For the IT experts out there........advice please!

overkill

Distinguished Member
A little tale...........

Got up this morning, booted up the PC, went into 2K. Few probs so I ran Norton Systemworks (from the disk!) and...................it ordered up a partition check of the XP sector of the HDD!

So, 2k re-boots, the check begins, and horror of horrors, someones hacked me! Thousands of files have had their security identifiers changed, and perhaps even more worrying, a load of Pron sites tags have been identified by 2k during the checking process and deleted. None were the 'nasty' ones, from what I could see as that screen scrolls pretty fast, but it concerns me that someone should take the time to hack in, and download them in the first place?

So, should I be even more worried than I am already? Is this liable to be a 'personal' attack or a random thing?

It's my own fault as I was updating some software on XP which requires the Firewall being turned off and forgot to re-set it for twenty minutes afterwards, but that's still a short window of opportunity? No?

Any advice much appreciated.

Yours, a concerned Overkill.................
 

Digger

Well-known Member
what were the "few probs" you had?! What was the software you were updating?

Can someone confirm if Win2K has an equivalent to XP's System Restore? I dont think it does, but if so it might be worth saving time and hastle to restore back to the most recent System Restore point.
 

Rob_Meister

Active Member
2K doesnt have the system restore feature. However, as you are using norton products there is a slight chance you may have a programme installed called "Norton Go Back" which is same type of thing as system restore. So using this would be advisable (if you can).
 
A little tale...........

Got up this morning, booted up the PC, went into 2K. Few probs so I ran Norton Systemworks (from the disk!) and...................it ordered up a partition check of the XP sector of the HDD!

So, 2k re-boots, the check begins, and horror of horrors, someones hacked me! Thousands of files have had their security identifiers changed, and perhaps even more worrying, a load of Pron sites tags have been identified by 2k during the checking process and deleted. None were the 'nasty' ones, from what I could see as that screen scrolls pretty fast, but it concerns me that someone should take the time to hack in, and download them in the first place?

So, should I be even more worried than I am already? Is this liable to be a 'personal' attack or a random thing?

It's my own fault as I was updating some software on XP which requires the Firewall being turned off and forgot to re-set it for twenty minutes afterwards, but that's still a short window of opportunity? No?

Any advice much appreciated.

Yours, a concerned Overkill.................


It is unlikely that an actual person hacked into your computer - it is more likely an automated attack of the following type:

- A trojan virus
- An automated script running on a remote machine trying random IP's and port scanning and if finding a security hole then running a hacking script.


.... most likely a trojan type effect from a security flaw in you web browser and having visited a dodgy* site that has code hidden on the page to exploit your system.
*dodgy doesn't ness mean a porn site etc - it can even be sneaked into legitamet sites that allow uploading of content.

Make sure you have got the lastest security updates for your browser and operating system. Drop me a pm if want me to check your services and process lists for anything potentially iffy.
 

2scoops

Active Member
I use a program called hitman pro

It uses several anti spyware, anti virus and anti trojan programs to completely rid your PC of any nasties.

The point of this is no single program will ever rid you of all viruses etc, i've been suprised at what other tools have found after certain programs announced my system to be "clean".

It's all automated as well just download it, update it and then leave it running.

just google hitman pro
 

Singh400

Distinguished Member
A little tale...........

Got up this morning, booted up the PC, went into 2K. Few probs so I ran Norton Systemworks (from the disk!) and...................it ordered up a partition check of the XP sector of the HDD!

So, 2k re-boots, the check begins, and horror of horrors, someones hacked me! Thousands of files have had their security identifiers changed, and perhaps even more worrying, a load of Pron sites tags have been identified by 2k during the checking process and deleted. None were the 'nasty' ones, from what I could see as that screen scrolls pretty fast, but it concerns me that someone should take the time to hack in, and download them in the first place?

So, should I be even more worried than I am already? Is this liable to be a 'personal' attack or a random thing?

It's my own fault as I was updating some software on XP which requires the Firewall being turned off and forgot to re-set it for twenty minutes afterwards, but that's still a short window of opportunity? No?

Any advice much appreciated.

Yours, a concerned Overkill.................
Like Ethics Gradient said. This was a automated attack. A trojan got into and started to have fun with your system. Personally I'd format and install windows again ASAP. Once you get infected by trojans they are near impossible to hunt down a kill. The little buggers get in deep.

I'd also start by making a list of what you did in the last 24hrs. What sites did you visit? Did you download anything? Did you turn down any security settings (ie firewall, antivirus, what-have-you)

Ah I see you turned off your firewall to update some software? What software was this (if you don't mind me asking) Because usually you can create an advanced rule in the firewall settings. The allows the software to update and function normally while having the firewall running.
 

overkill

Distinguished Member
Thanks all. The software was some music editing stuff, nothing fancy. I hope EG and Singh are right in one sense, that it was an automated attack, while on the other a Trojan is not good news.

Neither the AV scanner nor spyware checkers have found one though......
 
Thanks all. The software was some music editing stuff, nothing fancy. I hope EG and Singh are right in one sense, that it was an automated attack, while on the other a Trojan is not good news.

Neither the AV scanner nor spyware checkers have found one though......

This is pure conjecture as to your particular situation:

It could have been something you acidentally downloaded or clicked on months ago that has been sat dormant due to the firewall.

Ie a small code modification or script tried to open a service or port to communicate out to the internet but your firewall blocked it.

When you turned off your firewall it was able to connect out and start pulling down other programs / links / commands from a remote system.
 

overkill

Distinguished Member
This is pure conjecture as to your particular situation:

It could have been something you acidentally downloaded or clicked on months ago that has been sat dormant due to the firewall.

Ie a small code modification or script tried to open a service or port to communicate out to the internet but your firewall blocked it.

When you turned off your firewall it was able to connect out and start pulling down other programs / links / commands from a remote system.
Possible I suppose. However, the firewall (usually) alerts you to anything that tries to get out, and flags up a warning message asking if you want to allow it.

It does seem the likeliest scenario though.
 

The latest video from AVForums

Star Wars Andor, Woman King, more Star Trek 4K, Rings of Power & the latest TV, movies & 4K releases
Subscribe to our YouTube channel
Support AVForums with Patreon

Top Bottom