Help With Computer Hacker


lilered
 Share

Recommended Posts

He told her he left an "angel" behind to keep her company. That's practically an open admission of guilt (installing a trojan). EVERY trojan has a key logger which is how he got her e-mail password in the first place. And since he has the trojan on her computer if she changes her password, he'll still be able to get it and cause more trouble.

That's possible but still doubtful. In my previous post I stated that I believed he was trying to scare her. People come to me all the time with scenarios similar to this. As I stated before, 95% of the time, it turns out they haven't done any "hacking" at all, they simply saw them type in their password.

He most likely told her he had installed a program on her computer to scare her into thinking he was better than he actually is.

Also, not every trojan contains a keylogger. There are many different reasons for trojans, a lot of them have no need for keylogging as that wasn't their purpose.

Link to comment
Share on other sites

  • Replies 66
  • Created
  • Last Reply

Top Posters In This Topic

That's possible but still doubtful. In my previous post I stated that I believed he was trying to scare her. People come to me all the time with scenarios similar to this. As I stated before, 95% of the time, it turns out they haven't done any "hacking" at all, they simply saw them type in their password.

He most likely told her he had installed a program on her computer to scare her into thinking he was better than he actually is.

You're right - that is a common scenario. However, if we assume that he did not install a trojan when he in fact did, and all she does is change her passwords - the problem is not solved. If we assume he did install a trojan even if he didn't - we still change her passwords and her computer is only more secure.

And if he's a wannabe who's pretending to be cooler than he is, that's all the more reason to mess with him :smokindevil:

Also, not every trojan contains a keylogger. There are many different reasons for trojans, a lot of them have no need for keylogging as that wasn't their purpose.

Hyperbole. Exaggeration for effect.
Link to comment
Share on other sites

You're right - that is a common scenario. However, if we assume that he did not install a trojan when he in fact did, and all she does is change her passwords - the problem is not solved. If we assume he did install a trojan even if he didn't - we still change her passwords and her computer is only more secure.

I agree with that, the reason I disagreed with your original post is because you made it sound to the OP as though it was definately a trojan - I just wanted to clarify that this isn't necessarily the case :)

More details from the OP would certainly be helpful. We didn't really have much to go with and I don't think any of our questions were answered.

And if he's a wannabe who's pretending to be cooler than he is, that's all the more reason to mess with him :smokindevil:

Good point :)

Link to comment
Share on other sites

Couldn't she change her passwords using the onscreen keyboard? Totally bypasses any keylogger. It doesn't totally solve the problem if it's a nasty trojan but if it's just the guy using a password then she should be good :D

Link to comment
Share on other sites

Couldn't she change her passwords using the onscreen keyboard? Totally bypasses any keylogger. It doesn't totally solve the problem if it's a nasty trojan but if it's just the guy using a password then she should be good :D

If the guy only knows her password than keyloggers and trojans are irrelevant. She can change her password any way she wishes. Incidently, the on screen keyboard is absolutely no guarentee of bypassing keyloggers. It entirely depends how it works but for most it will make no difference.

Link to comment
Share on other sites

Guest SmarterBlue

I would basically do what everyone else has suggested here. I have been hacked before because I play a lot of online games, and it was horrifying having my brother call me in the middle of the night asking if I was online.

I basically did the same thing everyone else suggested except I used a program called dban and nuked my hard drive. I just went to a friends house to down load, copied iso to disk, and proceeded reformat my hard drive. I also picked up the latest copy of Kaspersky (something I needed anyway).

During this time I called my isp to have my passwords reset while waiting. She could also just go to a friends house (hopefully someone who doesn't have a trojan on their computer) and reset the passwords and security codes there.

I would also suggest backing up all data she wants to keep before reformatting.

Reformatting isn't something you have to do, but I wanted to make certain my computer was cleaned out. Starting over with a fresh format also made my old machine run like new.

Final thoughts, this kid needs to get a life. I almost wish someone would teach him a lesson.

Link to comment
Share on other sites

Latest on the Hacker case:

I have since had several exchanges with my daughter concerning various (20) suggestions by those who have posted thus far. I have posted below her comments which should help shed a little more light on the hacker issues. Would appreciate your suggestions once you have had a chance to view the suggested fixes and her comments.

