Hacked, Trojan, violated... but which is it?

[msnews]

I have 4 xp machines, one i use as a server with 4 external usb hardrives
attached. I was sitting in front of the server when my mouse began to move
on its own, hover over the date in the task bar, opening up my Gom music
player, hovering over the pause button on my nero back up program, skipping
all over the place, I heard myself saying, don't you dare. The children
were watching and getting scared. I disconnected the mouse but it
continued. I disabled the network adapter on the server, it continued. I
launched notepad, and basically had a conversation with it. It was typing, I
disconnected the keyboard, it carried on typing, I freaked out! What was
it?

 

[Tigger]

msnews writted thus:

I have 4 xp machines, one i use as a server with 4 external usb
hardrives attached. I was sitting in front of the server when my mouse
began to move on its own, hover over the date in the task bar, opening
up my Gom music player, hovering over the pause button on my nero back
up program, skipping all over the place, I heard myself saying, don't
you dare. The children were watching and getting scared. I
disconnected the mouse but it continued. I disabled the network adapter
on the server, it continued. I launched notepad, and basically had a
conversation with it. It was typing, I disconnected the keyboard, it
carried on typing, I freaked out! What was it?

It could be "backdoor.nepoe"
A backdoor trojan that allows malicious users to gain remote access to
the affected computer. It spreads across the Internet.
Panda AV can remove it I seem to recall.

 

[Michael]

I have 4 xp machines, one i use as a server with 4 external usb hardrives
attached. I was sitting in front of the server when my mouse began to move
on its own, hover over the date in the task bar, opening up my Gom music
player, hovering over the pause button on my nero back up program,
skipping all over the place, I heard myself saying, don't you dare. The
children were watching and getting scared. I disconnected the mouse but
it continued. I disabled the network adapter on the server, it continued.
I launched notepad, and basically had a conversation with it. It was
typing, I disconnected the keyboard, it carried on typing, I freaked out!
What was it?

Are you running any AV? Try running the free versions of these:
http://www.malwarebytes.org/ &
http://superantispyware.com/

If you're running a valid copy of Windows you may want to change your AV to
MSE, especially if you're running Norton or Crapafee!
http://www.microsoft.com/security_essentials/

 

[msnews]

Hi all Thanks for feedback. I have run avast av, which did discover a
malware in the rootkit sytem of the server, but it was not called
backdoor.nepoe. Can a malicious program operate keyboard and mouse with no
internet and no keyboard or mouse connected? The interaction was too
familiar feeling for it to be a trojan bot even if it did scan my ex hds for
info, and was able to answer questions. Some questions we were saying, were
answered before I even typed them, creating the suspicion that we had a mic
was on in the house or that we were being bugged! It seemed more like a hack
really but how is this possible with know enabled network connection or
attached devices?

 

[Peter Taylor]

Hi all Thanks for feedback. I have run avast av, which did discover a
malware in the rootkit sytem of the server, but it was not called
backdoor.nepoe. Can a malicious program operate keyboard and mouse with no
internet and no keyboard or mouse connected? The interaction was too
familiar feeling for it to be a trojan bot even if it did scan my ex hds for
info, and was able to answer questions. Some questions we were saying, were
answered before I even typed them, creating the suspicion that we had a mic
was on in the house or that we were being bugged! It seemed more like a hack
really but how is this possible with know enabled network connection or
attached devices?

Is the server still connected to the other computers?

 

[msnews]

Yes, it was Peter?

mine and my daughters were still connected.
..
So even though I had disconnected keyboard and mouse, disabled network
adapter, pulled out network adapter from back of pc, it still carried on.
Pulled plug on my daughters pc, it still carried on. Pulled plug on my pc,
it still carried on.. In the end, I just pulled plug on router itself, so
no power. Then and only then, did it stop. I saved the notepad doc of convo
in its entirety at 11.49pm on the desktop. Went back 3 hours later to find
half the convo content missing with no moderation to date accessed, modified
or created properties. Whats that all about..? Creepy! Granted pc was left
on with net enabled overnight for virus scan, but with external hds
disconnected, interface devices disconnected how can the doc be modified.

