Help. Someone is accessing friends PC.

T

The Rock

Limp Gawd
Joined
Mar 9, 2000
Messages
344
A friend of mine is having a problem with someone accessing her pc. I have tried everything I know (which is not much) to help her. We have reformatted, changed ip addresses, changed a lot of the security settings on the pc, I made sure the router settings were secure (it's not wireless), she was cleaned out by some Norton tech (they have a guaranteed service that is supposed to clean out your pc). Last night I was trying to get a new ip address (this is after Norton did their thing) for her and the hacker followed. I had released the ip on the router and I still saw the mouse move, I put the modem in sleep mode, which I thought would kill the connection, and they were still able to access the pc. Aside from reformatting again and changing providers, what can I do? This is way beyond my abilities.
 
What are they doing to the PC? How do you know they are connecting?
 
Try a new mouse.

Or, check for connections to her computer:
Reboot
Open a command prompt,
netstat -a

Look to see who is connected...

(unless the system is so compromised that the netstat binary has been replaced.... very unlikely IMO)
 
I wouldn't say just because the mouse curser is moving..that it's compromised. I've seen plenty of mouse drivers get wonky. Especially optical mice these days...I've seen a lot of times where one will travel across the screen by itself. Not to mention track pads on laptops...they commonly go awry.
 
unplug the computer from the router/internet and see if it still "looks" like it's being hacked ;)

 
If its just the mouse moving on the screen is your friend using a wireless mouse? Perhaps she has a neighbor with a similar mouse thats on the same channel. Try swapping in a wired mouse.
 
mordenkainen said:
If its just the mouse moving on the screen is your friend using a wireless mouse? Perhaps she has a neighbor with a similar mouse thats on the same channel. Try swapping in a wired mouse.
Click to expand...

That's what I'd say is the problem, faulty mouse. I highly doubt someones hacking her computer.
 
mordenkainen said:
If its just the mouse moving on the screen is your friend using a wireless mouse? Perhaps she has a neighbor with a similar mouse thats on the same channel. Try swapping in a wired mouse.
Click to expand...


I had this happen in my house, we had two MS wireless mice that were interfering and one worked fine but the other computer acted wonky and the mouse cursor was moving around the screen.

Turned out to be the wireless mice :p


Heres a hint, if you unplug the ethernet cable from the PC there is no way it can connect to the internet (unless it is wifi, then disable the wifi as well). If it still does it you know you have a hardware problem...people cannot mysterously control a remote pc with out some sort of access.
 
JTY said:
What are they doing to the PC? How do you know they are connecting?
Click to expand...

She is using a wireless mouse, but since they started closing the windows my friend had open and started going through files on her computer, created their own user account, dumped a bunch of files on the pc and when disconnected from the modem, the hacker activity stopped, I think that was a dead give away. ;)

I am unfamiliar with creating an iptables rule.

How did they get through the router? She is using a D-Link non-wireless router.
 
thiers no firewall enabled onto the computer what type of modem is it? is it a normal style modem or a gateway? what operating system are you using onto the machine? make sure all the security holes in the os are patched up? and putting the modem into sleep mode will kill the connection she has a wireless card....?..... the sleep mode still keeps the active connection just doesnt allow data flowing from the computer to the modem
 
D.petersen84 said:
thiers no firewall enabled onto the computer what type of modem is it? is it a normal style modem or a gateway? what operating system are you using onto the machine? make sure all the security holes in the os are patched up? and putting the modem into sleep mode will kill the connection she has a wireless card....?..... the sleep mode still keeps the active connection just doesnt allow data flowing from the computer to the modem
Click to expand...

I had the windows firewall going, zonealarm and norton internet security. She has windowsXP and it was fully up to date. As far as I know, it's a normal style modem. She has a D-Link 604 router.

Looks like she is going to swith ISPs and get a new tower with Vista. She was due for a computer upgrade anyway.
 
before you do all that work, Id unplug from the internet, boot back up in safe mode, look through your msconfig to see if theres any entries in the startup tab that shouldnt be there, and uncheck them if need be. next use only 1 firewall, using two will just screw stuff up. after that id go through with spybot, and then your anti-virus. lastly you might want to look through your registry, go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion and select the run entry, its kind of the same as the msconfig but just a little nicer to work with. look for anything out of the ordinary, and if you have another computer, look up the exe or entry on the web, its should give you a good idea of what the specific key does.


good luck
 
You must log in or register to reply here.
Back
Top