1. Contact Police/FBI or at least file a police report –

2. Contact a Lawyer

3. Change Passwords

4. Contact her host & email provider

5. Do a system restore that is earlier than the suspect hackers invasion date.

6. Reformat her hard drive after backing up her files the reinstall her operating system and programs.

7. Default her router settings, check/reset router

8. Change all passwords using different computer (including her secret questions).

9. Get both a hardware, software firewall and software and virus protector for her.

a. Two Suggested using Kaspersky Internet Security

b. Suggest using dban

10. Tell your daughter not use email or computer till everything is settled.

11. Switch Internet Providers

12. Do not back up current files (Opposite advise from Item 6).

13. Don’t bother contacting police, they won’t do anything anyway (Opposite advise from Item 1)

14. Take it to a computer store and have their experts clean it and reinstall everything.

15. Call his parents and tell them what he is up to.

16. Restart computer, upon completion use netstat.

a. Print Screen - Results

b. Make Copy

c. Sent .jpg file of above to forum member for analysis

17. Get Trojan removed

18. Teach hacker a less

a. Volunteer to format his “C” drive

19. Change passwords using on screen keyboard.

20. Hacker needs to get a life.

Her comments:

Dad,

So sorry that I have you worried, and are burdening you with my computer problems. I just simply don’t know what else to do. Help!

don’t' think its childs play or newb. Sure wished it were. I do have a screen shot where he put on a screen pop up window with just his initial. Other things I have also printed. I had geek squad out a while back and they found where my administrative password was changed. Other weird stuff too.

Was online once in my gmail and a pop up window came up so fast, I didn't have time to print it. It said "we’re back".

I confronted Brandon who I call wackjob/Casanova, who I think is/has been doing this to me for, almost year or so. He told me "good luck trying to prove it". He is devious, cunning and I can't seem to stop him from hacking my computer. He is doing just as your forum friends has advised. Almost all things he described are happening. I have zone alarm, the best there is when I investigated. But maybe not? I know it has stopped some, but not all. I change my passwords all the time.

I was going to gather as much as I could and when I could financially afford it, go after him. But need proof. I have some....just not enough. He changes his IP addresses, and other things that are beyond my computer knowledge. Did learn how to reformat/dump. Had to...alot of my protection was being disabled. Then I got zone alarm. This has, as I said stopped some.

I need all the help I can get. Why he is still doing this? I don't know. I just know I was told that he went to my website and got my home phone number (dog website). I took a picture of the call I got from my caller ID. It traces back to his new girlfriends house, when she called to harasses me.

I am sure, I have a trojan installed. But my protection is not picking it up. I tried Microsoft, McAfee, Bitdefender, Norton,...none of them have stopped it or picked it up. The only luck I have had that has "slowed" or stopped some is Zone Alarm, which I have. I can't afford any more right now, and some make you have a subscription to have the virus or whatever found removed. May pick it up, but won't remove it.

He said to me once...I put a "guardian angel" there to watch over you always. Wigged me out. Now I believe he did something. What that is I don't know. He's messing with me. When I dump/reformat, it wipes out everything. And probably some of the proof needed.

He needs to be stopped because if he is doing it to me, who else is he doing it to. One thing for sure I agree with, he needs to be taught a lesson.

Sometimes my computer acts like its possessed. My mouse moving and the other things your friends says are common, that are happening does drive me a little bonkers…makes me dizzy too..:)

I have been getting some of my email, It just goes in spurts. When he does mess with the email, it sometimes happens around payday and of course that screws with my dog sales because people send me emails concerning the dogs and I never see them. I find out later, that they emailed me but by then I have already sold the dog they wanted to someone else or I end up keeping the dog longer than I should. He is also messing with my sites like Facebook and myspace; My space especially. I have rebuilt it more times than I can count. I am on there and get approved, get friend request for about a day, then nothing. That is the kind of stuff he is also doing. How, don't know. Facebook is better and isn't messed with as much, why I don't know. Harder to hack I guess. And also he knows I know these people. With myspace, not as much. Sometimes its petty stuff that is very very annoying. Nothing messed with like bank accounts, serious stuff. He's too smart for that. he would be in BIG trouble. Plus really watch what I do. Absolutely, do not have any of my credit cards or things like that on my comp.

I did what one of your forum members suggested and did the netstat thing. Attached is a copy in jpg format as you indicated? I didn’t see anything that looked odd. But I did as I was advised. Assume you will pass it on to the LDS forum member, who asked for it for his evaluation?

I followed step by step, even went back after did once and disabled everything, programs, it was the same with and without. I'm telling you, its weird…no one can find anything. I've tried…except Geeksquad and things popping up on me, moving mouse and all the other stuff telling you about.

But none of the programs for protection have picked up anything, and if did, think seen something weird one time and was a trojan. It was just after I got the new Zone Alarm. It said it was removed. But don't think it was, or when I restart, it somehow gets back. I dunno.

Link to comment
Share on other sites

Okay, it now sounds much more likely he does have a trojan installed on her machine.

