Re: Have I been hacked or am I being spyed on?

From: Chuck (none_at_example.net)
Date: 03/10/04

• Next message: Al Dykes: "Re: Cost of cheap but decent hardware firewall"
• Previous message: John: "Re: Cost of cheap but decent hardware firewall"
• In reply to: Sparks: "Have I been hacked or am I being spyed on?"
• Next in thread: chris_at_nospam.com: "Re: Have I been hacked or am I being spyed on?"
• Reply: chris_at_nospam.com: "Re: Have I been hacked or am I being spyed on?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 10 Mar 2004 11:08:10 -0600

On 9 Mar 2004 20:18:46 -0800, temp@o2.ie (Sparks) wrote:

>Hi there, I'm hoping somebody out there can help me or help throw some
>light on this rather strange problem I have been experiencing over the
>last couple of days.
>
>I use McAfee Firewall as well as the Windows XP 'Internet Connection
>Firewall' on my PC. I also have some Adware sofware that shows up
>anything that has embedded itself into my registry files, i.e. ads
>etc. which I can remove easily enough once detected.
>
>I use my PC quite a lot each day and would consider that I have my PC
>well protected however over the last day or so I have noticed some
>very strange files on my PC including up to 40 '.zip' files in my
>Windows directory, these files have all sorts of names on them, some
>of which are of the nasty variety. I have now on 3 occasions deleted
>these files out of my Windows directory only to find some hours later
>they re-appear and often more of them. At the same I have started to
>receive some strange e-mails with zip fie attachments (that I do not
>open), again they have all sorts of titles, the most recent one was 'I
>know your password', on closer examination on the content of the zip
>file it was '.pif' file (am not sure what they are?).
>
>I am very concerned about both of these phenomenons but particularly
>the one where files are being saved or appearing on my hard drive.
>
>How is this happening when I have security in place and what can I do
>to rid myself of the problem?.
>
>I really do appreciate any assistance that anyone can provide to me on
>this problem.
>
>Many thanks in advance!.
>
>Mark

Mark,

Re the strange emails with zip file attachments, these are most likely viruses
being sent from other infected computers. Assuming that you do not open the
attachments, you're OK here. But keep your virus protection up to date always -
the next attack may be sneakier.

Re the strange files, I would bet that this is spyware that your Adware software
(AdAware?) is not picking up. For this, you need to try several products, all
free.

Start by downloading LSP-Fix from <http://www.cexx.org/lspfix.htm>, and
CWShredder from <http://www.majorgeeks.com/download4086.html>.

First, run CWShredder.

Next check for, and remove, spyware. Get HijackThis
<http://www.majorgeeks.com/download.php?det=3155> and Spybot S&D
<http://security.kolla.de/index.php?lang=en&page=download>.
1) Install and run Spybot. First update it ("Search for updates"), then run a
scan ("Check for problems"). Trust Spybot, and make all recommended deletions.
2) Install and run HijackThis. Do NOT make any changes immediately. Save the
Log.
3) Have your HJT log interpreted by experts at one or more of the following
forums (and post it here):
<http://forums.tomcoyote.org/>
<http://63.247.79.145/~coyote/forums/index.php?act=idx>
<http://www.wilderssecurity.com/index.php?board=17>
<http://forums.net-integration.net/index.php?s=8a1e9d7c1978cff54ca06a3210c7c1b0&showforum=32>
<http://www.spywareinfo.com/forums/index.php?s=68ddc23721b063d5411ece09e5ac93f9&showforum=11>

If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix.

Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

• Next message: Al Dykes: "Re: Cost of cheap but decent hardware firewall"
• Previous message: John: "Re: Cost of cheap but decent hardware firewall"
• In reply to: Sparks: "Have I been hacked or am I being spyed on?"
• Next in thread: chris_at_nospam.com: "Re: Have I been hacked or am I being spyed on?"
• Reply: chris_at_nospam.com: "Re: Have I been hacked or am I being spyed on?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Any Way to Uninstall IE? ... Before trying to remove spyware: ... computer from the internet and/or any network to which it may be attached. ... Files are hidden by Windows for a very good reason. ... Run HackerDefender Disabler. ... (microsoft.public.windows.inetexplorer.ie6.browser) Re: possible spyware problem, please help! ... I've heard this is related to spyware. ... Messenger Service of Windows ... Messenger Service Window That Contains an Internet Advertisement ... (microsoft.public.security.virus) Re: Windows XP starts slow. ... When I start windows I open the ... probably legitimately accessing the internet. ... You also might benefit from a virus and spyware check. ... Spybot S&D analyse your startup apps lists. ... (microsoft.public.windowsxp.perform_maintain) Re: Spyware which tracks keystrokes? ... Do not use Internet Explorer or Outlook, ... Since all Windows machines ship ... Be careful about what you download. ... Yahoo to search around for and "spyware". ... (comp.security.misc) Re: 100% CPU Usage? ... I run the 5 spyware killer ... >If you don't wish to follow all of the advice ... a "Windows" operating ... >You should also empty your Internet Explorer Temporary ... (microsoft.public.windowsxp.perform_maintain)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint