Re: THESE ARE SIGNS TO LOOK FOR TO TELL YOU YOUR COMPUTER IS COMPROMISED
From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: Mon, 28 Apr 2003 22:36:07 -0400
You certainly have some interesting ideas. I can't nor won't say I would recommend anything you say, but you are
interesting in a strange sort of way.
-- Joe Richards www.joeware.net -- "Tracker" <"snailmail(remove)222000"@yahoo.com> wrote in message news:3EA6C06F.6859C200@yahoo.com... > You can copy and pass on this information as long as you give the owner > credit where credit is due. > > THESE ARE SIGNS TO LOOK FOR TO TELL YOU YOUR COMPUTER IS COMPROMISED: > > A. Hackers disable your Daylight Savings Time. > B. The clock on the desktop can be one hour ahead or one hour behind, > on occasion. > C. Your Network Places Icon on the desktop disappears. > D. If using a Windows platform: when you start your computer, your > original screen will pop up, but since the hackers need to boot into > their Server(s), the system will quickly re-boot and the original screen > will appear twice. But your system may re-boot twice instead of once > when loading Windows OEM versions. > E. If your computer system occasionally re-boots on it's own, the > hacker may need to update their Servers to make their computer system > function properly. > F. If you play Yahoo Games, you may find yourself being kicked out of > the board your playing in. If your winning a game and you're the host, > the hacker may not let you back in to finish. This means you just lost > a game at the hackers expense. When the computer was hacker safe, I went > back to playing games and haven't been booted out of a game, since. > G. A browser application you install to filter out, or kill file > certain individuals will not function indefinitely. When your computer > system is owned, you aren't able to filter out people in your browser > for more then 1-2 days. A number of computer owners whose systems have > been owned, have advised me they also had the same problem. Because > hackers were using your illegally installed Servers for posting to the > Internet, this is why you are unable to filter or kill file them. This > information was very apparent to myself and other ferret owners whose > computer were owned. > H. When you begin to see Usenet remarks, made on behalf of your > personal life which is private information. > I. Some of your personal files are modified years before they were > created. I have seen a number of personal files modified 7-8 years > before they were even created. How to accomplish this trick: Select > Start, Settings, Control Panel, Date/Time, where the year is, Select the > up or down arrow and, viola. Then open up any file and Select Save. A > new creation date is present. > J. You will find a number of files hidden/readable only, which is > common practice. > K. When you find additional information in your boot.ini file which > relate to a Virtual Private Network, this can be either software, > hardware or device driver oriented. > L. Under Search for Files and Folders, you do a search on any file > modified in the past month, you will see files which just don't need to > be modified, or files you don't even recognize. For the simple minded, > you'll want to focus on the files which you don't recognize. Unless > your a skilled professional, you won't realize which files need to be > present or modified, but give it a try anyways. [To perform the above > you will need to see all Hidden Files and Folders.] > M. Select Start, Settings, Control Panel and Network, and look at, > following network components showing. If you see one AOL adapter and > have never used AOL, then two AOL adapters, two TCP/IP, two Dial-Up > adapters, one or two Virtual Private Network adapters, your computer > could be owned. A Virtual Private Network is widely used by hackers > because it can host up to 254 users. "This applies to the average > Internet user who has one modem, one ISP and isn't running any FTP, > HTTP, NNTP, PROXY, SMTP, SOCKS, SQL, or SQUID SERVER." My skills > working with VPNs is almost zero. Every victims system I've seen had > two VPNs set-up and they were only using a modem to connect to the > Internet. > N. Next, Select Start, Run, type Regedit, Select Registry, Select > Export Registry File, in the box type a name say 4-12-02.txt and Select > save. Then open this file with a text editor, and you might be shocked > to find what really is installed on your computer system. Check the > bottom of this file, hackers love to install a bunch of applications, > Servers files and device drivers. > O. You have to turn your computer off by the power supply on a some > what regular basis. > P. Installing a Network Interface Card will cause problems until the > hackers configure this device into their Servers or Virtual Private > Network they setup on your computer. > Q. You find your cd-rom drive opens and closes without your permission. > > R. You could hear an annoying beep coming from your system speakers. > S. Your windows screen goes horizontal or vertical. > T. The screen saver picture changes without your permission. > U. On occasion your mouse is out of your control or has an imagination > of it's own. But this could also be caused by a corrupt mouse driver. > V. All of a sudden, your speakers decide to play you some music. > W. Installing a hardware/software firewall for the first time can cause > a number of different problems for you to set-up and configure. > Considering you didn't have these installed from the beginning of your > computer going on the Internet. > X. Your firewall logs show alerts at 12:00 then 11:22 then 12:16 and > back to 11:59. > Y. If using a dial-up/cable/dsl connection you see a number of pings, > port 0, to your computer. The reason is so that the hackers can see if > your computer is active/alive. A system needs to be online for the > hackers to access these Servers. What the hackers actually do is port > scan your Internet Service Provider Block of IP addresses and find your > computer either with file sharing enabled or a Backdoor/Trojan. > Z. If someone is port scanning your system, in your firewall logs the > port assignment aren't in any type of order. You might see a probe at > port 1,10,9,8,6,12,6,43 etc. > AA. When you find you have to set Zone Alarm firewall on medium instead > of high settings. > BB. Once you can view all Files and Folders search for files named > spool*.*. > CC. You may find another installed version of your software firewall > application on your hard drive. You will need to Show all Hidden Files > and Folders under your Settings, Control Panel, Folder Option and View, > if using a Windows Platform (excluding 2000,NT and XP). > DD. When you see too many, Pings - port 0, HTTP/Proxy - port 80, 8080, > 3128, SMTP - port 25, FTP - port 21, NNTP - port 119 port probes. > Your computer is probably running an illegal "VPN server"; "web server"; > "proxy"; "mail and news"; "ftp"; which hackers are attempting to access > for their own personal use. > EE. If you don't see your computer node/source IP address on a > consistent basis to the right side of your firewall log, your system is > hacked/owned. (See the firewall logs below.) The hackers are entering > through your system to attack other "Networks and Systems", so their > identity can't be traced. > FF. When you perform a traceroute on an IP address and you lose your > node/source IP address, ISP routers IP. Or when you don't see your > node/source IP address at all. > GG. If you see the following in your Black Ice Defender INI file. Yes! > folks, here are the IP addresses of the owners who took over my Domains: > > a. trust.pair = 18.104.22.168,2000xxx > b. 22.214.171.124,2000xxx > c. 126.96.36.199,2000xxx > d. 188.8.131.52, 2003xxx > e. 184.108.40.206,2003xxx > f. 220.127.116.11,2003xxx > g. [Trusting] = trust.pair=18.104.22.168,2003xxx > > Tracker > Beefs ol'lady >