Okay, so these are my suggestions:

1. I can't work out if she said she did reformat and reinstall windows or if she didn't. If she did, the trojan came back? There could be a number of reasons for this; he could have infected a USB pen stick/CD etc. Windows tends to autoload these devices and they can contain an autorun.inf file (often hidden) which will automatically run an excutable as soon as the device loads - when it does this, you are back to stage one.

2. That screenshot containing the results of the netstat command - can I see that too? Two or more heads are better than one.

3. Get your daughter to sign up for an account on here. It's easier if we can converse with her directly than through you as a proxy which just takes longer. We'll need to talk through this with her.

4. Get her to download HiJack This (click on that link for download location), tell her to run it (but don't let the program remove anything without our say so first). When it runs, it will produce a log. Get her to copy and paste that log into this public forum here. We can then direct further.

Edited by Mahone
Link to comment
Share on other sites

On her software firewall, ZoneAlarm is decent, but recent recommendations from Windows Secrets states that Comodo is better. It comes as a joint firewall and antivirus. I've used it for a few months now (used to use ZoneAlarm), and like it better.

If he's getting in still with her using ZA, perhaps a different firewall will work better. And in this instance, she may want to consider a hardware firewall, as a software firewall just can't do as good a job.

Here's a good Wikipedia article on Cyberstalking, with good links to organizations that can help you (like CyberAngels). Cyberstalking - Wikipedia, the free encyclopedia

Link to comment
Share on other sites

Okay, it now sounds much more likely he does have a trojan installed on her machine.

Okay, so these are my suggestions:

1. I can't work out if she said she did reformat and reinstall windows or if she didn't. If she did, the trojan came back? There could be a number of reasons for this; he could have infected a USB pen stick/CD etc. Windows tends to autoload these devices and they can contain an autorun.inf file (often hidden) which will automatically run an excutable as soon as the device loads - when it does this, you are back to stage one.

Some viruses can also rewrite BIOS information - but if he had done that your computer would probably not boot at all. There are boot sector viruses that don't get caught with a standard format as well. But Mahone's suggestions are far more plausible for your typical teenager.

2. That screenshot containing the results of the netstat command - can I see that too? Two or more heads are better than one.

DITTO!!!!!

I'm not a big fan of ZoneAlarm. I used to use it a decade ago but have since moved on to Symantec Endpoint Protection (previously Symantec Client Security), which I believe provides better defense. I also run PeerGuardian on my w2k3 server/router and I'm still looking for a decent unified threat management program that provides subnet and workstation level bandwidth monitoring.

Anywho - what I'd really like to see is the full results of a netstat /b command:

start > Run > CMD

type "netstat /b /v" minus the quotes

When it's finished, click on the "c:\" icon in the blue title bar of the command window and select edit > select all

Press enter.

Open Notepad (start > programs > accessories > notepad) and press ctrl + v (or go to edit > paste)

Save the file and send it to us.

If the command window isn't wide enough to show everything clearly, click on the icon in the title bar and select "properties". Click the "Layout" tab. Change the "width" for

both "Screen buffer size" and "window size" to something like 100 or 200. Click OK. Try to get this while or immediately after she gets one of her wonky popups or poltergeist attacks. It might be useful to have the command window set up and ready so that when it happens she can just hit enter to get the screen.

Hijack this is also good - but I've never spent the time to figure it out.

Link to comment
Share on other sites

If he's getting in still with her using ZA, perhaps a different firewall will work better. And in this instance, she may want to consider a hardware firewall, as a software firewall just can't do as good a job.

The only real advantage of a hardware firewall is NAT. But NAT was never intended as a security feature - it is simply IP translation allowing you to have multiple private IP addresses using one public IP address (the primary idea behind it was to contend with the limited amount of public IP addresses available, and even with NAT we are running out hence the introduction of IPv6). So basically NAT is what I like to call "security through obscurity" - it wasn't designed to be a security feature. If done properly, you shouldn't need NAT to provide security.

Hijack this is also good - but I've never spent the time to figure it out.

It sums up a lot of things for us and saves a lot of time. It only takes a few minutes to figure out where all the items on the log came from :)

Edited by Mahone
Link to comment
Share on other sites

The only real advantage of a hardware firewall is NAT. But NAT was never intended as a security feature - it is simply IP translation allowing you to have multiple private IP addresses using one public IP address (the primary idea behind it was to contend with the limited amount of public IP addresses available, and even with NAT we are running out hence the introduction of IPv6). So basically NAT is what I like to call "security through obscurity" - it wasn't designed to be a security feature. If done properly, you shouldn't need NAT to provide security.

