Re: THESE ARE SIGNS TO LOOK FOR TO TELL YOU YOUR COMPUTER IS COMPROMISED

From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 04/29/03 

Date: Mon, 28 Apr 2003 22:36:07 -0400

You certainly have some interesting ideas. I can't nor won't say I would recommend anything you say, but you are
interesting in a strange sort of way. 

--
Joe Richards
www.joeware.net
--
"Tracker" <"snailmail(remove)222000"@yahoo.com> wrote in message news:3EA6C06F.6859C200@yahoo.com...
> You can copy and pass on this information as long as you give the owner
> credit where credit is due.
>
> THESE ARE SIGNS TO LOOK FOR TO TELL YOU YOUR COMPUTER IS COMPROMISED:
>
> A.  Hackers disable your Daylight Savings Time.
> B.  The clock on the desktop can be one hour ahead or one hour behind,
> on occasion.
> C.  Your Network Places Icon on the desktop disappears.
> D.  If using a Windows platform: when you start your computer, your
> original screen will pop up, but since the hackers need to boot into
> their Server(s), the system will quickly re-boot and the original screen
> will appear twice.  But your system may re-boot twice instead of once
> when loading Windows OEM versions.
> E.  If your computer system occasionally re-boots on it's own, the
> hacker may need to update their Servers to make their computer system
> function properly.
> F.  If you play Yahoo Games, you may find yourself being kicked out of
> the board your playing in.  If your winning a game and you're the host,
> the hacker may not let you back in to finish.  This means you just lost
> a game at the hackers expense. When the computer was hacker safe, I went
> back to playing games and haven't been booted out of a game, since.
> G.  A browser application you install to filter out, or kill file
> certain individuals will not function indefinitely.  When your computer
> system is owned, you aren't able to filter out people in your browser
> for more then 1-2 days.  A number of computer owners whose systems have
> been owned, have advised me they also had the same problem.  Because
> hackers were using your illegally installed Servers for posting to the
> Internet, this is why you are unable to filter or kill file them.  This
> information was very apparent to myself and other ferret owners whose
> computer were owned.
> H.  When you begin to see Usenet remarks, made on behalf of your
> personal life which is private information.
> I.  Some of your personal files are modified years before they were
> created.  I have seen a number of personal files modified 7-8 years
> before they were even created.  How to accomplish this trick: Select
> Start, Settings, Control Panel, Date/Time, where the year is, Select the
> up or down arrow and, viola.  Then open up any file and Select Save.  A
> new creation date is present.
> J.  You will find a number of files hidden/readable only, which is
> common practice.
> K.  When you find additional information in your boot.ini file which
> relate to a Virtual Private Network, this can be either software,
> hardware or device driver oriented.
> L.  Under Search for Files and Folders, you do a search on any file
> modified in the past month, you will see files which just don't need to
> be modified, or files you don't even recognize.  For the simple minded,
> you'll want to focus on the files which you don't recognize.  Unless
> your a skilled professional, you won't realize which files need to be
> present or modified, but give it a try anyways.  [To perform the above
> you will need to see all Hidden Files and Folders.]
> M.  Select Start, Settings, Control Panel and Network, and look at,
> following network components showing.  If you see one AOL adapter and
> have never used AOL, then two AOL adapters,  two TCP/IP, two Dial-Up
> adapters, one or two Virtual Private Network adapters, your computer
> could be owned.  A Virtual Private Network is widely used by hackers
> because it can host up to 254 users. "This applies to the average
> Internet user who has one modem, one ISP and isn't running any FTP,
> HTTP, NNTP, PROXY, SMTP, SOCKS, SQL, or SQUID SERVER."  My skills
> working with VPNs is almost zero.  Every victims system I've seen had
> two VPNs set-up and they were only using a modem to connect to the
> Internet.
> N.  Next, Select Start, Run, type Regedit, Select Registry, Select
> Export Registry File, in the box type a name say 4-12-02.txt and Select
> save.  Then open this file with a text editor, and you might be shocked
> to find what really is installed on your computer system.  Check the
> bottom of this file, hackers love to install a bunch of applications,
> Servers files and device drivers.
> O.  You have to turn your computer off by the power supply on a some
> what regular basis.
> P.  Installing a Network Interface Card will cause problems until the
> hackers configure this device into their Servers or Virtual Private
> Network they setup on your computer.
> Q.  You find your cd-rom drive opens and closes without your permission.
>
> R.  You could hear an annoying beep coming from your system speakers.
> S.  Your windows screen goes horizontal or vertical.
> T.  The screen saver picture changes without your permission.
> U.  On occasion your mouse is out of your control or has an imagination
> of it's own.  But this could also be caused by a corrupt mouse driver.
> V.  All of a sudden, your speakers decide to play you some music.
> W.  Installing a hardware/software firewall for the first time can cause
> a number of different problems for you to set-up and configure.
> Considering you didn't have these installed from the beginning of your
> computer going on the Internet.
> X.  Your firewall logs show alerts at 12:00 then 11:22 then 12:16 and
> back to 11:59.
> Y.  If using a dial-up/cable/dsl connection you see a number of pings,
> port 0, to your computer.  The reason is so that the hackers can see if
> your computer is active/alive. A system needs to be online for the
> hackers to access these Servers.  What the hackers actually do is port
> scan your Internet Service Provider Block of IP addresses and find your
> computer either with file sharing enabled or a Backdoor/Trojan.
> Z.  If someone is port scanning your system, in your firewall logs the
> port assignment aren't in any type of order.  You might see a probe at
> port 1,10,9,8,6,12,6,43 etc.
> AA.  When you find you have to set Zone Alarm firewall on medium instead
> of high settings.
> BB.  Once you can view all Files and Folders search for files named
> spool*.*.
> CC.  You may find another installed version of your software firewall
> application on your hard drive.  You will need to Show all Hidden Files
> and Folders under your Settings, Control Panel, Folder Option and View,
> if using a Windows Platform (excluding 2000,NT and XP).
> DD.  When you see too many,  Pings - port 0, HTTP/Proxy - port 80, 8080,
> 3128,  SMTP - port 25, FTP -  port 21, NNTP - port 119 port probes.
> Your computer is probably running an illegal "VPN server"; "web server";
> "proxy"; "mail and news"; "ftp"; which hackers are attempting to access
> for their own personal use.
> EE.  If you don't see your computer node/source IP address on a
> consistent basis to the right side of your firewall log, your system is
> hacked/owned. (See the firewall logs below.) The hackers are entering
> through your system to attack other "Networks and Systems", so their
> identity can't be traced.
> FF.  When you perform a traceroute on an IP address and you lose your
> node/source IP address, ISP routers IP.  Or when you don't see your
> node/source IP address at all.
> GG.  If you see the following in your Black Ice Defender INI file.  Yes!
> folks, here are the IP addresses of the owners who took over my Domains:
>
> a.  trust.pair = 168.143.114.50,2000xxx
> b.  200.10.69.8,2000xxx
> c.  172.149.134.138,2000xxx
> d.  12.231.23.99, 2003xxx
> e.  12.231.11.119,2003xxx
> f.  209.213.79.152,2003xxx
> g.  [Trusting] = trust.pair=206.134.133.10,2003xxx
>
> Tracker
> Beefs ol'lady
>

Relevant Pages