New connection, have I been hacked

[Sirtokalott]

I use Live Messenger and a file sent to me was blocked. I have a wireless
adapter and connect to my neighbours router (yes she gave me the access code)
and I ussualy have a wireless connection logo in the system tray. When I
started up the pc the other night I had an extra icon showing a cable
connection to another computer. I also now have a modem installed in device
manager. I think it is my neighbours computer which I am connecting to but
aint to sure as neither of us is experts. The pc is also running much slower
now. I'd love to know of anyway of identifying a deliberate attack from
someone. Here's what the modem log says.

04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\tapisrv.dll, Version
5.1.2600
04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\unimdm.tsp, Version
5.1.2600
04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\unimdmat.dll, Version
5.1.2600
04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\uniplat.dll, Version
5.1.2600
04-06-2008 21:59:19.421 - File: C:\WINDOWS\system32\drivers\modem.sys,
Version 5.1.2600
04-06-2008 21:59:19.421 - File: C:\WINDOWS\system32\modemui.dll, Version
5.1.2600
04-06-2008 21:59:19.421 - File: C:\WINDOWS\system32\mdminst.dll, Version
5.1.2600
04-06-2008 21:59:19.421 - Modem type: Communications cable between two
computers
04-06-2008 21:59:19.421 - Modem inf path: mdmhayes.inf
04-06-2008 21:59:19.421 - Modem inf section: M2700
04-06-2008 21:59:19.421 - Matching hardware ID: pnpc031
04-06-2008 21:59:19.453 - 19200,8,N,1, ctsfl=1, rtsctl=2
04-06-2008 21:59:19.453 - Initializing modem.
04-06-2008 21:59:19.453 - Waiting for a call.
04-06-2008 21:59:19.484 - 19200,8,N,1, ctsfl=1, rtsctl=2
04-06-2008 21:59:19.484 - Initializing modem.
04-06-2008 21:59:19.484 - Dialing.
04-06-2008 21:59:19.500 - Send: CLIENT
04-06-2008 21:59:21.500 - Timed out waiting for response from modem
04-06-2008 21:59:21.500 - Failed to send command because of WriteFile()
Failure, Error=000003e3.
04-06-2008 21:59:21.515 - Send: CLIENT
04-06-2008 21:59:23.515 - Timed out waiting for response from modem
04-06-2008 21:59:23.515 - Failed to send command because of WriteFile()
Failure, Error=000003e3.
04-06-2008 21:59:23.531 - Send: CLIENT
04-06-2008 21:59:25.531 - Timed out waiting for response from modem
04-06-2008 21:59:25.531 - Failed to send command because of WriteFile()
Failure, Error=000003e3.
04-06-2008 21:59:25.546 - Send: CLIENT
04-06-2008 21:59:27.546 - Timed out waiting for response from modem
04-06-2008 21:59:27.546 - Failed to send command because of WriteFile()
Failure, Error=000003e3.
04-06-2008 21:59:27.546 - Hanging up the modem.
04-06-2008 21:59:27.546 - Hardware hangup by lowering DTR.
04-06-2008 21:59:29.546 - A timeout has expired waiting to comm event to
occour.
04-06-2008 21:59:29.546 - 19200,8,N,1, ctsfl=1, rtsctl=2
04-06-2008 21:59:29.546 - Initializing modem.
04-06-2008 21:59:29.546 - Waiting for a call.
04-06-2008 21:59:29.546 - Session Statistics:
04-06-2008 21:59:29.546 - Reads : 0 bytes
04-06-2008 21:59:29.546 - Writes: 0 bytes

I certainly didn't set this up, please help

 

[Joan Archer]

Why do you feel the need to ask the same question three times within half an
hour.

You would be better helped by waiting until someone who has the knowledge to
help sees your post and can answer, don't forget that we are all volunteers
here from all parts of the globe so whoever can help with your problem may
not even be out of bed yet or they may be enjoying the weekend.

Just wait at least 24 hours before posting the same message again.

