Somebody Controlling My Computer!! Help!

Started by biohazard1987, October 01, 2005, 05:40:17 PM

Previous topic - Next topic
October 01, 2005, 05:40:17 PM Last Edit: October 01, 2005, 05:42:53 PM by biohazard1987
Hi im sorry if this is in the wrong place but im new.

The problem is, since last Friday I've had somebody periodically movin my mouse and clickin stuff on my machine. Other than bein a severe annoyance, its not lookin like he's doin anything malicious at this time. I've been scannin with Norton daily and keepin stuff a little cleaner since it started, but its still kinda spooky. I've watched it for awhile, just kinda pokin around. And him mousin around isn't nearly as bad as coming to the realization that if he can click on stuff, he's lookin at my screen...I don't like that.

I'm naturally interested in puttin a stop to it. Almost more than that, though, I wanna know what he's doing. I wanna know everything he knows about how he got in, and what he can/can't do. And I want to know who it is. Down to his VIN number, if possible, but I'll settle for his MAC address. Then I'll end it.

Heres a little info about what im using.

I've got a cable modem goin into a wireless router. the 2 PCs that are using wireless receivers seem unaffected by this guy, but my PC is plugged into the back of the router. The router's using encryption, and I have the firewall activated. I used some links that a friend sent me to check port access and that didn't show any vulnerabilities. I'm currently going thru the log files to see if anything other than the (so far) limited access is going on.

I'd like to trace this jekov before I actually shut him down, so I'm tryin to find some good network monitoring tools. If you've had any good results with any, please forward a link and I'll check 'em out.

I wanna be able to 'see' this guy and know when he's connected to me. Networking is not my forte, so I'm having to learn a lot in a big hurry lol. But its good for me I guess.

Thanx for any and all help you can provide!  ???

Well, id like to do my best in pointing you to the right direction of stopping this and if possible help you track whos doing it, although if you arent that experienced in networks, security, etc its going to be difficult to know what to do in order to find who it is.

Im guessing you downloaded a trojan somewhere. Could have been bundled into a file of some sort and theres no telling how long its been on your PC. This is something that normally a hardware firewall that most home users have (Linksys, Netgear) doesnt catch all the time as your PC is usually the one to make the outbound connection to the controller somehow or it masquerades as other legitimate network traffic (HTTP, FTP, etc) so the firewall gets fooled.

A port scan from a website isnt nessisarily going to reveal anything, mainly because you are behind a firewall and the scan is actually scanning the firewall itself, not your PC unless you have port forwarding going on.

Surprising that Norton hasnt picked the trojan up in a scan at all as they are usually pretty good about catching them these days, then again, it depends on the version of Norton you're using. Trojan scanning didnt get good with them till about Norton 2004/2005 and Symantec Corp 8 and up.

I would highly suggest using a port logging tool. MS was kind enough to provide a good free one for Windows users since this is a common problem due to their poor security and you can grab it here:
Download:
http://www.microsoft.com/downloads/details.aspx?FamilyID=69ba779b-bae9-4243-b9d6-63e62b4bcd2e&displaylang=en#overview

Instructions:
http://support.microsoft.com/default.aspx?scid=kb;en-us;837243#XSLTH4163121123120121120120

This will help you identify the culprit, sorta. If they are bouncing through another machine (most experienced and semi-smart trojan users will) you wont get much but if they are a novice (usually the type of people who do this stuff) then they will be dumb and do it from their own machine. For you, id suggest when you find the IP reviewing the logs and seeing the suscpicious activity, report it to the ISP. Its a violation of the TOS for just about every ISP in existence which will generally result in them being dropped from service. Unless of course its coming from overseas, then your chnces are 50/50 and for you not being experienced enough to enact your own vengence, your best bet at that point is to just disable it by finding the trojan and removing it.

You can use Hijackthis to see whats in the startup on your PC and it will give you a starting point.
http://www.tomcoyote.org/hjt/

Hope all this helps. Another bit of advice to prevent this from happening again, be careful what you download and from where. Or, the better solution, use a Mac or install BSD or Linux  ;D
"A well known hacker is a good hacker, an unknown hacker is a great hacker..."

I don't care what your parents told you, you aren't special.
  • https://github.com/tazinator

Thanx dude! I d/l'd and set it to auto, should have some loggage soon. Interpreting them might be a bit of a challenge

It happened again a few minutes ago. But it's weird...either he's runnin a program that only he can see or the mouse is gettin some kinda interference.
The motion seems completely unrelated to what I have on the screen.  I remembered that about 2 weeks ago I moved the receiver for the keyboard and mouse (wireless) because the keyboard was missin letters all the time. Hmmm...just moved it back to where it was. (I'm gonna be pissed if that
turns out to be it! LOL)

Anyway, I'll keep ya posted about this. Thanks again for your help.

Could be the reciever if its wireless. If your using wireless MS products and have more then one mouse near one another they will sometimes interfere and one will take over. MS doesnt give the option to secure the frequency like Logitech does.
"A well known hacker is a good hacker, an unknown hacker is a great hacker..."

I don't care what your parents told you, you aren't special.
  • https://github.com/tazinator

Update...

Thanx for all your help dude, I really appreciate it. Heres the latest.

This all started about 2 days after I relocated my wireless mouse/keyboard receiver from the desk to the floor. I did that because I was having problems with the keyboard missing letters once in a while, and figured it needed to be in a different line-of-fire with the receiver. Yesterday morning I remebered I did that, and realized I had the receiver on the floor right next to all my surge protectors for my PC, so I put it back on the desk. I am not quite prepared to say definitively that interference with the receiver was causing the problem, because the mouse was clickin on stuff...but it may be reasonable to hypothesize that the interference may have contributed to it (frequency shifts and such). So it may be possible that I wasn't being hacked at all. As dissapointed as I am with that assertion, I can say that since putting the receiver back on the desk I've had no problems.

During the last week, I have done several things to help protect my PC, although I had pretty standard stuff to begin with (AV, firewall, router encryption, etc). So I can't say if it was definitely the receiver or something else I did that fixed the problem, or that its even fixed (maybe the dude's on vacation). But as of this writing, things are back to 'normal' and there have been no incidents since putting the receiver back.

I'll continue to monitor the ports and log files. Thanx again dude.

We all have those types of incidents  ;D

Its not a total loss because at least you know more about how to protect yourself should you ever really get hacked by someone.
"A well known hacker is a good hacker, an unknown hacker is a great hacker..."

I don't care what your parents told you, you aren't special.
  • https://github.com/tazinator

SMF spam blocked by CleanTalk