Vista Hacked

S

S.Quickness

Internet Explore and Windows Host Process Server on my computer are
attempting to connect multiple times a day (20 or more) to numerous
google.com ip addresses across a wide viriety of ports in the 45000's.
I have been unable to close the processes. The Internet Explorer
process has been running as a seperate program that I am unable to see
and uses 45,000k of ram. It is also not possible for me to shut the
program down. I have nine svchost.exe (windows host process services)
running which are also attempting to communicate with google.com.
These events are of great concern to me as I work for a financial firm
and keep large amounts of proprietary knowledge on my computer. Can
anyone help me determine if in fact I was hacked? If I was hacked, I
am not looking to have this issue repaired, I want evidence to take to
the police so that I do not need to deal with these hassles again.
 
C

Carey Frisch [MVP]

Install Windows OneCare
http://onecare.live.com/standard/en-us/default.htm

--
Carey Frisch
Microsoft MVP
Windows Desktop Experience -
Windows Vista Enthusiast

---------------------------------------------------------------

Internet Explore and Windows Host Process Server on my computer are
attempting to connect multiple times a day (20 or more) to numerous
google.com ip addresses across a wide viriety of ports in the 45000's.
I have been unable to close the processes. The Internet Explorer
process has been running as a seperate program that I am unable to see
and uses 45,000k of ram. It is also not possible for me to shut the
program down. I have nine svchost.exe (windows host process services)
running which are also attempting to communicate with google.com.
These events are of great concern to me as I work for a financial firm
and keep large amounts of proprietary knowledge on my computer. Can
anyone help me determine if in fact I was hacked? If I was hacked, I
am not looking to have this issue repaired, I want evidence to take to
the police so that I do not need to deal with these hassles again.
 
C

Carey Frisch [MVP]

You may want to take this one step further and monitor the type of traffic
that is being discarded by your firewall. This can be done by enabling security
logging using the steps outlined below:

1. Click Start, All Programs, and Administrative Tools.
2. Select Windows Firewall with Advanced Security.
3. Click Windows Firewall Properties.
4. Click one of the profile tabs, such as Public Profile.
5. Click the Customize button within the Logging area.
6. Enable firewall logging from the dialog box that appears.
7. Click OK.

Once you enable security logging, information is written to a log file
that is stored in the Windows directory.

--
Carey Frisch
Microsoft MVP
Windows Desktop Experience -
Windows Vista Enthusiast

---------------------------------------------------------------


Internet Explore and Windows Host Process Server on my computer are
attempting to connect multiple times a day (20 or more) to numerous
google.com ip addresses across a wide viriety of ports in the 45000's.
I have been unable to close the processes. The Internet Explorer
process has been running as a seperate program that I am unable to see
and uses 45,000k of ram. It is also not possible for me to shut the
program down. I have nine svchost.exe (windows host process services)
running which are also attempting to communicate with google.com.
These events are of great concern to me as I work for a financial firm
and keep large amounts of proprietary knowledge on my computer. Can
anyone help me determine if in fact I was hacked? If I was hacked, I
am not looking to have this issue repaired, I want evidence to take to
the police so that I do not need to deal with these hassles again.
 
P

PD43

You may want to take this one step further and monitor the type of traffic
that is being discarded by your firewall. This can be done by enabling security
logging using the steps outlined below:

1. Click Start, All Programs, and Administrative Tools.
2. Select Windows Firewall with Advanced Security.
3. Click Windows Firewall Properties.
4. Click one of the profile tabs, such as Public Profile.
5. Click the Customize button within the Logging area.
6. Enable firewall logging from the dialog box that appears.
7. Click OK.

Once you enable security logging, information is written to a log file
that is stored in the Windows directory.
Click to expand...

Is this your FINAL answer (after Malke rejected your first one)?
 
C

Carey Frisch [MVP]

Yes.