 

[Sooner Al [MVP]]

First and foremost if you think you have been hacked disconnect from the
internet and your network immediately. This FAQ from the BBR Security forum
has steps you can take to help fix the issue.

http://www.dslreports.com/faq/8428

Of course the fix of last resort is to do a clean install of your OS.
Drastic but effective.

Beyond all of that I suggest you install and run a good anti-virus program
(AVG is free for personal use), Windows Defender (free anti-spyware software
from MSFT) and certainly run a software firewall. The Windows Firewall is
built-in to XP and is one option.

http://free.grisoft.com/

http://www.microsoft.com/athome/security/spyware/software/default.mspx

http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx

I suggest configuring the Windows Firewall for "Don't allow exceptions". See
the latter part of this page.

http://theillustratednetwork.mvps.org/LAN/SoHoWirelessSecurity.html

--

Al Jarvi (MS-MVP Windows – Desktop User Experience)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375

 

[Sooner Al [MVP]]

I forgot to add that you really should normally login as a "limited user"
versus a user with administrator permissions. Only use an account with
administrator permissions for system maintenance tasks, etc. I do that on my
Vista Ultimate laptop and my wife does that on her XP Pro desktop. In fact
she does even know the administrator account user password for her PC.

Most maintenance, configuration, etc tasks can be run using "Run as..." on
an XP box. With Vista its even easier because of the UAC popup.

--

Al Jarvi (MS-MVP Windows – Desktop User Experience)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375

 

[Lem]

I use Live Messenger and a file sent to me was blocked. I have a wireless
adapter and connect to my neighbours router (yes she gave me the access code)
and I ussualy have a wireless connection logo in the system tray. When I
started up the pc the other night I had an extra icon showing a cable
connection to another computer. I also now have a modem installed in device
manager. I think it is my neighbours computer which I am connecting to but
aint to sure as neither of us is experts. The pc is also running much slower
now. I'd love to know of anyway of identifying a deliberate attack from
someone. Here's what the modem log says.

04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\tapisrv.dll, Version
5.1.2600
04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\unimdm.tsp, Version
5.1.2600
04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\unimdmat.dll, Version
5.1.2600
04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\uniplat.dll, Version
5.1.2600
04-06-2008 21:59:19.421 - File: C:\WINDOWS\system32\drivers\modem.sys,
Version 5.1.2600
04-06-2008 21:59:19.421 - File: C:\WINDOWS\system32\modemui.dll, Version
5.1.2600
04-06-2008 21:59:19.421 - File: C:\WINDOWS\system32\mdminst.dll, Version
5.1.2600
04-06-2008 21:59:19.421 - Modem type: Communications cable between two
computers
04-06-2008 21:59:19.421 - Modem inf path: mdmhayes.inf
04-06-2008 21:59:19.421 - Modem inf section: M2700
04-06-2008 21:59:19.421 - Matching hardware ID: pnpc031
04-06-2008 21:59:19.453 - 19200,8,N,1, ctsfl=1, rtsctl=2
04-06-2008 21:59:19.453 - Initializing modem.
04-06-2008 21:59:19.453 - Waiting for a call.
04-06-2008 21:59:19.484 - 19200,8,N,1, ctsfl=1, rtsctl=2
04-06-2008 21:59:19.484 - Initializing modem.
04-06-2008 21:59:19.484 - Dialing.
04-06-2008 21:59:19.500 - Send: CLIENT
04-06-2008 21:59:21.500 - Timed out waiting for response from modem
04-06-2008 21:59:21.500 - Failed to send command because of WriteFile()
Failure, Error=000003e3.
04-06-2008 21:59:21.515 - Send: CLIENT
04-06-2008 21:59:23.515 - Timed out waiting for response from modem
04-06-2008 21:59:23.515 - Failed to send command because of WriteFile()
Failure, Error=000003e3.
04-06-2008 21:59:23.531 - Send: CLIENT
04-06-2008 21:59:25.531 - Timed out waiting for response from modem
04-06-2008 21:59:25.531 - Failed to send command because of WriteFile()
Failure, Error=000003e3.
04-06-2008 21:59:25.546 - Send: CLIENT
04-06-2008 21:59:27.546 - Timed out waiting for response from modem
04-06-2008 21:59:27.546 - Failed to send command because of WriteFile()
Failure, Error=000003e3.
04-06-2008 21:59:27.546 - Hanging up the modem.
04-06-2008 21:59:27.546 - Hardware hangup by lowering DTR.
04-06-2008 21:59:29.546 - A timeout has expired waiting to comm event to
occour.
04-06-2008 21:59:29.546 - 19200,8,N,1, ctsfl=1, rtsctl=2
04-06-2008 21:59:29.546 - Initializing modem.
04-06-2008 21:59:29.546 - Waiting for a call.
04-06-2008 21:59:29.546 - Session Statistics:
04-06-2008 21:59:29.546 - Reads : 0 bytes
04-06-2008 21:59:29.546 - Writes: 0 bytes

