THESE ARE SIGNS TO LOOK FOR TO TELL YOU YOUR COMPUTER IS COMPROMISED
From: remove (@yahoo.com)
From: Tracker <"snailmail(remove)222000"@yahoo.com> Date: Wed, 23 Apr 2003 20:33:52 +0400
You can copy and pass on this information as long as you give the owner
credit where credit is due.
THESE ARE SIGNS TO LOOK FOR TO TELL YOU YOUR COMPUTER IS COMPROMISED:
A. Hackers disable your Daylight Savings Time.
B. The clock on the desktop can be one hour ahead or one hour behind,
C. Your Network Places Icon on the desktop disappears.
D. If using a Windows platform: when you start your computer, your
original screen will pop up, but since the hackers need to boot into
their Server(s), the system will quickly re-boot and the original screen
will appear twice. But your system may re-boot twice instead of once
when loading Windows OEM versions.
E. If your computer system occasionally re-boots on itís own, the
hacker may need to update their Servers to make their computer system
F. If you play Yahoo Games, you may find yourself being kicked out of
the board your playing in. If your winning a game and youíre the host,
the hacker may not let you back in to finish. This means you just lost
a game at the hackers expense. When the computer was hacker safe, I went
back to playing games and havenít been booted out of a game, since.
G. A browser application you install to filter out, or kill file
certain individuals will not function indefinitely. When your computer
system is owned, you arenít able to filter out people in your browser
for more then 1-2 days. A number of computer owners whose systems have
been owned, have advised me they also had the same problem. Because
hackers were using your illegally installed Servers for posting to the
Internet, this is why you are unable to filter or kill file them. This
information was very apparent to myself and other ferret owners whose
computer were owned.
H. When you begin to see Usenet remarks, made on behalf of your
personal life which is private information.
I. Some of your personal files are modified years before they were
created. I have seen a number of personal files modified 7-8 years
before they were even created. How to accomplish this trick: Select
Start, Settings, Control Panel, Date/Time, where the year is, Select the
up or down arrow and, viola. Then open up any file and Select Save. A
new creation date is present.
J. You will find a number of files hidden/readable only, which is
K. When you find additional information in your boot.ini file which
relate to a Virtual Private Network, this can be either software,
hardware or device driver oriented.
L. Under Search for Files and Folders, you do a search on any file
modified in the past month, you will see files which just donít need to
be modified, or files you donít even recognize. For the simple minded,
youíll want to focus on the files which you donít recognize. Unless
your a skilled professional, you wonít realize which files need to be
present or modified, but give it a try anyways. [To perform the above
you will need to see all Hidden Files and Folders.]
M. Select Start, Settings, Control Panel and Network, and look at,
following network components showing. If you see one AOL adapter and
have never used AOL, then two AOL adapters, two TCP/IP, two Dial-Up
adapters, one or two Virtual Private Network adapters, your computer
could be owned. A Virtual Private Network is widely used by hackers
because it can host up to 254 users. "This applies to the average
Internet user who has one modem, one ISP and isnít running any FTP,
HTTP, NNTP, PROXY, SMTP, SOCKS, SQL, or SQUID SERVER." My skills
working with VPNs is almost zero. Every victims system Iíve seen had
two VPNs set-up and they were only using a modem to connect to the
N. Next, Select Start, Run, type Regedit, Select Registry, Select
Export Registry File, in the box type a name say 4-12-02.txt and Select
save. Then open this file with a text editor, and you might be shocked
to find what really is installed on your computer system. Check the
bottom of this file, hackers love to install a bunch of applications,
Servers files and device drivers.
O. You have to turn your computer off by the power supply on a some
what regular basis.
P. Installing a Network Interface Card will cause problems until the
hackers configure this device into their Servers or Virtual Private
Network they setup on your computer.
Q. You find your cd-rom drive opens and closes without your permission.
R. You could hear an annoying beep coming from your system speakers.
S. Your windows screen goes horizontal or vertical.
T. The screen saver picture changes without your permission.
U. On occasion your mouse is out of your control or has an imagination
of itís own. But this could also be caused by a corrupt mouse driver.
V. All of a sudden, your speakers decide to play you some music.
W. Installing a hardware/software firewall for the first time can cause
a number of different problems for you to set-up and configure.
Considering you didnít have these installed from the beginning of your
computer going on the Internet.
X. Your firewall logs show alerts at 12:00 then 11:22 then 12:16 and
back to 11:59.
Y. If using a dial-up/cable/dsl connection you see a number of pings,
port 0, to your computer. The reason is so that the hackers can see if
your computer is active/alive. A system needs to be online for the
hackers to access these Servers. What the hackers actually do is port
scan your Internet Service Provider Block of IP addresses and find your
computer either with file sharing enabled or a Backdoor/Trojan.
Z. If someone is port scanning your system, in your firewall logs the
port assignment arenít in any type of order. You might see a probe at
port 1,10,9,8,6,12,6,43 etc.
AA. When you find you have to set Zone Alarm firewall on medium instead
of high settings.
BB. Once you can view all Files and Folders search for files named
CC. You may find another installed version of your software firewall
application on your hard drive. You will need to Show all Hidden Files
and Folders under your Settings, Control Panel, Folder Option and View,
if using a Windows Platform (excluding 2000,NT and XP).
DD. When you see too many, Pings - port 0, HTTP/Proxy - port 80, 8080,
3128, SMTP - port 25, FTP - port 21, NNTP - port 119 port probes.
Your computer is probably running an illegal "VPN server"; "web server";
"proxy"; "mail and news"; "ftp"; which hackers are attempting to access
for their own personal use.
EE. If you donít see your computer node/source IP address on a
consistent basis to the right side of your firewall log, your system is
hacked/owned. (See the firewall logs below.) The hackers are entering
through your system to attack other "Networks and Systems", so their
identity canít be traced.
FF. When you perform a traceroute on an IP address and you lose your
node/source IP address, ISP routers IP. Or when you donít see your
node/source IP address at all.
GG. If you see the following in your Black Ice Defender INI file. Yes!
folks, here are the IP addresses of the owners who took over my Domains:
a. trust.pair = 18.104.22.168,2000xxx
d. 22.214.171.124, 2003xxx
g. [Trusting] = trust.pair=126.96.36.199,2003xxx