--
Carey Frisch
Microsoft MVP
Windows Desktop Experience -
Windows Vista Enthusiast

---------------------------------------------------------------

You may want to take this one step further and monitor the type of traffic
that is being discarded by your firewall. This can be done by enabling security
logging using the steps outlined below:

1. Click Start, All Programs, and Administrative Tools.
2. Select Windows Firewall with Advanced Security.
3. Click Windows Firewall Properties.
4. Click one of the profile tabs, such as Public Profile.
5. Click the Customize button within the Logging area.
6. Enable firewall logging from the dialog box that appears.
7. Click OK.

Once you enable security logging, information is written to a log file
that is stored in the Windows directory.
Click to expand...

Is this your FINAL answer (after Malke rejected your first one)?
 
C

Carey Frisch [MVP]

Open Task Manager and click on the Performance tab, then click on Resource Monitor.
Click Networking to open.
Jot down any suspicious IP Address and perform a
trace using http://whatismyipaddress.com/staticpages/index.php/ip-address-tools

--
Carey Frisch
Microsoft MVP
Windows Desktop Experience -
Windows Vista Enthusiast

---------------------------------------------------------------

Internet Explore and Windows Host Process Server on my computer are
attempting to connect multiple times a day (20 or more) to numerous
google.com ip addresses across a wide viriety of ports in the 45000's.
I have been unable to close the processes. The Internet Explorer
process has been running as a seperate program that I am unable to see
and uses 45,000k of ram. It is also not possible for me to shut the
program down. I have nine svchost.exe (windows host process services)
running which are also attempting to communicate with google.com.
These events are of great concern to me as I work for a financial firm
and keep large amounts of proprietary knowledge on my computer. Can
anyone help me determine if in fact I was hacked? If I was hacked, I
am not looking to have this issue repaired, I want evidence to take to
the police so that I do not need to deal with these hassles again.
 
M

mikeyhsd

do you have google tool bar a\or any other google tools installed.

could be why it seems to be going to google.

try running IE with NO add ons.




(e-mail address removed)



Internet Explore and Windows Host Process Server on my computer are
attempting to connect multiple times a day (20 or more) to numerous
google.com ip addresses across a wide viriety of ports in the 45000's.
I have been unable to close the processes. The Internet Explorer
process has been running as a seperate program that I am unable to see
and uses 45,000k of ram. It is also not possible for me to shut the
program down. I have nine svchost.exe (windows host process services)
running which are also attempting to communicate with google.com.
These events are of great concern to me as I work for a financial firm
and keep large amounts of proprietary knowledge on my computer. Can
anyone help me determine if in fact I was hacked? If I was hacked, I
am not looking to have this issue repaired, I want evidence to take to
the police so that I do not need to deal with these hassles again.
 
M

Malke

Carey said:
Yes.
Click to expand...

Well, it's OK to admit when you're wrong and in this case you are most
certainly wrong.

The OP said he wanted forensics. That means contacting a real company that
is licensed to do computer forensics. You may not know this, but computer
forensics is a very specialized, regulated field. In addition to US Federal
licensing, most States have their own licensing requirements.

The OP said he had proprietary financial records on his compromised
computer. In most countries there are laws as to how that needs to be
handled.

To the OP: you need to contact local law enforcement and/or the FBI if you
are in the US or the equivalent agency if you are in a different country.
An issue of such seriousness where other people's financial information is
at stake is not solved in a public peer-to-peer newsgroup.

And installing a lower-tier antivirus solution (Windows One Care) or
enabling logging (and how is that going to help after the fact anyway?)
certainly isn't the answer.

Malke
 
C

Carey Frisch [MVP]

PsTools v2.44
http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx

How can I tell if I've been hacked?
http://securityadmin.info/faq.asp?hacked

--
Carey Frisch
Microsoft MVP
Windows Desktop Experience -
Windows Vista Enthusiast

---------------------------------------------------------------

Internet Explore and Windows Host Process Server on my computer are
attempting to connect multiple times a day (20 or more) to numerous
google.com ip addresses across a wide viriety of ports in the 45000's.
I have been unable to close the processes. The Internet Explorer
process has been running as a seperate program that I am unable to see
and uses 45,000k of ram. It is also not possible for me to shut the
program down. I have nine svchost.exe (windows host process services)
running which are also attempting to communicate with google.com.
These events are of great concern to me as I work for a financial firm
and keep large amounts of proprietary knowledge on my computer. Can
anyone help me determine if in fact I was hacked? If I was hacked, I
am not looking to have this issue repaired, I want evidence to take to
the police so that I do not need to deal with these hassles again.
 