A good hardware firewall can provide additinal security from known hacker attacks and block IP ranges pretty effectivel - it basically adds a layer of obfuscation specifically designed to prevent intrustion (as opposed to a NAT router that does nothing but what you said). However, a decent hardware firewall is a bit overkill and a bit expensive for the average home user.

It sums up a lot of things for us and saves a lot of time. It only takes a few minutes to figure out where all the items on the log came from :)

Right. But I'd rather spend those few minutes hitting on some pretty girl :D

Link to comment
Share on other sites

A good hardware firewall can provide additinal security from known hacker attacks and block IP ranges pretty effectivel - it basically adds a layer of obfuscation specifically designed to prevent intrustion (as opposed to a NAT router that does nothing but what you said). However, a decent hardware firewall is a bit overkill and a bit expensive for the average home user.

Right. But I'd rather spend those few minutes hitting on some pretty girl :D

haha, now I know your motive ;)

Regarding hardware firewalls - software firewalls can also do everything you specified. After all, a hardware firewall is also a software firewall really - just in the form of firmware. So the primary advantage is that it is seperated from her workstation. I solved this issue at home by taking an old workstation and installing a corporate firewall operating system on it (check out Welcome to Express 3.0! - SmoothWall.org). It's free, has the same advantage of a hardware firewall and runs on old hardware ;) it effectively acts as your router like a hardware firewall would.

My previous post referred to basic NAT home routers (which also usually have very basic firewall functionality built in) as you quite rightly stated real hardware firewalls are generally too expensive for home users.

Edited by Mahone
Link to comment
Share on other sites

haha, now I know your motive ;)

Hence why I never made any money running my own business for 7 years :D

Never got any dates out of it either :(

Regarding hardware firewalls - software firewalls can also do everything you specified. After all, a hardware firewall is also a software firewall really - just in the form of firmware. So the primary advantage is that it is seperated from her workstation. I solved this issue at home by taking an old workstation and installing a corporate firewall operating system on it (check out Welcome to Express 3.0! - SmoothWall.org). It's free, has the same advantage of a hardware firewall and runs on old hardware ;) it effectively acts as your router like a hardware firewall would.

My previous post referred to basic NAT home routers (which also usually have very basic firewall functionality built in) as you quite rightly stated real hardware firewalls are generally too expensive for home users.

That's one reason I have a w2k3 router. It also eliminates the problems NAT can cause for instant messengers and file sharing clients. And it frees up resources on my desktop for games :)

Link to comment
Share on other sites

That's one reason I have a w2k3 router. It also eliminates the problems NAT can cause for instant messengers and file sharing clients. And it frees up resources on my desktop for games :)

You are using windows 2003 as a router? That doesn't take NAT out of the equation though?

I personally would use linux as a firewall. Windows server 2003 costs money (if used legally of course ;)) and linux is generally more secure than windows. But smoothwall offers some great functionality out of the box and even more with the addons - I do suggest a look into it. I use it mainly for VPN. That is unless of course you require windows 2003 for something which linux cannot provide?

Edited by Mahone
Link to comment
Share on other sites

You are using windows 2003 as a router? That doesn't take NAT out of the equation though?

I personally would use linux as a firewall. Windows server 2003 costs money (if used legally of course ;)) and linux is generally more secure than windows. But smoothwall offers some great functionality out of the box and even more with the addons - I do suggest a look into it. I use it mainly for VPN. That is unless of course you require windows 2003 for something which linux cannot provide?

Well the advantage of Windows is that it lets me run my instant messengers going through a bunch of connection hassle. MSN Messenger is notoriously difficult to get to cooperate through NAT connections (unless your router supports UPNP).

I toyed with Linux in high school - felt so special when I compiled my own kernel. But the one thing where Windows has always had an advantage is in the user interface. I tried installing Debian once a few years ago but after spending 6 hours fighting with the installation (kept getting CRC errors >.< ) I gave up and reinstalled 2003 and within 45 minutes of starting I was up and running and configured.

You are 25 and you ran your own business for 7 years? So you were at the oldest 18 when you set it up? Wow. Only computer geeks ;)

Actually I started when I was 16 but I don't really count that since I really had no clue what I was doing. I graduated high school with a CCNA so by 18 I did have a clue. But like I said - I never made money with it. Too much work advertising and too little return. And always the temptation to work for free when the client bats her eyes all cute like.

Link to comment
Share on other sites

Well the advantage of Windows is that it lets me run my instant messengers going through a bunch of connection hassle. MSN Messenger is notoriously difficult to get to cooperate through NAT connections (unless your router supports UPNP).

Still not sure why it's better - in order for you to use windows 2003 as a router/firewall, it still has to NAT your connection.

