Re: Hacker has changed code; need original to compare.

From: Mike Brannigan [MSFT] (mikebran_at_online.microsoft.com)
Date: 11/26/03 

Date: Wed, 26 Nov 2003 18:09:20 -0000

(top posted due to length of original mail)

Renie,

The originals of any Windows XP components are on your original Windows XP
CD ROM.
If the person has made code changes you could perform a repair install to
restore all the system files to as shipped.
If they have only made configuration changes this will not be fixed by a
repair install. If you are unable to remove their changes then backup you
application data and rebuild your PC. Take the appropriate measures to
secure your PC before you reconnect to the Internet. 

-- 
Regards,
Mike
--
Mike Brannigan [Microsoft]
This posting is provided "AS IS" with no warranties, and confers no
rights
Please note I cannot respond to e-mailed questions, please use these
newsgroups
"Renie" <anonymous@discussions.microsoft.com> wrote in message
news:104a01c3b43c$2e10b470$a501280a@phx.gbl...
> I have an unusual problem.   I am using Windows XP
> Professional and IE6.
>
> I have a hacker who constantly bothers me.  About a week
> ago, they changed my Internet access code so that when I
> log onto Windows, it immediately dials my ISP to connect
> to the internet.
>
> If I click to cancel, it immediately redialmc It seems
> that they also have it set to dial an unlimited number of
> times in rapid succession. (Like a repeater.)
>
> The only way I can limit them from dialing up the net, is
> to set my privacy controls to a "protected password"
> statumc  But, this doesn't stop the dialer.
>
> It will continue to dial and just give an error message,
> reset and redial.
>
> I then don't bother to cancel, so I have the 2 boxes then
> displayed on my desktop.  The one that says it
> is "Connecting" and the one that give the "Error" message.
>
> This will remain in place, as long as I am working on my
> desktop.
>
> To access the net, I have to go into my connection
> settings, change my privacy settings back to "unsecured
> password"; and click cancel on their dialer box, and try
> to quickly beat them connecting to the internet so I get
> on and they don't.  Which is what I have done to get here.
>
> I have purchased bCentral Web Hosting and additional
> products which I cannot use now, as I am afraid to let
> this individual know about them.  So, he is not just
> causing a waste of time, but a waste of money, also.
>
> This person is a real hazzard to the internet.  I have
> traced the activities of this person, found his location,
> and have their identity.
>
> In my tracing activity, I have found that he also changes
> my ISP number from one day to the next, depending upon
> what he is using my computer as a portal to obtain from
> the net.
>
> In my state, I can prosecute them.  But, I need a copy of
> the original code that dials up IE6, and compare it to
> the code that has been changed as my proof.
>
> I believe that this may be in the INF files, as I have
> done a search and have seen where certain files were
> changed during the past 2 weekmc I also searched for a
> separate .EXE program file but found none.
>
> Can anyone tell me
>
> 1.  If I should look for a specific Program name?
>
> 2.  How I can obtain the original code pages for the
> comparison?  It would be greatly appreciated.
>
> 3.  Or, if this is an activity that is being totally run
> on the outside?
>
> Any help dealing with this sick individual will be
> GREATLY APPRECIATED.