Hacked, or just windows?

Lydesia

Hi everyone.

At the start of the year i built my own PC. With the help from the great minds here it wasnt a difficult task. Anyway, the computer has been running fantastically and showed no loss in preformance yet.
But...
I sometimes leave my computer downloading stuff all night and turn it off when i get up in the morning, i have heard that it can be dangerous leaving your computer on all the time because your easier to find for hackers, i dont know how true this is, but recently i think i may have become a victim of this.

The other morning i checked my PC and some things seem to have changed on it; Sygate personal firewall pro had dissappeared, so had its installation files, and registry entries. My LAN connection to the HUB had been lost and since i cannot connect to it, i allways gets the response 'This connection has limited or no connectivity'. The guest account had been activated (Noone else uses my PC) Windows firewall has been corrupted, and if i try and start it i get the message "Could not open windows firewall due to an unknown problem", The 'My network places has also dissppeared from the start menu.

What i have done so far is everything, tried reinstalling the HUB's drivers, tried to manually configure the IP address, connected the DSL router directly to the LAN port (bypassing the HUB) really, everything i can think of. There is nothing wrong with the HUB or DSL router, because the rest of the people living in my house all can still connect to the net wirelessely (the HUB is wireless too) I tried reinstalling windows but i just get the 'Blue screen of death' error. Im really out of ideas.

Can anyone offer a possible explanation? I would really appreciate help with this problem. Here are my system specs..

AMD athlon 64 3500+
1024 RAM
440 GB RAID 0 array
Windows XP SP2 (recently updated)

3com Network router
Zxyel USB/LAN DSL router (2MB connection)

Cheers,
P.

SolarNexus

sounds too specific for a hacker, to me; sounds more like windows got itself corrupted (can happen when the case over heats). Personally, I wouldnt give it a second thought and would just reinstall.

Lydesia

hmm you could be right!
But i tried a full reinstall, i get past the stage of 'specify additional adaptors' and i just get the blue screen of death. I really dont want to have to format. I have 350 GB's of data, and tons of programs installed and fully configed, it took me ages to do all that. I apprecaite the help man,

P.

Khannie

Hmmmm, that /does/ sound a tad fishy to me.

You had a software firewall running and the routers firewall, and presumeably NAT too, yeah? I heard a nasty rumour that there was some bittorrent virus going around, but I don't really use it myself tbh (presume that's what you were using) and the technical viability of that seems, well, limited.

I did have an issue ages ago with Azureus where I could still ping external IP's, but couldn't resolve them. See if you can ping 193.120.201.51 (it's one of the unreal.ie games servers). start->run->cmd <enter>, ping 193.120.201.51 <enter>

Other things to check are that DHCP is turned on, check if you can ping 127.0.0.1 (yourself....loopback IP), check that your network card isn't banjaxed (edit: after reading your last post again, this seems a likely candidate....if it's integrated, try disabling it in the bios and sticking an actual PCI network card in your machine).

stevenmu

Couple of things worth trying. In device manager try removing your network adaptor (all of them if there's more than one, including firewire, making sure you have the drivers to reinstall of course). Sometimes the windows network stack can just get a bit messed up all of it's on accord, when you reboot and it redetects the network cards it'll reinitialise some stuff and copy some files around the place and that sometimes sorts it out. After that, try re-applying SP2, it might fix up some stuff. If that still fails, try booting from the windows cd and running the repair option (or restore or whatever it's called), prefferably a CD with SP2 included, if not re-apply it when done. After that I'd start looking at ways of backing your data up onto other machines around the house and going with a full format/reinstall, and this time maybe having a small (approx 10Gig) partition for OS and apps with the rest seperate for data.

i have heard that it can be dangerous leaving your computer on all the time because your easier to find for hackers

I wouldn't worry hugely about this. The main problem is script-kiddies who just scan networks looking for old vulnerabilities, you might get scanned an average of say 10 times an hour (probably a lot more, I just made that figure up), so leaving your PC on for 2 hours means you get scanned 20 times, 24 hours means 240 times etc, but basically if you can survive a few hours, you can keep on going because it's just the same stuff scanning over an over, if it doesn't get in the first time, it won't the next either.

Lydesia

Thanks for the advice!

I tried what you said to do, in the device manager i deleted the components. When i deleted the Firewire, my computer flashed and i got the BSD (blue screen of death) So i rebooted and tried again...the network connections were back in the device manager! So i deleted them again, this time not touching the firewire, rebooted and they were still there! So i deleted them again and reinstalled them with out rebooted. But the computer is still remembering the old connection because now its saying "Local area connection 4" etc. And they still get the "Limited or no connectivity" error.

I tried the repair on the windows XP disc, unfortunatly i cant resolve it because windows says something about a Kernal windows dosent support. So im still at the start ;[

P.

Lydesia

Khannie wrote:

I did have an issue ages ago with Azureus where I could still ping external IP's, but couldn't resolve them. See if you can ping 193.120.201.51 (it's one of the unreal.ie games servers). start->run->cmd <enter>, ping 193.120.201.51 <enter>

Other things to check are that DHCP is turned on, check if you can ping 127.0.0.1 (yourself....loopback IP), check that your network card isn't banjaxed (edit: after reading your last post again, this seems a likely candidate....if it's integrated, try disabling it in the bios and sticking an actual PCI network card in your machine).

The result was "Destination host unreachable"

Packets sent=4 recieved=0

---

I can contact the router from another PC and yup, DHCP is on.

I did the loopback IP test, and everything seemed ok! So np there.

Any other ideas guys? :[

stevenmu

Lydesia wrote:

I tried what you said to do, in the device manager i deleted the components. When i deleted the Firewire, my computer flashed and i got the BSD (blue screen of death) So i rebooted and tried again...the network connections were back in the device manager! So i deleted them again, this time not touching the firewire, rebooted and they were still there! So i deleted them again and reinstalled them with out rebooted. But the computer is still remembering the old connection because now its saying "Local area connection 4" etc. And they still get the "Limited or no connectivity" error.

You might have to try it in safe mode.

Lydesia wrote:

I tried the repair on the windows XP disc, unfortunatly i cant resolve it because windows says something about a Kernal windows dosent support. So im still at the start ;[

P.

Not sure about this, I guess maybe the CD doesn't have SP2 and it won't run the repair on a machine with SP2 installed, you could try creating a new CD with SP2 slipstreamed onto it, google "SP2 Slipstream".

WizZard

Also, download and run this and post the results here.
Sounds very suspicious - I've never seen windows corrupt itself like this on it's own.

Lydesia

I tried the safe mode boot, deleted the network adapters and reinstalled them
Booted back in normal mode and the SAME FREAKIN THING HAPPENS. Im on local area network "11" now and still cant get connectivity.

It has got to be something completly diffirent then we are thinking, is there some setting in the netowrk properties or something that needs to be reconfigured? If i try to connect to the HUB using a browser with its IP address i just get 'Connection refused', if i try the DSL routers, i get a prompt for a username and password, which i enter and says its wrong. :[

Any more ideas?

Lydesia

WizZard wrote:

Also, download and run this and post the results here.
Sounds very suspicious - I've never seen windows corrupt itself like this on it's own.

cool, im scanning right now...here is a screenshot so far:

WizZard

can you maximise it, and the path column - I don't like the hidden services!

Lydesia

hehe sure..

themole

tbh, it will porb be easier and more beneficial to do a full reinstall while formating the drive.

if you know someone else who can backup all you other files (non progs etc)
that could save most of your data.

then do the full reinstall from scratch, install all your progs patches etc, then buy a copy of ghost and ghost the lot

windows needs to get a full reinstall from time to time