Overclock.net › Forums › Software, Programming and Coding › Networking & Security › [resolved] Computer hijacked.
New Posts  All Forums:Forum Nav:

[resolved] Computer hijacked. - Page 6

post #51 of 75
Change everything. Re install windows wipe the drive clean.
Main
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7 3930k Rampage IV Extreme GTX 480x4 Patriot Viper 
Hard DriveOptical DriveCoolingOS
M4 64GB +4TB Asus Blue Ray NH-d14 Windows 7 
MonitorKeyboardPowerCase
Acer 27inch LED G15 Coolermaster 1200w Gold Trooper 
MouseMouse PadAudio
G9x Dell XPS Sigma Sound Blaster 
  hide details  
Reply
Main
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7 3930k Rampage IV Extreme GTX 480x4 Patriot Viper 
Hard DriveOptical DriveCoolingOS
M4 64GB +4TB Asus Blue Ray NH-d14 Windows 7 
MonitorKeyboardPowerCase
Acer 27inch LED G15 Coolermaster 1200w Gold Trooper 
MouseMouse PadAudio
G9x Dell XPS Sigma Sound Blaster 
  hide details  
Reply
post #52 of 75
Unplug the router. Sit down for a few minutes, and take a breather. As long as you don't have a physical connection, you'll be fine. Connect your drive to another OS, NOT a part of the network, and save any files you don't want wiped. Do a fresh install of Windows on your main rig. What makes me nervous is using that router I really hope you get this sorted out. And when you create your new passwords, make them as long and complicated as possibly, and archive them on pen and paper. Even if you can't remember, till everything is back to normal, make it difficult for whoever decided to wake up this morning and go "I'm bored, lets ruin someone's life."
Edited by jellis142 - 5/19/11 at 2:10am
Little Black Box
(18 items)
 
Vostro
(7 items)
 
Galaxy S4
(7 items)
 
CPUMotherboardGraphicsRAM
i5 6600k AsRock Fatal1ty Z170 ITX EVGA GTX 980 SC G. Skill Trident Z 16GB(2x8GB) 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 64GB Samsung 840 Evo 120GB Seagate ST 2TB Seagate ST 500GB 
CoolingOSMonitorMonitor
Corsair H60 Win 10 Pro Planar PX2710MW AOC U2868PQU 
KeyboardPowerCaseMouse
Rosewill RGB80 Corsair HX850 Corsair Obsidian 250D Logitech M705 
Mouse Pad
XTrac Ripper XL 
CPUMotherboardGraphicsRAM
Core 2 Duo T5670 Dell OEM Intel GMA 950 3Gb DDR2-667 
Hard DriveOSMonitor
WD Scorpio Blue 250Gb Linux Ubuntu 12.10 x64 15.4" Tru-Bright 1280x800 
CPUMotherboardGraphicsRAM
Snapdragon 600 MSM8960 Adreno 320 2GB LPDDR 
Hard DriveOSMonitor
16GB+16GB Jelly Bean 4.2.2 JDQ 1080p 
  hide details  
Reply
Little Black Box
(18 items)
 
Vostro
(7 items)
 
Galaxy S4
(7 items)
 
CPUMotherboardGraphicsRAM
i5 6600k AsRock Fatal1ty Z170 ITX EVGA GTX 980 SC G. Skill Trident Z 16GB(2x8GB) 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 64GB Samsung 840 Evo 120GB Seagate ST 2TB Seagate ST 500GB 
CoolingOSMonitorMonitor
Corsair H60 Win 10 Pro Planar PX2710MW AOC U2868PQU 
KeyboardPowerCaseMouse
Rosewill RGB80 Corsair HX850 Corsair Obsidian 250D Logitech M705 
Mouse Pad
XTrac Ripper XL 
CPUMotherboardGraphicsRAM
Core 2 Duo T5670 Dell OEM Intel GMA 950 3Gb DDR2-667 
Hard DriveOSMonitor
WD Scorpio Blue 250Gb Linux Ubuntu 12.10 x64 15.4" Tru-Bright 1280x800 
CPUMotherboardGraphicsRAM
Snapdragon 600 MSM8960 Adreno 320 2GB LPDDR 
Hard DriveOSMonitor
16GB+16GB Jelly Bean 4.2.2 JDQ 1080p 
  hide details  
Reply
post #53 of 75
I want to see where all this goes to.

I'm going to take a network security class so I want to see what all the OP does to fix this problem so I get a bit of experience
SC2 Phantom
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 2500k @ 4.5Ghz  Asus P8P67 Pro Saphire 7950 3GB 8GB G.SKILL Ripjaws X Series 
Hard DriveOptical DriveOSMonitor
Temp slow hdd None Win7 Pro 64bit Asus 24 VE248H  
KeyboardPowerCaseMouse
Alien XFX 850 Silver 80 Plus NZXT Phantom Black Razer Darthbender 
Mouse Pad
Thermaltake LED 
  hide details  
Reply
SC2 Phantom
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 2500k @ 4.5Ghz  Asus P8P67 Pro Saphire 7950 3GB 8GB G.SKILL Ripjaws X Series 
Hard DriveOptical DriveOSMonitor
Temp slow hdd None Win7 Pro 64bit Asus 24 VE248H  
KeyboardPowerCaseMouse
Alien XFX 850 Silver 80 Plus NZXT Phantom Black Razer Darthbender 
Mouse Pad
Thermaltake LED 
  hide details  
Reply
post #54 of 75
Thread Starter 
Quote:
Originally Posted by Sodalink View Post
I want to see where all this goes to.