P

PD43

frisch is a loser; always has been!
Click to expand...

Never will know how the dork got to be an MVP.

His advice when XP was first introduced was actually laughable at
times, especially when he stepped outside of the comfort zone of
Windows.

He depended on copying and pasting then, and he's still doing it.
 
C

Charlie Tame

Internet Explore and Windows Host Process Server on my computer are
attempting to connect multiple times a day (20 or more) to numerous
google.com ip addresses across a wide viriety of ports in the 45000's.
I have been unable to close the processes. The Internet Explorer
process has been running as a seperate program that I am unable to see
and uses 45,000k of ram. It is also not possible for me to shut the
program down. I have nine svchost.exe (windows host process services)
running which are also attempting to communicate with google.com.
These events are of great concern to me as I work for a financial firm
and keep large amounts of proprietary knowledge on my computer. Can
anyone help me determine if in fact I was hacked? If I was hacked, I
am not looking to have this issue repaired, I want evidence to take to
the police so that I do not need to deal with these hassles again.
Click to expand...


In the other thread you say the computer was recently "Hacked" and you
had it reformatted. This implies you did not reinstall Vista yourself so
who did? Did they investigate at all or just do as you asked and
reinstall? In other words what confirmation do you have that the
original install was actually hacked?

On my machine there are currently 12 instances of scvhost running and on
explorer.exe that cannot be shut down because it is the desktop.
Internet Explorer is IExplore.exe not explorer.exe.

Often when legitimate processes try to communicate and are blocked they
will repeatedly try again and sometimes use a different port. The fact
that your new "Firewall" is blocking things might in fact be making
things look worse than they are. Software firewalls are sometimes useful
but that depends on what you do with them, they can also be considered
"Snake Oil".

Probably the best solution for a firewall is to use a router, even if
you only have a single machine.

You can use this utility
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

or go start>run?type in cmd and hit enter.
In the window type netstat -af [enter]

Either should show active connections, many of which will be your
machine talking (or at least listening) to itself.

The utility offered at the technet site is somewhat the better one.

If you have Google toolbar or update manager installed then random
connections to google will happen, otherwise I am not sure what the
connection would be between google and some alleged hacker. Can you list
what security / antivirus / antispyware / search software you have
installed if any? I may not be able to get back here before tomorrow but
that information may help someone get a better idea of what is going on.

Getting proof of this type of thing can be difficult, it is one thing to
prove that an IP address did something, quite another to establish who
was using the machine at that time, so "If" something is happening it is
best to stop the offender getting in rather than have it continue while
investigation takes place.
 
M

mikeyhsd

probably the same way our fake queeny malke got to be one.




(e-mail address removed)



frisch is a loser; always has been!
Click to expand...

Never will know how the dork got to be an MVP.

His advice when XP was first introduced was actually laughable at
times, especially when he stepped outside of the comfort zone of
Windows.

He depended on copying and pasting then, and he's still doing it.
 
M

mikeyhsd

M

Mick Murphy

I still don't belive he is. Try and find info about him.
Non-existent!
When he became an MVP, he had only 137 correct answers here, in these
Newsgroups.
Poof! He became an MVP!
 
M

mikeyhsd

maybe you need to take a break from boozing and read the rules.




(e-mail address removed)



Yeah, well at least she knows better than to post to newsgroups in html
which is one up on you!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

A possible hack 1
Laptop hacked into by security officials during pre-flight check 3
More svchost.exe trouble. UAC specific. 1
help!!! someone hacked on-line acct. and said i sent death threats! 2
Windows XP I think I've been hacked... 0
UAC=U Are Compromised/Vista Hacked at Black Hat 21
Vista Basic Running Really Slow 4
Internet issues on a network 1

Top