Re: POSSIBLE HACK...PLEASE, PLEASE HELP!

Hi Shenan,

I checked my internal and external IPs. They're different. I typed the
username and password as you said but got spooked when it said: Warning:
This server is requesting that your username and password be sent in an
insecure manner (basic authentication without a secure connection)....so I
just clicked cancel rather than OK. I got an 'unauthorized' page. Had I
clicked OK and it 'did' take me to the next page...I want to know where I'm
going before I get there. What would've come next?

When I did the search, I put a * in the search box and asked for any files
modified with today's date. Everything from Program Files to documents to
pictures were on that list. I can't say 'everything' was there, tho.

What's MultiAV? I already ran an anitvirus.



Sheesh...thanks for putting up with me. You're a great help in figuring
this out.

"Shenan Stanley" wrote:

Annie wrote:
The tech had me come up with a long password for the network key.
Is that the password you're talking about? He does know it and I'm
not sure how to change it on my own. (I'll figure that out later)
If that's not what you're talking about, I have no idea if he
changed anything else from default. Guess I'll have to call the
BrightHouse tech tomorrow.

I ran my antivirus: no virus
I ran AdAware: about 200 cookies
I ran Spybot: fixed 68

Computer was taking forever to reboot so I manually turned it off
(by the button). I knew right there something was wrong. All
files were modified with today's date, too. ???

Thanks so much for the info.

No - the wireless password that he probably set for WEP, WPA or WPA2 is not
the same as the password for the router itself. (Well - I suppose they
could be set that way - but the WEP/WPA/WPA2 password for wireless
connectivity is not what we are concerned with here.)

When you did the IPCONFIG feom the earlier posting - what was the internat
IP you received? If I had to venture a guess - it would be 192.168.1.# (#
could be anything between 2 and 254...) If so (or something like that) -
then what you can do is test if the Netgear router configuration password
has been set.

Open your Internet Explorer on a machine connected to that router for
Internet service. For the address type the first three digits of the IP you
have and the last number will be a one (example - if your IP is 10.0.0.45,
type http://10.0.0.1/ and press enter. If your IP was 192.168.1.56, then
you would type http://192.168.1.1/ and press enter - etc.) It should come
up and ask you for a username and password. The username is "admin" (sans
the quotes) and the password - if still set to default - is "password" (sans
the quotes.) If the tech changed it - you will know because the default
admin/password will fail.

As for "files were modified with today's date" - dependent on where the
files were changed (which files exactly and which date (modified, created or
accessed) - that could mean nothing. Honestly - did you look at *all* the
files on your machine or in a particular directory - and what particular
directory?

If the machine is not connected to the Internet - it cannot send anything
else out.

Download and put SuperAntiSpyware on it - scan with it.
Get MultiAV and put it on it and run it per instructions.

(Google for those two products.)

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html



.