
TCP 86.1.199.98:1980 87.237.39.199:80 ESTABLISHED
TCP 86.1.199.98:1992 216.239.59.127:80 ESTABLISHED
TCP 86.1.199.98:1993 87.237.39.200:80 ESTABLISHED
TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1524 127.0.0.1:1525 ESTABLISHED
TCP 127.0.0.1:1525 127.0.0.1:1524 ESTABLISHED
TCP 127.0.0.1:1526 127.0.0.1:1527 ESTABLISHED
TCP 127.0.0.1:1527 127.0.0.1:1526 ESTABLISHED
TCP 127.0.0.1:33233 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:4500 *:*
UDP 86.1.199.98:123 *:*
UDP 86.1.199.98:1900 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1900 *:*
I'm also currently running a trendmicro "housecall" check and I will be looking through those links for some anti-spyware.
well i only see one option left
3lb of c4
|
Hesod Adee
Perkone
|
Posted - 2008.09.07 10:15:00 -
[11]
Originally by: Arvald
Originally by: nartela
Edited by: nartela on 07/09/2008 09:44:37
if your desperate and are useless with computers either hire someone to remove it for you.
or find you operating system disk and reinstall it, this will erase all your programs and history but your computer will be safe and as fast as it was when it was new.
i reinstall every 6 months you can always save programs you want to keep on a disk or something.
thats reformat and reinstall, you can reinstall most os and not reformat
Reformating is the only way to be sure you have got everything. Though if you have proof that the keylogger was installed by someone else, I'd suggest contacting the police before doing anything more.
|
Arvald
Caldari
Ninjas N Pirates
Pirate Coalition
|
Posted - 2008.09.07 10:17:00 -
[12]
Originally by: Hesod Adee
Originally by: Arvald
Originally by: nartela
Edited by: nartela on 07/09/2008 09:44:37
if your desperate and are useless with computers either hire someone to remove it for you.
or find you operating system disk and reinstall it, this will erase all your programs and history but your computer will be safe and as fast as it was when it was new.
i reinstall every 6 months you can always save programs you want to keep on a disk or something.
thats reformat and reinstall, you can reinstall most os and not reformat
Reformating is the only way to be sure you have got everything. Though if you have proof that the keylogger was installed by someone else, I'd suggest contacting the police before doing anything more.
well ether that or this (i know which one im rooting for)
|
Cutter Isaacson
Minmatar
Hollow World Mining Corporation
QUANT Hegemony
|
Posted - 2008.09.07 10:21:00 -
[13]
Originally by: Arvald
well i only see one option left
3lb of c4
HUH??
Originally by: Haks'he Lirky
Some people should just stick to Pac Man.
|
Arvald
Caldari
Ninjas N Pirates
Pirate Coalition
|
Posted - 2008.09.07 10:27:00 -
[14]
Originally by: Cutter Isaacson
Originally by: Arvald
well i only see one option left
3lb of c4
HUH??
ignore that one i was just being a smartass
|
Cutter Isaacson
Minmatar
Hollow World Mining Corporation
QUANT Hegemony
|
Posted - 2008.09.07 10:28:00 -
[15]
So does it look to anyone like ive got a problem? Also, sadly I don't have the reinstall disc for this PC so formatting the HDD isn't really an option.
Originally by: Haks'he Lirky
Some people should just stick to Pac Man.
|
F'nog
Amarr
Celestial Horizon Corp.
Celestial Industrial Alliance
|
Posted - 2008.09.07 10:31:00 -
[16]
Originally by: Gungankllr
Wipe the HD and reinstall the operating system. That's the only way I know of to make sure everything is gone.
Sucks that you'll lose data, but better to do that than have to deal with that crap/
Sidenote: Am I betraying my age when I say that I remember when there was an actual Gungan in your sig?
Originally by: Kazuma Saruwatari
F'nog for Amarr Emperor. Nuff said
Originally by: Chribba
Go F'nog! You're a hero! Not a Zero!  /me bows
|
La'iet
|
Posted - 2008.09.07 11:19:00 -
[17]
Reinstall is the only option to me too... He could be using VNC or any similar program to connect.
You mention not having the reinstall disc, what brand of pc is it? Some pcs have a 2nd hard drive partition with restoration files on them. There could be a system restore utility (not to be confused with the Windows System Restore util)
|
hired goon
Infinite Improbability Inc
Mostly Harmless
|
Posted - 2008.09.07 11:31:00 -
[18]
Wait, wait, guys, we could really turn this around. If we have his IP, and it goes to his place of work, we could phone up the network administrators / his boss and get him fired. In addition, a recent law passed in the UK (if you're in the UK) that makes it illegal to be in posession of any ****ography in which someone is being harmed or appears to be being harmed. If the files fall into that category, you could get him arrested. Although I think hacking like this is an arrestable offence anyway.