I certainly didn't set this up, please help

How can you *not* know whether or not you have a wire connected to your
computer?
--
Lem -- MS-MVP

To the moon and back with 2K words of RAM and 36K words of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
http://history.nasa.gov/afj/compessay.htm

 

[Sirtokalott]

Well Lem as I believe I stated I connect wirelessly and the modem claiming to
connect via a cable just appeared and I certainly never put it there. How
can you not READ. As for the others kind enough to respond, I was using
Norton firewall and It is only a limited account I have. I have windows
defender and Norton antivirus as well. I did however run the onecare scan
and it picked up a few dodgy programs like W32.spybot.worm. I've now done a
fullrecovery and I'm using another machine soley for internet but now of
course I have no faith in norton. I've installed AVG and I'm now using
windows firewall. Is this sufficient? Also is there a way I can trace the
source should this happen again as I've a strong suspicion, someone I know
was deliberately sending me viruses and I'd love to prove it.. Thanks in
advance.

 

[Lem]

Well Lem as I believe I stated I connect wirelessly and the modem claiming to
connect via a cable just appeared and I certainly never put it there. How
can you not READ. As for the others kind enough to respond, I was using
Norton firewall and It is only a limited account I have. I have windows
defender and Norton antivirus as well. I did however run the onecare scan
and it picked up a few dodgy programs like W32.spybot.worm. I've now done a
fullrecovery and I'm using another machine soley for internet but now of
course I have no faith in norton. I've installed AVG and I'm now using
windows firewall. Is this sufficient? Also is there a way I can trace the
source should this happen again as I've a strong suspicion, someone I know
was deliberately sending me viruses and I'd love to prove it.. Thanks in
advance.

The point is that what you have described is a "direct cable connection"
between two computers. Putting aside *how* this connection was
configured, it only does anything if there is, in fact, a physical cable
between the two computers (parallel, serial, USB, or IR). Thus, if you
have no extraneous wire connected to your computer, this "hack" (if
that's what it is) is useless to the hacker. This is confirmed by the
modem log you posted: the attempt to connect failed.

Now, how did this connection appear? From what you've said, it seems to
me that the cause is not a failure of any of your antivirus or
anti-spyware applications (for all its faults -- and it has many --
Norton antivirus is actually quite good at detecting viruses). Rather,
by using someone else's wireless router for your Internet access, you
most likely have permitted *anyone* who is able to connect to that
router to have access to your computer. That connection certainly
bypasses your firewall (whether it is Norton or Windows). How extensive
the access is depends on how you've configured the other Windows XP
networking and permissions features.

In general, computers on a local area network "trust" each other. That
is, they are on the network because it is intended that they share
resources. There are of course exceptions. In an office environment,
for example, management usually does not want employee A to be able to
access employee B's computer. But on a home network, full access
between all computers on the LAN is often the default.

For more information about direct cable connections, see
http://support.microsoft.com/kb/305621
http://support.microsoft.com/kb/814981/

--
Lem -- MS-MVP

To the moon and back with 2K words of RAM and 36K words of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
http://history.nasa.gov/afj/compessay.htm