THESE ARE SIGNS TO LOOK FOR TO TELL YOU YOUR COMPUTER IS COMPROMISED

From: remove (@yahoo.com)
Date: 04/23/03

  • Next message: anthony: "Popups and csrss.exe" 
    From: Tracker <"snailmail(remove)222000"@yahoo.com>
Date: Wed, 23 Apr 2003 20:33:52 +0400

    You can copy and pass on this information as long as you give the owner
    credit where credit is due.

    THESE ARE SIGNS TO LOOK FOR TO TELL YOU YOUR COMPUTER IS COMPROMISED:

    A. Hackers disable your Daylight Savings Time.
    B. The clock on the desktop can be one hour ahead or one hour behind,
    on occasion.
    C. Your Network Places Icon on the desktop disappears.
    D. If using a Windows platform: when you start your computer, your
    original screen will pop up, but since the hackers need to boot into
    their Server(s), the system will quickly re-boot and the original screen
    will appear twice. But your system may re-boot twice instead of once
    when loading Windows OEM versions.
    E. If your computer system occasionally re-boots on it’s own, the
    hacker may need to update their Servers to make their computer system
    function properly.
    F. If you play Yahoo Games, you may find yourself being kicked out of
    the board your playing in. If your winning a game and you’re the host,
    the hacker may not let you back in to finish. This means you just lost
    a game at the hackers expense. When the computer was hacker safe, I went
    back to playing games and haven’t been booted out of a game, since.
    G. A browser application you install to filter out, or kill file
    certain individuals will not function indefinitely. When your computer
    system is owned, you aren’t able to filter out people in your browser
    for more then 1-2 days. A number of computer owners whose systems have
    been owned, have advised me they also had the same problem. Because
    hackers were using your illegally installed Servers for posting to the
    Internet, this is why you are unable to filter or kill file them. This
    information was very apparent to myself and other ferret owners whose
    computer were owned.
    H. When you begin to see Usenet remarks, made on behalf of your
    personal life which is private information.
    I. Some of your personal files are modified years before they were
    created. I have seen a number of personal files modified 7-8 years
    before they were even created. How to accomplish this trick: Select
    Start, Settings, Control Panel, Date/Time, where the year is, Select the
    up or down arrow and, viola. Then open up any file and Select Save. A
    new creation date is present.
    J. You will find a number of files hidden/readable only, which is
    common practice.
    K. When you find additional information in your boot.ini file which
    relate to a Virtual Private Network, this can be either software,
    hardware or device driver oriented.
    L. Under Search for Files and Folders, you do a search on any file
    modified in the past month, you will see files which just don’t need to
    be modified, or files you don’t even recognize. For the simple minded,
    you’ll want to focus on the files which you don’t recognize. Unless
    your a skilled professional, you won’t realize which files need to be
    present or modified, but give it a try anyways. [To perform the above
    you will need to see all Hidden Files and Folders.]
    M. Select Start, Settings, Control Panel and Network, and look at,
    following network components showing. If you see one AOL adapter and
    have never used AOL, then two AOL adapters, two TCP/IP, two Dial-Up
    adapters, one or two Virtual Private Network adapters, your computer
    could be owned. A Virtual Private Network is widely used by hackers
    because it can host up to 254 users. "This applies to the average
    Internet user who has one modem, one ISP and isn’t running any FTP,
    HTTP, NNTP, PROXY, SMTP, SOCKS, SQL, or SQUID SERVER." My skills
    working with VPNs is almost zero. Every victims system I’ve seen had
    two VPNs set-up and they were only using a modem to connect to the
    Internet.
    N. Next, Select Start, Run, type Regedit, Select Registry, Select
    Export Registry File, in the box type a name say 4-12-02.txt and Select
    save. Then open this file with a text editor, and you might be shocked
    to find what really is installed on your computer system. Check the
    bottom of this file, hackers love to install a bunch of applications,
    Servers files and device drivers.
    O. You have to turn your computer off by the power supply on a some
    what regular basis.
    P. Installing a Network Interface Card will cause problems until the
    hackers configure this device into their Servers or Virtual Private
    Network they setup on your computer.
    Q. You find your cd-rom drive opens and closes without your permission.

    R. You could hear an annoying beep coming from your system speakers.
    S. Your windows screen goes horizontal or vertical.
    T. The screen saver picture changes without your permission.
    U. On occasion your mouse is out of your control or has an imagination
    of it’s own. But this could also be caused by a corrupt mouse driver.
    V. All of a sudden, your speakers decide to play you some music.
    W. Installing a hardware/software firewall for the first time can cause
    a number of different problems for you to set-up and configure.
    Considering you didn’t have these installed from the beginning of your
    computer going on the Internet.
    X. Your firewall logs show alerts at 12:00 then 11:22 then 12:16 and
    back to 11:59.
    Y. If using a dial-up/cable/dsl connection you see a number of pings,
    port 0, to your computer. The reason is so that the hackers can see if
    your computer is active/alive. A system needs to be online for the
    hackers to access these Servers. What the hackers actually do is port
    scan your Internet Service Provider Block of IP addresses and find your
    computer either with file sharing enabled or a Backdoor/Trojan.
    Z. If someone is port scanning your system, in your firewall logs the
    port assignment aren’t in any type of order. You might see a probe at
    port 1,10,9,8,6,12,6,43 etc.
    AA. When you find you have to set Zone Alarm firewall on medium instead
    of high settings.
    BB. Once you can view all Files and Folders search for files named
    spool*.*.
    CC. You may find another installed version of your software firewall
    application on your hard drive. You will need to Show all Hidden Files
    and Folders under your Settings, Control Panel, Folder Option and View,
    if using a Windows Platform (excluding 2000,NT and XP).
    DD. When you see too many, Pings - port 0, HTTP/Proxy - port 80, 8080,
    3128, SMTP - port 25, FTP - port 21, NNTP - port 119 port probes.
    Your computer is probably running an illegal "VPN server"; "web server";
    "proxy"; "mail and news"; "ftp"; which hackers are attempting to access
    for their own personal use.
    EE. If you don’t see your computer node/source IP address on a
    consistent basis to the right side of your firewall log, your system is
    hacked/owned. (See the firewall logs below.) The hackers are entering
    through your system to attack other "Networks and Systems", so their
    identity can’t be traced.
    FF. When you perform a traceroute on an IP address and you lose your
    node/source IP address, ISP routers IP. Or when you don’t see your
    node/source IP address at all.
    GG. If you see the following in your Black Ice Defender INI file. Yes!
    folks, here are the IP addresses of the owners who took over my Domains:

    a. trust.pair = 168.143.114.50,2000xxx
    b. 200.10.69.8,2000xxx
    c. 172.149.134.138,2000xxx
    d. 12.231.23.99, 2003xxx
    e. 12.231.11.119,2003xxx
    f. 209.213.79.152,2003xxx
    g. [Trusting] = trust.pair=206.134.133.10,2003xxx

    Tracker
    Beefs ol'lady

  • Next message: anthony: "Popups and csrss.exe"

    Relevant Pages