So my question is... it possible to suspend the timestamp on a pc, make
changes to docs and revert time stamp and it reflect in document properties?

any answers would be appreciated, coz right now, the kids think we have a
ghost in the house!

 

[Tigger]

msnews writted thus:

Hi all Thanks for feedback. I have run avast av, which did discover a
malware in the rootkit sytem of the server, but it was not called
backdoor.nepoe. Can a malicious program operate keyboard and mouse with
no internet and no keyboard or mouse connected? The interaction was too
familiar feeling for it to be a trojan bot even if it did scan my ex hds
for info, and was able to answer questions. Some questions we were
saying, were answered before I even typed them, creating the suspicion
that we had a mic was on in the house or that we were being bugged! It
seemed more like a hack really but how is this possible with know
enabled network connection or attached devices?

ROFL Got any clever kids in the house??
You might have been the butt of a practical joke...

 

[Peter]

Yes, it was Peter?

mine and my daughters were still connected.
.
So even though I had disconnected keyboard and mouse, disabled network
adapter, pulled out network adapter from back of pc, it still carried on.
Pulled plug on my daughters pc, it still carried on. Pulled plug on my pc,
it still carried on.. In the end, I just pulled plug on router itself, so
no power. Then and only then, did it stop. I saved the notepad doc of convo
in its entirety at 11.49pm on the desktop. Went back 3 hours later to find
half the convo content missing with no moderation to date accessed, modified
or created properties. Whats that all about..? Creepy! Granted pc was left
on with net enabled overnight for virus scan, but with external hds
disconnected, interface devices disconnected how can the doc be modified.

So my question is... it possible to suspend the timestamp on a pc, make
changes to docs and revert time stamp and it reflect in document properties?

any answers would be appreciated, coz right now, the kids think we have a
ghost in the house!

I would scan the other computers for malware. Is the firewall in the
router enabled and is the router password protected?

 

[msnews]

Well, its just me, and my two girls.. a teen and a younger daughter, both
don't care about IT and don't wish to understand as long as they can get on
facebook and dollspalace.com, therefore no IT knowhow whatsoever.

I may be the butt of a practical joke, but its a very good one! Im an
intelligent gal, not an IT pro or anything, but savvy enough to maintain a
network and keep it like fortnocks for the last 10 years, virus and trojan
free, but this is a new one on me! hijack a pc with no internet or
interactive devices.. I wantt to know how they did it!

donna

 

[msnews]

Hi Joe,

thanks for that. You are right, it is a wireless router... and my daughter
hasn't managed to get wireless on her ipod ever since, so thats worth
considering. But the wireless is password protected, and the password is
loooong!

 

[PA Bear [MS MVP]]

...The children were watching and getting scared.

Scared you'd figure out that one of them infected the computer or...?

 

[msnews]

have wireless back now, it seems antivirus has been disabled on my machine
and I can't re-install.it.

Hi Joe,

thanks for that. You are right, it is a wireless router... and my
daughter hasn't managed to get wireless on her ipod ever since, so thats
worth considering. But the wireless is password protected, and the
password is loooong!

 

[msnews]

Fantastic. Thank you to Joe (Elmo) for recommending

Malwarebytes© Corporation
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

SuperAntispyware
http://www.superantispyware.com/superantispywarefreevspro.html

I ran on all my machines and it did identify a number of malware, trojans!
I got excited just viewing the log, and the malwarebytes software removed
them for free.

Thanks to everyone for all the replies!

 

[Justin]

Fantastic. Thank you to Joe (Elmo) for recommending

Malwarebytes© Corporation
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

SuperAntispyware
http://www.superantispyware.com/superantispywarefreevspro.html

I ran on all my machines and it did identify a number of malware, trojans!
I got excited just viewing the log, and the malwarebytes software removed
them for free.

Thanks to everyone for all the replies!

This wouldn't have happened on a Mac!

Other than you, every other account should be a normal user to prevent
junk like that from being installed. When something needs to be
installed you should be the one to do it.
Each kid should have her own account on each machine.
Microsoft security essentials is actually pretty good and its free. Get
rid of your current AV software and install that.

Scan that machine again - every week there's a good chance the malware
will come back. In my years of experience maleware and spyware never
truly go away and the only thing that cures it 100% is a reformat and
reinstall of the OS.