Also, do CTRL-ALT-DEL and look at the Processes tab, this should have only a small number of programs to aid the computers speed, and only ones you recognise. If there's anything dodgy looking there, START > RUN then type 'msconfig' and remove them from start-up.
-omg-
|
LaVista Vista
|
Posted - 2008.09.07 11:35:00 -
[19]
Which one these these IP aren't yours?
86.1.199.98
84.53.178.18
|
Fink Angel
Caldari
The Merry Men
|
Posted - 2008.09.07 11:39:00 -
[20]
Originally by: Cutter Isaacson
Edited by: Cutter Isaacson on 07/09/2008 10:13:46
Ok, I've run a netstat check and here are the results:
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 86.1.199.98:1947 84.53.178.18:80 TIME_WAIT
TCP 86.1.199.98:1948 84.53.178.18:80 TIME_WAIT
TCP 86.1.199.98:1949 84.53.178.18:80 TIME_WAIT
TCP 86.1.199.98:1950 84.53.178.18:80 TIME_WAIT
TCP 86.1.199.98:1951 84.53.178.18:80 TIME_WAIT
TCP 86.1.199.98:1980 87.237.39.199:80 ESTABLISHED
TCP 86.1.199.98:1992 216.239.59.127:80 ESTABLISHED
TCP 86.1.199.98:1993 87.237.39.200:80 ESTABLISHED
TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1524 127.0.0.1:1525 ESTABLISHED
TCP 127.0.0.1:1525 127.0.0.1:1524 ESTABLISHED
TCP 127.0.0.1:1526 127.0.0.1:1527 ESTABLISHED
TCP 127.0.0.1:1527 127.0.0.1:1526 ESTABLISHED
TCP 127.0.0.1:33233 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:4500 *:*
UDP 86.1.199.98:123 *:*
UDP 86.1.199.98:1900 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1900 *:*
I'm also currently running a trendmicro "housecall" check and I will be looking through those links for some anti-spyware.
EDIT: sorry for the state of the above data, but for some reason i cant even get that to work right today, i hope you can make sense of it
Damn, I'd assumed you were connecting through a router. You're direct connected. If you don't have a firewall, you really, really need one.
You've given us your real IP address, sorry, I'd recommend you edit your post and asterisk all the addresses that start "86". Also Arvald if you read this could you edit your post quoting the netstat output please?
Of all those lines, I don't really like the look of this one:
TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
Go to Shields Up and see what it says.
|
Cutter Isaacson
Minmatar
Hollow World Mining Corporation
QUANT Hegemony
|
Posted - 2008.09.07 11:45:00 -
[21]
Thanks for your help guys. Sadly it seems my girlfriend doesn't believe me when i say i had nothing to do with these "videos" and such that keep appearing on our machine and seeing as this is the 3rd time it's happened she has decided that she no longer wants to be with me.
6 months means very little these days it seems so i'll be signing off now, i've had a great time being back here and i'll miss you all. bye
Originally by: Haks'he Lirky
Some people should just stick to Pac Man.
|
UnShavenMonkey
Caldari
Dragon's Rage
Intrepid Crossing
|
Posted - 2008.09.07 11:48:00 -
[22]
Remember its also illegal to do what hes doing so report it to your local cyber crime unit and good luck
Ñ°v h¬vT t¦ =¬tO¦t thÇ ¦sºt t° ¬h¬±gF thÇ âvtn«O |
Irulan S'Dijana
Amarr
Imperial Academy
|
Posted - 2008.09.07 11:49:00 -
[23]
If it's not too late this would be a great time to give your HDD to the police and ask them to sort it out.
Once they clear you it may help with the girlfriend problem too.
|
Lucas Avignon
Avignon Associates Inc.
|
Posted - 2008.09.07 11:58:00 -
[24]
Originally by: Cutter Isaacson
So does it look to anyone like ive got a problem? Also, sadly I don't have the reinstall disc for this PC so formatting the HDD isn't really an option.
The guys here gave you good advice, reformat the pc and reinstall.
You have a problem alright m8, personnally I would reformat and reinstall every pc laptop in my house. I would reset all router passwords and wireless networks to the highest possible security.
I would enable hardwire and software firewalls on all the pc's afterwords, get a good secure router that gives DoS protection and use the new n standard wireless networking protocol.