I've not used UPNP that much, so not that familiar with its ability - I prefer to set things up myself so I know exactly what configuration changes have been made ;)

I toyed with Linux in high school - felt so special when I compiled my own kernel. But the one thing where Windows has always had an advantage is in the user interface. I tried installing Debian once a few years ago but after spending 6 hours fighting with the installation (kept getting CRC errors >.< ) I gave up and reinstalled 2003 and within 45 minutes of starting I was up and running and configured.

I had smoothwall up and running in 20 minutes - but one mans linux is another mans OS/2 (:lol:). I wanted to install windows 2003 on my home network to set up a test domain, but I found other uses for my spare server.

Actually I started when I was 16 but I don't really count that since I really had no clue what I was doing. I graduated high school with a CCNA so by 18 I did have a clue. But like I said - I never made money with it. Too much work advertising and too little return. And always the temptation to work for free when the client bats her eyes all cute like.

Lol, not to mention teenagers working in IT have a bad reputation (I don't think it's warranted, people just don't want to believe a teenager knows more than they do), especially when they own the company ;).

Hmmmm. I apologise about the derailed thread. I promise we'll get right back on track as soon as we get an update!

Edited by Mahone
Link to comment
Share on other sites

Still not sure why it's better - in order for you to use windows 2003 as a router/firewall, it still has to NAT your connection.

I've not used UPNP that much, so not that familiar with its ability - I prefer to set things up myself so I know exactly what configuration changes have been made ;)

Right, my desktop is behind the NAT, but the server is directly connected and the messengers run on the server. I originally set it up to run an ftp server cause I got tired of fighting with forwarded ports and passive connections. 2003 doesn't even support UPNP (too much of a security risk).

Lol, not to mention teenagers working in IT have a bad reputation (I don't think it's warranted, people just don't want to believe a teenager knows more than they do), especially when they own the company ;).

Hmmmm. I apologise about the derailed thread. I promise we'll get right back on track as soon as we get an update!

That and 16 year olds usually don't have much business sense - ie fees, billing, invoices etc. And a lot of teenagers think they know more than they really do. I laugh when some kid says they know HTML because they copied and pasted some premade code into their myspace layout. But then there are teenagers that really do know what they're doing - and they suffer from the prejudices imposed by those who don't.

Anywho - while we wait for an update, I'm going to go do more homework on methane powered cars.

Link to comment
Share on other sites

Meanwhile back at the ranch.:D

Here is where we are at. She has been working and may not get time until this weekend to respond any further.

However, she did send me a copy of her netstat attempt. It shows no data whatsoever. I am not sure what OP system she is using, but what the jpg indicated was the following

C:\Documents and Settings\Username>netstat

Active Connections

Proto Local Address Foreign Address State

(No data)

I am no computer jockey but it seems to me that she must not have been at the proper starting place at C:\ ?

Now when I attempted to do it on my computer which has Vista, I went to Accessories, then to command prompt, the typed in netstat. So mine starting point was, C:\Users\lilered>netstat. It gave me a lot of lines of data under the various headings. So my question is.

Perhaps the best way to start this process is can someone explain how to get to the proper starting place prior to running the cmd netstat? I can then send her an email and give her those instructions as well as tell her to open up an account on the forum. That way, she will have the information you all need to make some recommendations of how to solve her problems. Just a thought. Thx.

Edited by lilered
Link to comment
Share on other sites

Where you run netstat from makes no difference. If it shows no data then she's probably not connected to a network (ie the internet) at all. Or ZoneAlarm is blocking it. Make sure that ZA is turned off, this will ensure that netstat will work and that the trojan will be connecting to his computer.

Netstat (ie Network Status) shows all of the current connections that your computer has to other computers. The /b and /v parameters tell it to show more information about which programs are making those connections. Command line programs, by their nature, can be a bit confusing. You're probably best starting out with the Hijack This log Mahone suggested, since running that program and saving the log should be pretty straightforward.

And the more I think about it, the more I think prosecuting him for computer crimes isn't a bad idea. You can ask the District Attorney to give him a deferred adjudication (plea bargain with no conviction record) and the weekend of jail time should scare him enough to get his act together. I got into a fight with my little sister when I was about 15 or 16 and my parents had me locked up for assault for a weekend - and I haven't gotten angry since (not counting road rage :D ). So yeah, maybe it'll be good for him.

Link to comment
Share on other sites

Again, thanks to all thus far for your compassion, and interest in helping out. As you can tell, she is at her wits end with trying to deal with this situation and still be a single mom, hold down a job, etc..

Hopefully she will find the time in the next few days to get the information.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share