I'm going to take a network security class so I want to see what all the OP does to fix this problem so I get a bit of experience
most likely a reformat
post #55 of 75
Please stay on topic - only post if you have useful advice/help for Srsdude.
TudjBox.
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 2500k Asus P8Z68V Gen3 PRO Sapphire Radeon HD7970 Corsair Vengeance 1866 
Hard DriveHard DriveOptical DriveCooling
OCZ Vertex II Samsung F3 1TB Sony DVD-RW Thermalright Silver Arrow 
OSMonitorKeyboardPower
Windows 7 x64 iiyama ProLite 24" 16:9 Filco Ninja Majestouch-2 Corsair HX620 
CaseMouseMouse PadAudio
Antec P182 G5 SteelSeries Cambridge Audio DAC Magic 
  hide details  
Reply
TudjBox.
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 2500k Asus P8Z68V Gen3 PRO Sapphire Radeon HD7970 Corsair Vengeance 1866 
Hard DriveHard DriveOptical DriveCooling
OCZ Vertex II Samsung F3 1TB Sony DVD-RW Thermalright Silver Arrow 
OSMonitorKeyboardPower
Windows 7 x64 iiyama ProLite 24" 16:9 Filco Ninja Majestouch-2 Corsair HX620 
CaseMouseMouse PadAudio
Antec P182 G5 SteelSeries Cambridge Audio DAC Magic 
  hide details  
Reply
post #56 of 75
You have been, what people call, "RAT'ed". RAT stands for Remote Administration Tool, and it more or less is a program where people spread files to other users, who then execute them, leaving them in a situation where someone else is able to "stalk", more or less, your PC 24/7, and view any and all valuable information on your HDD.

Whenever someone is in this predicament, I always suggest just reformatting, after an attempt to recover any important files or data of course. Most executable files for RATs bind themselves to explorer.exe or any other important process, and hide themselves in that process. And since explorer.exe (or what process the .exe is binded to) is kind of an important process, ending it wouldn't be helpful at all.

These executables also usually have a feature called "melting", which means that once the .exe is executed for the first time, it disappears, or "melts", from your HDD. It still exists, but sometimes it's pretty hard to track down and remove, since it also includes itself in many, many locations in your registry.

I hope this not only helped you understand what exactly your situation is, but also how to fix it.
Literally da bes
(16 items)
 
  
CPUMotherboardGraphicsRAM
|Intel| i5-2500K @ 4.5GHz - 1.345v |ASRock| P67 Extreme4 Gen3 |MSI| GTX 970 Gaming 4GB |GSkill| Sniper Low Voltage 8GB DDR3 @ 1600 
Hard DriveHard DriveOptical DriveCooling
|Samsung| Spinpoint F3 1TB |Kingston| HyperX 3K 128GB BD-ROM |Cooler Master| Hyper 212+ 
OSMonitorPowerCase
|Microsoft| Win7 Professional 64-bit |ASUS| VH236H |Corsair| TX650 v2 |Corsair| Carbide 400R 
MouseMouse PadAudio
|Cooler Master| Storm Spawn |RAZER| Goliathus Speed |Creative| Insprire T10 
  hide details  
Reply
Literally da bes
(16 items)
 
  
CPUMotherboardGraphicsRAM
|Intel| i5-2500K @ 4.5GHz - 1.345v |ASRock| P67 Extreme4 Gen3 |MSI| GTX 970 Gaming 4GB |GSkill| Sniper Low Voltage 8GB DDR3 @ 1600 
Hard DriveHard DriveOptical DriveCooling
|Samsung| Spinpoint F3 1TB |Kingston| HyperX 3K 128GB BD-ROM |Cooler Master| Hyper 212+ 
OSMonitorPowerCase
|Microsoft| Win7 Professional 64-bit |ASUS| VH236H |Corsair| TX650 v2 |Corsair| Carbide 400R 
MouseMouse PadAudio
|Cooler Master| Storm Spawn |RAZER| Goliathus Speed |Creative| Insprire T10 
  hide details  
Reply
post #57 of 75
Thread Starter 
I figured it out.
You guys wouldn't believe what it was. What I thought was remote control, was actually a NORMAL LEGITIMATE APPLICATION unintentionally glitched. It took control of my computer and continued to execute commands recorded earlier, randomly.

BUT, that does NOT explain the LAN access attemps from a wide range of IP's, and the way those IPs tried to connect to the open ports on the system.
Edited by srsdude - 5/19/11 at 10:45am
post #58 of 75
Quote:
Originally Posted by srsdude View Post
I figured it out.
You guys wouldn't believe what it was. What I thought was remote control, was actually a NORMAL LEGITIMATE APPLICATION unintentionally glitched. It took control of my computer and continued to execute commands recorded earlier, randomly.

BUT, that does NOT explain the LAN access attemps from a wide range of IP's, and the way those IPs tried to connect to the open ports on the system.
WOW, nice wild goose chase!
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
post #59 of 75
Thread Starter 
Quote:
Originally Posted by scottsee View Post
WOW, nice wild goose chase!
I was actually hoping it would turn out this way.
post #60 of 75
What was the program?
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › [resolved] Computer hijacked.