This Morning...

  • Two Factor Authentication is now available on BeyondUnreal Forums. To configure it, visit your Profile and look for the "Two Step Verification" option on the left side. We can send codes via email (may be slower) or you can set up any TOTP Authenticator app on your phone (Authy, Google Authenticator, etc) to deliver codes. It is highly recommended that you configure this to keep your account safe.

digital-warrior

Awake...
Nov 3, 2001
732
0
16
53
tx
Visit site
my wife was on the computer, and noticed that someone was searching through my C drive. Instead of coming to let me look she disconnected from the net and turned the computer off. She then booted back up and reconnected to the net. THEN she finally came and got me because the desktop internet shortcut's were'nt working.

Also I noticed clicking buttons, like the manage attachments button won't pop up the window unless I turn the firewalloff.

Can anyone tell me what this means?
Edit: This is what I get when clicking a desktop internet shortcut.
 

Attachments

  • windowaccess.jpg
    windowaccess.jpg
    15.6 KB · Views: 32
Last edited by a moderator:

StoneViper

you can call me Mike
Nov 3, 2001
1,907
0
0
43
N43° 03' 16" :::: W77° 36' 03"
right click the file the shortcut points to and see if your username is in the list of permissions. i've have hackers remove admin permissions to files on my machine before.

edit]] user level permissions not share level permissions.
 

digital-warrior

Awake...
Nov 3, 2001
732
0
16
53
tx
Visit site
actually, it's all internet shortcut's on my desktop.

also found that web links on the net wont work with the firewall up either. Just started doing that today. Like anytime one of you link to another page, I click on it and nothing happen's.
 

QUALTHWAR

Baitshop opening soon.
Apr 9, 2000
6,432
71
48
Nali City, Florida
web.tampabay.rr.com
It almost sounds like they were messing with the settings for your firewall. Like maybe they were trying to upload or download something from your PC and wasn't having any luck, so they started messing with settings so they could. That or they were just trying to screw stuff up as much as possible.

I had somebody get on my machine like a year ago, and the good folks here told me to get a router. I bought a linksys router for about 10 bucks at best buy and that took care of the problem. I'm not running a firewall program anymore, just us the router as security. After using the router, i went to this site http://grc.com/intro.htm and all my connections to the PC showed up as Stealth. In other words, they were invisible as if they weren't even there.
 

SpiritWalker

Tattooed Beat Messiah / Prime Mover
Feb 20, 2002
1,493
0
0
NC
webpages.charter.net
DigitalW said:
my wife was on the computer, and noticed that someone was searching through my C drive. Instead of coming to let me look she disconnected from the net and turned the computer off. She then booted back up and reconnected to the net. THEN she finally came and got me because the desktop internet shortcut's were'nt working.

Also I noticed clicking buttons, like the manage attachments button won't pop up the window unless I turn the firewalloff.


couple of questions for you;

What was happening when your wife saw someone searching.?? Most firewall/anti virus programs do a system scan on occasion

Are you on XP? and it's the XP firewall you have? I have tried taking that sucker apart.. hate it hate it hate it.
Either way.. just run a system restore if you are on XP (or ME.. but you have wayyyy to much taste for that don't you:))


try
http://www.wilderssecurity.com/bhblaster.html

but first..

DL and run this.. post the log.. maybe we can see what's up.

http://www.spychecker.com/program/hijackthis.html
 

digital-warrior

Awake...
Nov 3, 2001
732
0
16
53
tx
Visit site
She said that she had just sat down, and was fixing to check her e-mail(web based MSN). Then she noticed that a window opened, and It looked like someone was searching for something.
All programs seem to work fine, I just can't use desktop internet shortcuts, or click on hyperlinks in web pages with the firewall running.

I use HiJackThis regularly, I'm running XP, and use procexp instead of taskmanager. I have Kerio firewall, AVG antivirus, Adaware 6. (Note: I hate Norton antivirus)
 

QUALTHWAR

Baitshop opening soon.
Apr 9, 2000
6,432
71
48
Nali City, Florida
web.tampabay.rr.com
Is it possible it could be due to the latest virus:

W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip.

When a computer is infected, the worm sets up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.

In addition, the backdoor can download and execute arbitrary files.

There is a 25% chance that a computer infected by the worm will perform a Denial of Service (DoS) on February 1, 2004 starting at 16:09:18 UTC, which is also the same as 08:09:18 PST, based on the machine's local system date/time. If the worm does start the DoS attack, it will not mass mail itself. It also has a trigger date to stop spreading/DoS-attacking on February 12, 2004. While the worm will stop on February 12, 2004, the backdoor component will continue to function after this date.
 

digital-warrior

Awake...
Nov 3, 2001
732
0
16
53
tx
Visit site
QUALTHWAR said:
It almost sounds like they were messing with the settings for your firewall.QUOTE]

Taking this advice, I disabled the firewall....worked. d/led zone alarm for the time being, till I can figure out exactly what all they messed with.
Hope this does'nt happen to often. kinda sux...

Gonna check out that virus info as well....
edit:What kinda eases my mind is, me and my wife both use web based e-mail, and we never open attachments.
 
Last edited by a moderator:

digital-warrior

Awake...
Nov 3, 2001
732
0
16
53
tx
Visit site
Yea I'm running it now just to check...

Edit: say's it was'nt found on the computer, i'll try again later just to be sure...
 
Last edited by a moderator:

QUALTHWAR

Baitshop opening soon.
Apr 9, 2000
6,432
71
48
Nali City, Florida
web.tampabay.rr.com
If you don’t have a virus, that’s great. It was just suspicious for several reasons: You talk about it looking like somebody was doing something while you (or your wife) was just sitting there, and the virus is supposed to open ports and sent out stuff on its own. You mention not being able to open stuff up and the virus is supposed to do some sort of denial of services. Then you just start having a problem now, and the virus is supposed to activate about now. Put all that together and it sounded like a good possibility.
 

digital-warrior

Awake...
Nov 3, 2001
732
0
16
53
tx
Visit site
That's scary.....

So far everything is back to normal with the new firewall. Though I don't like it too much.

Something else I did'nt realize was, when me and my brother play online together, I use No-Ip duc, but when we are not playing I cut it off. I realized that it was still up from a week ago, hidden in the taskbar. Probably an easy way for a hacker to keep coming back to my IP.
 

Skorch

Banned
Feb 5, 2000
1,812
0
0
QUALTHWAR said:
You want to try the Shields Up and the Leak Test to check things.


did it, got this:

Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.


And this:

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

;)