I would not save any files or settings from your pc's, they could be compromised.
It seems your security has been totally compromised, therefore assume someone knows all your usernames/passwords, bank details/cc details and all personal information. Once you have reinstalled everything, you will need to change all passwords (use secure symbol/letter/number combinations 12 digits long) on all your email addresses, your bank/cc login details and all other login/password details.
Saying you don't have a reinstall disk is not an excuse. You can download every bloody os from the net through torrents, your next door neighbour will most likely have a windows cd you can borrow, and your laptop/pc will have the windows code stuck on the side.
I would treat this as very serious, he could do all manner of things, from using your personal info to commit fraud to if he is very sinister, download child ****ography and tip off the police and uninstall his remote control software, however most things are fully traceable these days depending on what proxies he is using.
I think you probably should call the police though, they may end up taking your pc but a compromised pc is useless.
Originally by: CCP Prism X
Yeah, and while we're at it we can create a controlled environment around account hacking and credit card fraud and all the other EULA breaches..
|
Cutter Isaacson
Minmatar
Hollow World Mining Corporation
QUANT Hegemony
|
Posted - 2008.09.07 12:16:00 -
[25]
Thanks for all the replies people, i will pass along all the suggestions to my (now) ex-girlfriend and tell her she would be wise to follow your advice. Hopefully she won't have any further problems.
peace out
Originally by: Haks'he Lirky
Some people should just stick to Pac Man.
|
Monkey Saturday
Knights of Chaos
Chaos Incarnate.
|
Posted - 2008.09.07 12:51:00 -
[26]
I'm assuming these "videos" are of the illegal variety. If this is the case the first and only thing you should have done is take your pc to your local police station and explain to them that someone has been remotely downloading them to your hard drive. Believe me, police everywhere have access to a very deep pool of international IT guys who do nothing but trace people's IP activity all day every day.
You really don't want something like having illegal material on your hard drive that you did not put there come back to bite you in the butt (IE: one-way ticket to butthurt hotel if you catch my drift).
Thanks for the Maulus BPO nerf! :D |
Cutter Isaacson
Minmatar
Hollow World Mining Corporation
QUANT Hegemony
|
Posted - 2008.09.07 15:17:00 -
[27]
the videos were not illegal, just ****ography. this is something my ex-girlfriend feels very strongly about and seeing as i had no particular attachment to the stuff i promised never to watch it. After all it was no hardship, she is a beautiful woman and i had no need for such things once i was with her.
Now however, due to the fact that these things keep "popping up" all over the place, she assumes its me. The fact that it seems that someone has been using this pc remotely to do all kinds of dumb ass things (including downloading all sorts of spyware ridden crap) makes no difference to her, she doesn't understand that people can and do, do this kind of thing everyday across the world.
My suspicion is that her ex, who had downloaded, installed and was using a keylogger and remote access software long after his departure from her life also seems to cause no concern for her. So I have given up hope of her seeing sense and Im leaving. Once again, thankyou for your assistance everyone and fly safe. Hopefully a mod will be along soon to lock and delete this thread.
Originally by: Haks'he Lirky
Some people should just stick to Pac Man.
|
Cutter Isaacson
Minmatar
Hollow World Mining Corporation
QUANT Hegemony
|
Posted - 2008.09.17 11:28:00 -
[28]
Seeing as you guys n gals were kind enough to take the time to reply to this thread of mine, i thought i'd update you.
Im now running behind a router with a firewall and a decent anti-virus kit running. I managed to find the original OS disk and promtply reinstalled windows. And as a further bonus, the shit head that installed the remote access stuff has been arrested and is being charged with all manner of things that should see him spending atleast some time at her majestys pleasure.
Also, im back with the missus and everything is runnning smoothly. So once again, thankyou for all your help, it means an awful lot to me.
Originally by: Haks'he Lirky
Some people should just stick to Pac Man.
|
Kyrall
A Few Killers
|
Posted - 2008.09.17 11:48:00 -
[29]
Originally by: Slade Trillgon
Poetic Justice
I am happy for you Bub.
Slade
Better than that: Internet justice!
_____ Originally by: Pwett
You sir, underestimate the things I have and will pee on.
|
|
CCP Navigator
C C P
|
Posted - 2008.09.17 12:24:00 -
[30]
Locked on request of OP.
Navigator
Senior Community Representative
CCP Hf, EVE Online
Email / Netfang
|
|
| |
|
| Pages: [1] 2 :: one page |
| First page | Previous page | Next page | Last page |